Skip to content

Bug 8324: Prevent DNS proxy bypasses caused by Drag&Drop

ma1 requested to merge ma1/tor-browser:bug_41518 into tor-browser-102.5.0esr-12.5-1

Try to keep a good level of protection against leaks caused by accidental link drags, while not hampering usability (e.g. bookmarks reordering or intentional navigation gestures):

  1. Keep the torbutton!106 (merged) fix against text/plain and text/html fallback flavors escaping the filter
  2. Limit the protection to actual links (i.e. anchor elements or other DOM elements which cause a text/x-moz-url data flavor to be added to the transferable object) as it was originally meant
  3. Drop any attempt to guess "selected text containing URLs"
  4. Explicitly exempt bookmarks
  5. Allow as much as possible dragging links onto the Tor Browser's own UI, for navigation and bookmarking purposes

Part of #41518, fixes #41520 (closed).

Edited by ma1

Merge request reports

Loading