[developerteam getadooble] [ dooble-Support Requests-3523710 ] Proxy Obedience: Disabling plugins

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Support Requests item #3523710, was opened at 2012-05-05 00:12
Message generated for change (Settings changed) made by textfield
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=1108294&aid=3523710&group_id=238964

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: None
Group: None
>Status: Open
Priority: 5
Private: No
Submitted By: perrymikey (perrymikey)
Assigned to: Nobody/Anonymous (nobody)
Summary: Proxy Obedience: Disabling plugins 

Initial Comment:
Proxy Obedience

Proxy obedience is assured through the following: 

Plugins have the ability to make arbitrary OS system calls and bypass proxy settings. This includes the ability to make UDP sockets and send arbitrary data independent of the browser proxy settings.

Torbutton disables plugins by using the dooble service to mark the plugin tags as disabled. Additionally, we set plugin.disable_full_page_plugin_for_types to the list of supported mime types for all currently installed plugins.

In addition, to prevent any unproxied activity by plugins at load time, we also patch the dooble source code to prevent the load of any plugins except for Flash and Gnash.

Finally, even if the user alters their browser settings to re-enable the Flash plugin, we have configured NoScript to provide click-to-play placeholders, so that only desired objects will be loaded, and only after user confirmation. 

https://www.torproject.org/projects/torbrowser/design/#proxy-obedience

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=1108294&aid=3523710&group_id=238964