id	summary	keywords	status	owner	type	priority
615	Can JavaScript loaded from Tahoe access all your content which is loaded from Tahoe?	newcaps confidentiality integrity preservation capleak gsoc websec	assigned	davidsarah	defect	critical
127	Cap URLs leaked via HTTP Referer header	confidentiality integrity preservation capleak research websec	assigned	davidsarah	defect	major
366	"address Nathan Wilcox's concerns about ""Tahoe and the browser security model"""	security capleak docs websec	assigned	blaisep	defect	major
587	Web nodes provide ambient upload authority	upload security accounting LeastAuthority.com websec	new	daira	defect	major
674	controlled access to your WUI	wui confidentiality privacy anti-censorship websec	new	nobody	enhancement	major
821	A script in a file viewed through the WUI can obtain the file's read cap	newcaps newurls confidentiality capleak websec	assigned	davidsarah	defect	major
995	It's way too easy to give away write directory caps	wui jsui usability confidentiality capleak websec	new	nobody	defect	major
1136	don't run a web-API frontend if you don't need one	security websec	new	somebody	enhancement	major
1141	Cannot Delete Or Rename Files/Directories With Wacky Names	undeletable junk names delete websec	assigned	davidsarah	defect	major
1215	add CORS support	security http same-origin cors websec	new		enhancement	major
1649	WUI: the error message page for a writeable file/directory nonobviously includes the write cap	usability security capleak websec	assigned	davidsarah	defect	major
1665	Brainstorm webapi vulnerabilities between the operator and a user and between users.	docs security webapi introducer accounting status websec multiuser-gateway	new		task	major
1797	WUI: view content in an HTML5 sandboxed iframe	wui security usability javascript sandbox same-origin websec	new		defect	major
1859	Proof-of-concept attack: Upload and execute attacker controlled js from any domain.	security javascript same-origin capleak websec	new	davidsarah	defect	major
2385	node web server should use DHE/ECDHE suites automatically	security websec https forward-secrecy twisted	new	j3i	enhancement	major
2142	How to enhance WebUI default security against capability eavesdropping?	websec confidentiality privacy wui webapi docs	new	amontero	enhancement	normal
2401	"authentication via proxy breaks ""tahoe backup"""	authentication wui webapi http websec	new		defect	normal
2402	serve static files under a common URL	static wui websec	assigned	daira	enhancement	normal
907	Stop caps from leaking to phishing-filter servers	capleak integrity confidentiality forward-compatibility newurls docs websec	assigned	davidsarah	defect	minor