Protection Mechanism Failure on Warning Banner Escapeable

[fpietrosanti]

Description
The product does not use a protection mechanism that provides sufficient defense against directed attacks against the product.

Effort to Fix: 3 - Complex implementation error. Fix is approx. 51-500 lines of code. Up to 5 days to fix.

Recommendations
Using iframes to load the hidden service is believed to be the only solution that will not allow the hidden service to modify the banner.

--- Want to back this issue? **[Post a bounty on it!](https://www.bountysource.com/issues/1614141-protection-mechanism-failure-on-warning-banner-escapeable?utm_campaign=plugin&utm_content=tracker%2F318575&utm_medium=issues&utm_source=github)** We accept bounties via [Bountysource](https://www.bountysource.com/?utm_campaign=plugin&utm_content=tracker%2F318575&utm_medium=issues&utm_source=github).

[NSkelsey]

@fpietrosanti do you have anymore background on this issue?

Found the section:

Description

The tor2web warning banner can be escaped or hidden by the site.

Severity Description

An hidden service attacker can hide the warning banner from the user.

Exploitability

HTML or JavaScript can modify the site in various ways to hide the warning banner.
Location
https://anysite.tor2web.org

Attack Vectors

hidden services

Exhibits

In the example below, an attacker can force the banner to load outside of the viewable screen.

Veracode recommends an IFrame is used, but I have my doubts!

[fpietrosanti]

We also come up that iframe is the solution, now also used in iframe embedded for security reasons (doesn't leave history trace when generated client-side with JS) and possibly in future also on globaleaks/GlobaLeaks#964 . We're not having enough time to work on T2W, we really need to give some love to this project once we've finalized the big backlog of OTF and project!