[tahoe-lafs-trac-stream] [tahoe-lafs] #1942: google chart in wui leaks information
tahoe-lafs
trac at tahoe-lafs.org
Fri Apr 12 04:48:53 UTC 2013
#1942: google chart in wui leaks information
-------------------------+-------------------------------------------------
Reporter: leif | Owner: daira
Type: defect | Status: assigned
Priority: normal | Milestone: 1.10.0
Component: code- | Version: 1.9.2
frontend-web | Keywords: anonymity privacy integrity
Resolution: | confidentiality security capleak
Launchpad Bug: |
-------------------------+-------------------------------------------------
Comment (by daira):
It used to be possible to same-origin-attack a browser using !JavaScript
in an SVG file loaded by an {{{img}}} tag
(http://www.librador.com/2011/03/09/Dangers-of-SVG-and-the-img-tag/), but
apparently recent browsers do not load !JavaScript in that case
(http://stackoverflow.com/questions/7917008/xss-when-loading-untrusted-
svg-using-img-tag).
--
Ticket URL: <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1942#comment:6>
tahoe-lafs <https://tahoe-lafs.org>
secure decentralized storage
More information about the tahoe-lafs-trac-stream
mailing list