Tor Browser only render HTML for local pages via file://, no images/CSS

changed milestone to %Tor: unspecified

added AffectsTails component::applications/tor browser milestone::Tor: unspecified owner::tbb-team priority::medium resolution::fixed severity::normal status::closed type::defect version::tor unspecified labels

(fixing a mistyped ticket number)

Trac:
Description: In Tor Browser 7.0.10 (and earlier too, see below), if I open a local page via file:// only the HTML is rendered, but images are broken and CSS isn't applied at all. For Tails this breaks several important features, like reading the local copy of the documentation (e.g. when offline) and the start page for our Unsafe Browser.

This breakage started earlier, and it is a bit "interesting":

Tor Browser 7.0.7 is the last ok release (both images and CSS loads).
Tor Browser 7.0.7 -> 7.0.8 only upgrades Torbutton 1.9.7.8 -> 1.9.7.9 which only updates some translations + fixups on the donation banner. That is somehow enough to break images on local pages (but CSS is still fine). Disabling Torbutton makes the images work again.
Tor Browser 7.0.8 -> 7.0.9 only fixes #24052 (moved) ("Streamline handling of file:// resources") which breaks both images and CSS. I say "both" despite the previous bullet indicating that Torbutton is responsible for breaking images, because disabling Torbutton no longer fixes image loading in this version. So it indeed seems that the fix for #24502 (moved) alone breaks both CSS and images.

to

In Tor Browser 7.0.10 (and earlier too, see below), if I open a local page via file:// only the HTML is rendered, but images are broken and CSS isn't applied at all. For Tails this breaks several important features, like reading the local copy of the documentation (e.g. when offline) and the start page for our Unsafe Browser.

This breakage started earlier, and it is a bit "interesting":

Tor Browser 7.0.7 is the last ok release (both images and CSS loads).
Tor Browser 7.0.7 -> 7.0.8 only upgrades Torbutton 1.9.7.8 -> 1.9.7.9 which only updates some translations + fixups on the donation banner. That is somehow enough to break images on local pages (but CSS is still fine). Disabling Torbutton makes the images work again.
Tor Browser 7.0.8 -> 7.0.9 only fixes #24052 (moved) ("Streamline handling of file:// resources") which breaks both images and CSS. I say "both" despite the previous bullet indicating that Torbutton is responsible for breaking images, because disabling Torbutton no longer fixes image loading in this version. So it indeed seems that the fix for #24052 (moved) alone breaks both CSS and images.

Trac:
Cc: N/A to sajolida

Which file(s) could/should I use to test and investigate that?

Replying to gk:

Which file(s) could/should I use to test and investigate that?

Right now I am interested in understanding the Torbutton issue. The impact of #24052 (moved) is pretty clear to me.

I'm also severly affected by that as I work on the Tails website from Tails itself: I build a local copy of the website and test my changes on file:// before pushing them on the production website.

But I have a workaround for now which is to fallback on Firefox ESR for browsing file:// URLs.

I also noticed that the links between pages are broken as well: clicking on them as no effect.

To test this, if you have access to Tails, you can browse the embedded version of our website:

file:///usr/share/doc/tails/website/index.en.html

Otherwise, save your favorite web page locally (Right-click on the page and Save Page As) and open it back with Tor Browser (Ctrl+O and open the page that you saved).

In both cases these pages will appear as raw HTML with no CSS, images, or JS and broken links.

This is not just a problem in Tails. I'm experiencing the same problem in Debian Stretch and Tor 7.09. Example web app that is unusable from file:// is bip32.github.io. This is a client-side javascript app that should really only be run locally because it exposes bitcoin private keys.

Trac:
Username: Molly

Version 7.0.11 on my mac is affected too, I think is very silly problem, is planned to be resolved? Any simple workaround? I'm using scarpbook and it's pretty impossibile to handle file on my disk... :(

Trac:
Username: xerix32

We fixed the most important regression introduced by this bug in Tails by opening the "Tails documentation" launcher on our desktop on the production website instead of offline when people are connected to Tor. But we're still affected in other ways:

The homepage of our Unsafe Browser (used to connect to captive portal) is not translated anymore.
We used Yelp to browser our documentation when offline but it's not as good as a real browser.
Contributors working from Tails can't use Tor Browser anymore to work on our website (for example, trnaslators).

So yep, we're interested in knowing if this bug is planned to be fixed. Even if there's no real hurry...

IIRC using inline CSS (i.e. internal style sheet <style>...</style>) works, so why not try that? :)

Replying to sajolida:

We fixed the most important regression introduced by this bug in Tails by opening the "Tails documentation" launcher on our desktop on the production website instead of offline when people are connected to Tor. But we're still affected in other ways:

The homepage of our Unsafe Browser (used to connect to captive portal) is not translated anymore.

We used Yelp to browser our documentation when offline but it's not as good as a real browser.

Contributors working from Tails can't use Tor Browser anymore to work on our website (for example, trnaslators).

So yep, we're interested in knowing if this bug is planned to be fixed. Even if there's no real hurry...

Sure, it is planned but we need help from Mozilla with that one because this is a code area that seems to be prone to open up security holes...

Replying to cypherpunks:

IIRC using inline CSS (i.e. internal style sheet <style>...</style>) works, so why not try that? :) I can confirm this, here's a test .html for that:

<html>
<style>
@keyframes bouncing-loader {
  from {
    opacity: 1;
    transform: translateY(0);
  }
  to {
    opacity: 0.1;
    transform: translateY(-3rem);
  }
}
.bouncing-loader {
  display: flex;
  justify-content: center;
}
.bouncing-loader > div {
  width: 2rem;
  height: 2rem;
  margin: 3rem 0.2rem;
  background: #4185aa;
  border-radius: 50%;
  animation: bouncing-loader 0.2s infinite alternate;
}
.bouncing-loader > div:nth-child(2) {
  animation-delay: 0.2s;
}
.bouncing-loader > div:nth-child(3) {
  animation-delay: 0.4s;
}
.bouncing-loader > div:nth-child(4) {
  animation-delay: 0.6s;
}
.bouncing-loader > div:nth-child(5) {
  animation-delay: 0.8s;
}
.bouncing-loader > div:nth-child(6) {
  animation-delay: 1s;
}
.bouncing-loader > div:nth-child(7) {
  animation-delay: 1.2s;
}
.bouncing-loader > div:nth-child(8) {
  animation-delay: 1.4s;
}
.bouncing-loader > div:nth-child(9) {
  animation-delay: 1.6s;
}
.bouncing-loader > div:nth-child(10) {
  animation-delay: 1.8s;
}
.bouncing-loader > div:nth-child(11) {
  animation-delay: 2s;
}
.bouncing-loader > div:nth-child(12) {
  animation-delay: 2.2s;
}
.bouncing-loader > div:nth-child(7) {
  animation-delay: 1.2s;
}


</style>

<body>
<div class="bouncing-loader">
  <div></div>
  <div></div>
  <div></div>
  <div></div>
  <div></div>
  <div></div>
  <div></div>
  <div></div>
  <div></div>
  <div></div>
  <div></div>
  <div></div>
</div>
</body>
</html>

Trac:

Amazing gk! Thanks for the update :)

Also affected by this (TBB 7.3.5, non-Tails).

Using inline CSS might be a workaround for local files you control (and invest the ressources to change). But there are other use-cases for local files, where this workaround is not feasable.

F.e. a local output of munin, which is now unusable in TBB. :(

Trac:
Username: ilf

This should be fixed in Tor Browser 8.0a9.

Trac:
Resolution: N/A to fixed
Status: new to closed

Replying to gk:

This should be fixed in Tor Browser 8.0a9.

I just installed Tails, and I couldn't load My Ether Wallet JS, using the Tails TOR. It comes with TOR 7.5.5. Tor

Trac:
Username: TorUser9999

Trac:
Username: TorUser9999
Resolution: fixed to N/A
Milestone: N/A to Tor: unspecified
Status: closed to reopened
Version: N/A to Tor: unspecified

Yes, which is why I wrote "8.0a9" and not "7.5.5".

Trac:
Status: reopened to closed
Resolution: N/A to fixed

I confirm this is fixed with 8.0a9 in Tails :)

This is affecting me too, using the version of Tor browser that is currently bundled in the latest release of Tails. When will the patched version of Tor be included with Tails? If it is a long way out, can someone please provide step-by-step directions to getting a proper version of Tor browser up and running in Tails? Thanks.

Trac:
Username: penington

It would be nice if the unsafe browser could be used as a workaround, but the unsafe browser doesn't work at all when the computer is offline. Is that intentional? It seems like a bug to require connectivity to view a local webpage in the unsafe browser.

Trac:
Username: penington

The first stable release of Tor Browser 8.0 (fixing this bug) is planned for September 5.

closed

moved to tpo/applications/tor-browser#24243 (closed)

Tor Browser only render HTML for local pages via file://, no images/CSS

Child items 0

Activity