[tahoe-lafs-trac-stream] [tahoe-lafs] #127: Cap URLs leaked via HTTP Referer header
tahoe-lafs
trac at tahoe-lafs.org
Sun Oct 28 16:36:37 UTC 2012
#127: Cap URLs leaked via HTTP Referer header
-------------------------+-------------------------------------------------
Reporter: warner | Owner: davidsarah
Type: defect | Status: assigned
Priority: major | Milestone: 1.11.0
Component: code- | Version: 0.7.0
frontend-web | Keywords: confidentiality integrity
Resolution: | preservation capleak
Launchpad Bug: |
-------------------------+-------------------------------------------------
Comment (by zooko):
Replying to [comment:32 ChosenOne]:
> The noreferrer attribute on links could prevent leaking dircaps when
clicking the link to a potentially malicious html file on the WUI
> http://www.whatwg.org/specs/web-apps/current-work/multipage/links.html
#link-type-noreferrer
Neat! Thank you! We could even consider (reluctant as I am to get into
HTML rewriting) trying to inject that attribute onto arbitrary links
inside HTML that the tahoe gateway serves up!
--
Ticket URL: <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/127#comment:34>
tahoe-lafs <https://tahoe-lafs.org>
secure decentralized storage
More information about the tahoe-lafs-trac-stream
mailing list