Thus spake intrigeri ([email protected]): > I'm now taking time to apply to the Tails' web browser the last two > meaningful Torbrowser patches we were not using yet: > > - 0026-Isolate-DOM-storage-to-first-party-URI.patch > - 0024-Isolate-the-Image-Cache-per-url-bar-domain.patch > > I'm now trying to verify that applying these patches actually makes > a difference. How do you do it?
First, note that I just fixed a bug in 0024 that caused an intermittent crash on New Identity and on exit: https://trac.torproject.org/projects/tor/ticket/8628 So you want to get the latest patch from origin/maint-2.4. There are also some other patch updates that I've made since the last TBB release, but I'm still working on them. > about:cache shows the same regardless of whether the image cache patch > is applied or not; this is explained, I guess, by the Torbrowser > design doc that reads "Additionally, because the image cache is > a separate entity from the content cache, we had to patch Firefox to > also isolate this cache per url bar domain." According to my notes in the original bug (https://trac.torproject.org/projects/tor/ticket/5742), the patch should cause additional domain= entries for each url bar to appear in about:cache. Otherwise I think only one entry appears for a given image, regardless of url bar domains used to load it... However, the patch was first written for Firefox 10. Things may have changed wrt about:cache display since then. You can manually verify that the Google logo image actually loads over the network for all three of these pages: https://encrypted.google.com/ https://anonym-surfen.de/ImageTest.html https://anonymous-proxy-servers.net/en/ImageTest.html If the patch is not working/not applied, the Google image will come from the cache for the second two, and the web developer console should say "304 not modified" in the "Net" logs. For DOM storage, you can try hosting this container page on an additional domain, and verify that the iframe can't retrieve any values set from the original container page from trial.pearlcrescent.com: http://trial.pearlcrescent.com/tor/storageContainer.html > Ideally, I'd like to add this to our automated test suite, but at > least a quick'n'dirty manual check would be much better than nothing > before we merge this branch. What do you use for automated testing of Firefox? I see some pages mentioning something called "Cucumber?" Are you able to inspect the browser state from that framework? -- Mike Perry
signature.asc
Description: Digital signature
_______________________________________________ tails-dev mailing list [email protected] https://mailman.boum.org/listinfo/tails-dev
