tor-webwml.git

Strukturansicht: 480ad41c9
480ad41c9b6f145a66443330ba48bff9342600f4
Mike Perry Update Torbutton design doc.

Mike Perry authored 13 years ago

 
1) - Review of https://developer.mozilla.org/en/Firefox_4_for_developers
2)   - Potential proxy issues
3)     - DocShell and plugins inside createHTMLDocument?
4)       - https://developer.mozilla.org/en/DOM/DOMImplementation.createHTMLDocument
5)     - WebSockets?
6)     - Media attributes?
7)       - "buffered"
8)       - "preload"
9)       - new codecs?
10)     - What the hell is a blob url?
11)       - https://developer.mozilla.org/en/DOM/window.createBlobURL
12)       - https://developer.mozilla.org/en/DOM/window.revokeBlobURL
13)       - Seems only relevent to FS injection..
14)     - WebThreads are OK:
15)       - https://developer.mozilla.org/En/Using_web_workers
16)       - Network activity blocked by content policy
17)   - Fingerprinting issues:
18)     - New screen attributes
19)       - https://developer.mozilla.org/en/DOM/window.mozInnerScreenX, Y
20)     - Bounding rectangles -> window sizes?
21)       - Maybe not display sizes, but seems possible to fingerprint rendered
22)         content size.. ugh.
23)         - https://developer.mozilla.org/en/DOM/element.getBoundingClientRect
24)         - https://developer.mozilla.org/en/dom:range
25)     - CSS resize, media queries, etc..
26)     - WebGL may also expose screen properties and video card properties:
27)       - https://developer.mozilla.org/en/WebGL
28)       - https://www.khronos.org/registry/webgl/specs/1.0/#5.2
29)       - https://www.khronos.org/registry/webgl/specs/1.0/#5.11
30)     - SVG needs auditing. It may also expose absolute coords, but appears OK
31)       - https://developer.mozilla.org/en/SVG/SVG_animation_with_SMIL
32)     - Mouse events reveal desktop coordinates
33)       - https://bugzilla.mozilla.org/show_bug.cgi?id=503943
34)       - https://developer.mozilla.org/en/DOM/Event/UIEvent/MouseEvent
35)       - Actual screen dimensions not exposed
36)   - Identifier Storage
37)     - Content Secuity Properties may need clearing:
38)       - https://developer.mozilla.org/en/Security/CSP
39)     - STS cache needs clearing
40)     - New window.history functions may allow state smuggling
41)       - https://developer.mozilla.org/en/DOM/Manipulating_the_browser_history
Mike Perry Update FF bugs in design do...

Mike Perry authored 13 years ago

 
42)