@@ -446,9 +446,11 @@ Unfortunately, many aspects of browser state can serve as identifier storage, an
...
@@ -446,9 +446,11 @@ Unfortunately, many aspects of browser state can serve as identifier storage, an
13.**window.name**
13.**window.name**
~[window.name](https://developer.mozilla.org/En/DOM/Window.name) is a magical DOM property that for some reason is allowed to retain a persistent value for the lifespan of a browser tab. It is possible to utilize this property for [identifier storage](https://www.thomasfrank.se/sessionvars.html).
[window.name](https://developer.mozilla.org/En/DOM/Window.name) is a magical DOM property that for historical reasons is allowed to retain a persistent value for the lifespan of a browser tab.
In order to eliminate non-consensual linkability but still allow for sites that utilize this property to function, we reset the `window.name` property of tabs in Torbutton every time we encounter a blank Referer. This behavior allows `window.name` to persist for the duration of a click-driven navigation session, but as soon as the user enters a new URL or navigates between HTTPS/HTTP schemes, the property is cleared.~
This behavior allowed information to be shared/leaked across different websites as the same value was persisted on cross-site navigation, and the browser used to deploy ad-hoc mitigations against this obvious linkability issue.
However, browser vendors eventually acknowledge this problem, which nowadays is fixed in Firefox (and therefore in derivative browsers) by partitioning the `window.name` property's value per-site and resetting it on cross-site navigation.
