Consider using data-URI to embed how_tor_works_thumb.png image into tor-exit-notice.html

We can only serve a single HTML file with DirPortFrontPage configuration option. Currently we provide an exit notice file in tor-exit-notice.html, which embeds an image with basic Tor network schematics from Tor website. We may want to use data-URI format (as described in RFC 2397) to hardcode this image into HTML and avoid loading it from external webserver.

changed milestone to %Tor: 0.2.9.x-final

added 029-backport 035-backport 040-backport 041-backport actualpoints::0.2 component::core tor/tor consider-backport-after-0421 milestone::Tor: 0.2.9.x-final points::0.2 priority::low resolution::fixed reviewer::teor security-low severity::trivial status::closed type::enhancement labels

Trac:
Type: defect to enhancement

https://github.com/torproject/tor/pull/1176

Trac:
Status: new to needs_review

Trac:
Milestone: Tor: unspecified to Tor: 0.4.2.x-final

Trac:
Reviewer: N/A to teor

Loading a remote image is a web bug, so this is a low-severity security issue that needs to be backported.

I can do the backport branches as part of the review. I'll also try to modify the git scripts to create backport branches at the same time (#31314 (moved)).

Trac:
Keywords: N/A deleted, 041-backport, security-low, 040-backport, 029-backport, 035-backport added

Here are the pull requests:

• 0.2.9: https://github.com/torproject/tor/pull/1216
• master: https://github.com/torproject/tor/pull/1217

All the other merges are clean. CI doesn't run on this file, so there's no point in pushing any other test branches.

I tested the new file in Tor Browser, Firefox, and Chrome. It looks the same, but there are no network requests.

Marking for backport after Tor 0.4.1.6 has been released, so we have a chance to discover any issues in master.

Trac:
Status: needs_review to merge_ready
Points: N/A to 0.2
Actualpoints: N/A to 0.2
Keywords: N/A deleted, consider-backport-after-0416 added

Trac:
Keywords: N/A deleted, asn-merge added

Merged to master. Did not merge to 041 because of comment:6.

Trac:
Keywords: asn-merge deleted, N/A added

marked for possible backport

Trac:
Milestone: Tor: 0.4.2.x-final to Tor: 0.4.1.x-final

0.4.1.5 was stable, so these get backported after the next alpha

Trac:
Keywords: consider-backport-after-0416 deleted, consider-backport-after-0421 added

Merged to 0.2.9 and forward. The risk is low; the severity is low; and this will be easy for people to work around if anything breaks.

Trac:
Milestone: Tor: 0.4.1.x-final to Tor: 0.2.9.x-final

(And the most likely breakage is a missing image in some browsers, which is better than a low-severity privacy issue.)

Trac:
Status: merge_ready to closed
Resolution: N/A to fixed

closed

changed time estimate to 1h 36m

added 1h 36m of time spent

moved to tpo/core/tor#31089 (closed)