#8725: resource:// URIs leak information -------------------------------------------------+------------------------- Reporter: holizz | Owner: tbb- Type: defect | team Priority: Very High | Status: Component: Applications/Tor Browser | needs_review Severity: Major | Milestone: Keywords: tbb-fingerprinting, tbb-rebase- | Version: regression, tbb-testcase, tbb-firefox-patch, | Resolution: TorBrowserTeam201607R | Actual Points: Parent ID: | Points: Reviewer: | Sponsor: -------------------------------------------------+------------------------- Changes (by mikeperry):
* cc: boklm (added) Comment: Couple points: 1. I think it *might* have been better to use http-on-modify-request here rather than both the content policy and the response listener, but you might also not have as much information there about the source content url. Maybe this doesn't matter so much, since what we really want is a direct Firefox patch. The extra observers will have a perf cost, though. 2. Given that we want to replace this by a direct patch, we should turn arthur's https://arthuredelstein.github.io/tordemos/resource-locale.html into a Tor Browser test of some kind to verify that future versions behave the same way. Boklm, can you handle that? Also, please add a test for https://trac.torproject.org/projects/tor/ticket/8725#comment:38 about the nested schemes. We should test that too. Otherwise, I think this is OK, and I agree it is an improvement. For now, I will merge this into the torbutton master branch for TBB 6.5-alpha, since it may shake a few more issues loose. -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8725#comment:40> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online _______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs