[or-cvs] r13714: Err, actually, this is a bad idea. Jars can be non-local, an (torbutton/trunk/src/components)
Mike Perry
mikeperry at seul.org
Mon Feb 25 02:39:27 UTC 2008
Thus spake mikeperry at seul.org (mikeperry at seul.org):
> Author: mikeperry
> Date: 2008-02-24 19:39:44 -0500 (Sun, 24 Feb 2008)
> New Revision: 13714
>
> Modified:
> torbutton/trunk/src/components/cssblocker.js
> Log:
>
> Err, actually, this is a bad idea. Jars can be non-local, and
> the vector for history disclosure actually undergoes a url
err s/history disclosure/chrome disclosure
> rewrite before being re-sent to the content policy.
>
>
>
> Modified: torbutton/trunk/src/components/cssblocker.js
> ===================================================================
> --- torbutton/trunk/src/components/cssblocker.js 2008-02-25 00:30:35 UTC (rev 13713)
> +++ torbutton/trunk/src/components/cssblocker.js 2008-02-25 00:39:44 UTC (rev 13714)
> @@ -93,7 +93,7 @@
> "pippki":true};
>
> var hostFreeSchemes = { "resource":true, "data":true, "cid":true,
> - "javascript":true, "file":true, "jar":true};
> + "javascript":true, "file":true};
>
> var safeOriginSchemes = { "about":true, "chrome":true, "file":true};
>
--
Mike Perry
Mad Computer Scientist
fscked.org evil labs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-commits/attachments/20080224/db1a55dd/attachment.pgp>
More information about the tor-commits
mailing list