[tahoe-lafs-trac-stream] [tahoe-lafs] #615: Can JavaScript loaded from Tahoe access all your content which is loaded from Tahoe?
tahoe-lafs
trac at tahoe-lafs.org
Tue Nov 29 19:34:36 UTC 2011
#615: Can JavaScript loaded from Tahoe access all your content which is loaded
from Tahoe?
-------------------------+-------------------------------------------------
Reporter: zooko | Owner: davidsarah
Type: defect | Status: assigned
Priority: | Milestone: soon
critical | Version: 1.3.0
Component: code- | Keywords: newcaps confidentiality integrity
frontend-web | preservation capleak gsoc
Resolution: |
Launchpad Bug: |
-------------------------+-------------------------------------------------
Comment (by warner):
FYI, here's a description of how the browser's {{{window.history}}} JS
interface works: http://www.adequatelygood.com/2010/7/Saner-HTML5-History-
Management , which relates to the "back-jacking" attack.
--
Ticket URL: <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/615#comment:21>
tahoe-lafs <https://tahoe-lafs.org>
secure decentralized storage
More information about the tahoe-lafs-trac-stream
mailing list