You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Description
The product does not use a protection mechanism that provides sufficient defense against directed attacks against the product.
Effort to Fix: 3 - Complex implementation error. Fix is approx. 51-500 lines of code. Up to 5 days to fix.
Recommendations
Using iframes to load the hidden service is believed to be the only solution that will not allow the hidden service to modify the banner.
---
Want to back this issue? **[Post a bounty on it!](https://www.bountysource.com/issues/1614141-protection-mechanism-failure-on-warning-banner-escapeable?utm_campaign=plugin&utm_content=tracker%2F318575&utm_medium=issues&utm_source=github)** We accept bounties via [Bountysource](https://www.bountysource.com/?utm_campaign=plugin&utm_content=tracker%2F318575&utm_medium=issues&utm_source=github).
The text was updated successfully, but these errors were encountered:
We also come up that iframe is the solution, now also used in iframe embedded for security reasons (doesn't leave history trace when generated client-side with JS) and possibly in future also on globaleaks/GlobaLeaks#964 . We're not having enough time to work on T2W, we really need to give some love to this project once we've finalized the big backlog of OTF and project!
Description
The product does not use a protection mechanism that provides sufficient defense against directed attacks against the product.
Effort to Fix: 3 - Complex implementation error. Fix is approx. 51-500 lines of code. Up to 5 days to fix.
Recommendations
--- Want to back this issue? **[Post a bounty on it!](https://www.bountysource.com/issues/1614141-protection-mechanism-failure-on-warning-banner-escapeable?utm_campaign=plugin&utm_content=tracker%2F318575&utm_medium=issues&utm_source=github)** We accept bounties via [Bountysource](https://www.bountysource.com/?utm_campaign=plugin&utm_content=tracker%2F318575&utm_medium=issues&utm_source=github).Using iframes to load the hidden service is believed to be the only solution that will not allow the hidden service to modify the banner.
The text was updated successfully, but these errors were encountered: