Opened 4 years ago

Closed 4 years ago

#21741 closed task (fixed)

Check for proxy bypasses with new HTML Drag and Drop API

Reported by: gk Owned by: tbb-team
Priority: High Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: ff52-esr, TorBrowserTeam201704, tbb-7.0-must-alpha, GeorgKoppen201704
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor: Sponsor4


We had issues in the past with drag and drop bypassing our proxy settings. There is a new API that got implemented which can do the things the old one did and more (see:,, and We should assure that our old defense against proxy bypass holds.

Child Tickets

Change History (4)

comment:1 Changed 4 years ago by gk

Keywords: TorBrowserTeam201704 added; TorBrowserTeam201703 removed

Moving tickets over to April

comment:2 Changed 4 years ago by gk

Keywords: tbb-7.0-must-alpha added; tbb-7.0-must removed

Getting this on our radar for alpha release in less than two weeks.

comment:3 Changed 4 years ago by gk

Keywords: GeorgKoppen201704 added

Putting tickets on my plate for the alpha.

comment:4 Changed 4 years ago by gk

Resolution: fixed
Status: newclosed

I checked the nightly build for drag-and-drop proxy bypasses with Wireshark and looked at Torbutton log output. I found no DNS leaks and there were no error messages in the drag-and-drop related Torbutton code either. Furthermore, I looked at the patches in the description and compared nsITransferable.idl between esr45 and esr52 and no new MIME types that are "url"-related got added. Thus, I think we are good here.

Note: See TracTickets for help on using tickets.