Clear window.name after cross-origin navigation

Talk about code development, features, specific bugs, enhancements, patches, and similar things.
Forum rules
Please keep everything here strictly on-topic.
This board is meant for Pale Moon source code development related subjects only like code snippets, patches, specific bugs, git, the repositories, etc.

This is not for tech support! Please do not post tech support questions in the "Development" board!
Please make sure not to use this board for support questions. Please post issues with specific websites, extensions, etc. in the relevant boards for those topics.

Please keep things on-topic as this forum will be used for reference for Pale Moon development. Expect topics that aren't relevant as such to be moved or deleted.
User avatar
seadragon
Hobby Astronomer
Hobby Astronomer
Posts: 20
Joined: 2021-06-18, 04:39

Clear window.name after cross-origin navigation

Unread post by seadragon » 2021-06-26, 20:08

https://blog.mozilla.org/security/2021/ ... cy-abuses/

Should Pale Moon align with this behavior?

User avatar
RealityRipple
Astronaut
Astronaut
Posts: 647
Joined: 2018-05-17, 02:34
Location: Los Berros Canyon, California
Contact:

Re: Clear window.name after cross-origin navigation

Unread post by RealityRipple » 2021-06-26, 20:16

Tested through the developer tools console, looks like window.name does persist between navigations.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35474
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: Clear window.name after cross-origin navigation

Unread post by Moonchild » 2021-06-26, 23:38

I don't think this would be particularly complex to implement. What bugs me more than anything else is that this wasn't part of the sec bugs I was given access to which normally also includes privacy bugs.

So, seadragon, find out which BZ bug this was changed in, and if it's as simple as I think it is you can port whatever it is across (creating an issue and pull request for it).
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

User avatar
seadragon
Hobby Astronomer
Hobby Astronomer
Posts: 20
Joined: 2021-06-18, 04:39

Re: Clear window.name after cross-origin navigation

Unread post by seadragon » 2021-06-27, 04:46

https://bugzilla.mozilla.org/show_bug.c ... 44222#c100
I think this is it. A little complicated than I thought... I will try and make a pull request for Pale Moon.
Moonchild wrote:
2021-06-26, 23:38
What bugs me more than anything else is that this wasn't part of the sec bugs I was given access to which normally also includes privacy bugs.
Perhaps because the issue itself was a decade old. It just get fixed recently

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35474
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: Clear window.name after cross-origin navigation

Unread post by Moonchild » 2021-06-27, 11:17

seadragon wrote:
2021-06-27, 04:46
A little complicated than I thought...
I had a look at the bug and the solution isn't too terribly complicated (it's only more involved because the standard says the name needs to be restored when you navigate browser history).
You can also simply a few things that aren't applicable to use like the extra checks for Fission and multi-process.
Also make sure you check any listed regressions to see if they are applicable.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

Locked