Opened 6 years ago

Closed 14 months ago

#10941 closed task (wontfix)

Secure messaging window

Reported by: sukhbir Owned by:
Priority: Medium Milestone:
Component: Archived/Tor Messenger Version:
Severity: Normal Keywords:
Cc: gk, mikeperry Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


Investigate Instantbird's whitelisting of HTML content and the related security issues that may arise out of this.

Child Tickets

Change History (14)

comment:1 Changed 6 years ago by gk

Cc: gk added

comment:2 Changed 5 years ago by sukhbir

Keywords: TorMessengerPublic added
Parent ID: #14161

comment:3 Changed 5 years ago by sukhbir

Owner: set to sukhbir
Status: newassigned

comment:4 Changed 5 years ago by arlolra

Messaging window is jailed to type=content and is additionally XSS filtered immediately prior to display.

We've further removed anchor tags from strict mode to resolve the ambiguity in #13618.

comment:5 Changed 4 years ago by arlolra

From gk's audit,

I looked at imContentSink.jsm/convbrowser.xml and studied the Instantbird audit done by Mozilla. Almost all issues mentioned in the audit got fixed; one is left which does not seem to bring a high-risk with it especially, as Tor Messenger is configured to use the least permissive rendering mode (which is further hardened)


comment:6 Changed 4 years ago by sukhbir

Parent ID: #14161

comment:7 Changed 4 years ago by arlolra

Keywords: SponsorO removed

comment:8 Changed 4 years ago by arlolra

Keywords: TorMessengerPublic removed

comment:9 Changed 4 years ago by arlolra

Cc: mikeperry added
Severity: Normal

Mike seems to be saying some things here,

comment:10 Changed 4 years ago by mikeperry

Oh, my comments there simply were that it would be strictly better if we knew the message content window had scripts disabled fully, rather than (or actually, in addition to) being XSS filtered.

I know there was some contention with the instantbird team over this, as they felt this would negatively impact UI, so my thought was that we could have a security slider here, too. So for example, look at all of the stuff that disables: Rather than killing all of that up-front (which will negatively impact UX), it could be progressively disabled as security level is increased.

comment:11 Changed 4 years ago by arlolra

Thanks for clarifying (actually, I think you were being pretty clear to begin with, I'm just of the confused type).

A security slider seems apt. In #17480, Tails is asking for a less restrictive (linkified) content window. (Though maybe Tails, and the rest of the security conscious folks, have move on to CoyIM as it is ...)

comment:12 Changed 3 years ago by arlolra

Owner: sukhbir deleted

comment:13 Changed 3 years ago by arlolra

Status: assignednew

comment:14 Changed 14 months ago by traumschule

Resolution: wontfix
Status: newclosed

<+sukhe> hello. yes, I think it's fine to close the tickets. thanks for doing what we should done earlier :)

sad but true:

luckily there are alternatives:

.. and maybe someday

Note: See TracTickets for help on using tickets.