search

tor2web / Tor2web

Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers
https://www.tor2web.org
GNU Affero General Public License v3.0
705 stars 176 forks source link

Tor2web injected banner should exploit CSS3 all shorthand property and of the the unset keyword #244

Closed evilaliv3 closed 9 years ago

evilaliv3 commented 9 years ago

CSS Cascading and Inheritance Level 3 introduces the all shorthand property and the unset keyword, which, together, allow you to achieve this conveniently.

http://www.w3.org/TR/css3-cascade/#all-shorthand

For example, if an author specifies all: initial on an element it will block all inheritance and reset all properties, as if no rules appeared in the author, user, or user-agent levels of the cascade.

This is in general useful for widgets and would be useful for the banner in order to make sure that on CSS3 browser it will always look as we want without being overridden by the onion css files.

what we would need is to apply:

#tor2web * {
  all: unset; /* allowing inheritance within #mydiv */
}

To be really safe, we may want to block styles on potential pseudo-element descendants too:

#tor2web::before,
#tor2web::after,
#tor2web *::before,
#tor2web *::after {
  all: unset;
}
evilaliv3 commented 9 years ago

i gived a try but i don't find it working properly. let's postpone its analyisis unt we probably would end in the iframe impleementation that would offer more guarantees