[tahoe-lafs-trac-stream] [tahoe-lafs] #615: Can JavaScript loaded from Tahoe access all your content which is loaded from Tahoe?

tahoe-lafs trac at tahoe-lafs.org
Tue Nov 29 19:34:36 UTC 2011


#615: Can JavaScript loaded from Tahoe access all your content which is loaded
from Tahoe?
-------------------------+-------------------------------------------------
     Reporter:  zooko    |      Owner:  davidsarah
         Type:  defect   |     Status:  assigned
     Priority:           |  Milestone:  soon
  critical               |    Version:  1.3.0
    Component:  code-    |   Keywords:  newcaps confidentiality integrity
  frontend-web           |  preservation capleak gsoc
   Resolution:           |
Launchpad Bug:           |
-------------------------+-------------------------------------------------

Comment (by warner):

 FYI, here's a description of how the browser's {{{window.history}}} JS
 interface works: http://www.adequatelygood.com/2010/7/Saner-HTML5-History-
 Management , which relates to the "back-jacking" attack.

-- 
Ticket URL: <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/615#comment:21>
tahoe-lafs <https://tahoe-lafs.org>
secure decentralized storage


More information about the tahoe-lafs-trac-stream mailing list