[tor-bugs] #16931 [Applications/Tor Browser]: Sanitize the add-on blocklist update URL
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Oct 16 15:01:49 UTC 2019
#16931: Sanitize the add-on blocklist update URL
--------------------------------------+--------------------------
Reporter: cypherpunks | Owner: tbb-team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------+--------------------------
Comment (by acat):
One problem of setting `extensions.blocklist.enabled = false` is that it
also disables gfx (and plugin) blocklist, and I'm not sure about the
consequences of not having the GFX blocklist for some users.
Something we could try is setting `extensions.blocklist.useXML = false`,
which should enable the `RemoteSetting` implementation of those
Blocklists. I don't see this one sending all these fields, just `etag` and
sometimes as the other `RemoteSettings` polls. But I don't know the status
of that implementation, there must be some reason why it's not enabled by
default.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16931#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list