Opened 7 years ago

Closed 7 years ago

#5857 closed enhancement (wontfix)

Redesign JS Hook injection

Reported by: mikeperry Owned by: mikeperry
Priority: High Milestone:
Component: TorBrowserButton Version:
Severity: Keywords:
Cc: g.koppen@… Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Georg Koppen found a race condition in our Javascript hook application that allows the hooks to be bypassed. Right now, they only exist to project window.screen and associated resolution information, so we can probably just replace them with a patch (#5856).

However, the technique is useful, and we might want to use it in the future as opposed to Firefox patches to tweak other APIs (#5293, #5666)... This ticket is to see if we can create a more reliable way of injecting js hooks that is more directly supported by the browser.

Or, maybe we just want to patch Firefox for everything. The patch approach will help ensure stuff stays on Mozilla's radar.

Child Tickets

Change History (6)

comment:1 Changed 7 years ago by mikeperry

I wonder what technique Greasemonkey uses these days...

comment:2 Changed 7 years ago by gk

Cc: g.koppen@… added

comment:3 Changed 7 years ago by gk

Okay, I'll work on this issue although just in my spare time as it is unfortunately not a top priority on my current day job (I nevertheless think it is still a far superior approach to patching _and maintaining_ every issue in Firefox itself). I'd like to avoid as much traps you encountered while designing the first generation hooking framework as possible. Thus, every hint you may give (and especially your own tests you are alluding to in #5920) could be helpful.

comment:4 Changed 7 years ago by gk

Err, I meant #5290.

comment:5 Changed 7 years ago by mikeperry

The best test suites we have right now are Gregory Fleischer's, listed in https://www.torproject.org/projects/torbrowser/design/#Testing (they're the pseudo-flaw ones).

I wish I could give you some better hints than that and "check out the greasemonkey code?" but I don't have any atm. :/

comment:6 Changed 7 years ago by mikeperry

Resolution: wontfix
Status: newclosed

We've given up on JS hooks. They've since been removed.

Note: See TracTickets for help on using tickets.