Closed
Bug 1239179
Opened 8 years ago
Closed 8 years ago
Host SWF block list on Shavar service
Categories
(Core Graveyard :: Plug-ins, defect)
Core Graveyard
Plug-ins
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: cpeterson, Unassigned)
References
Details
We need to import our SWF blocklist into Shavar and publish to Firefox users. Here is an example of the URL pattern list that we imported into Shavar for Shumway's SWF whitelist: https://github.com/mozilla/shumway-whitelist
|
||
Comment 1•8 years ago
|
||
Do you have an example of actual entries that will be part of this list? I'd like to see what they look like (e.g. domains v. full URL of the SWFs).
|
Reporter | |
Comment 2•8 years ago
|
||
Tobias is building a list now. We will probably block by SWF filename or URL suffix, not by domain or full URL, because the same SWFs are host on different CDNs and sites. For example: http://edgecast.cam4s.com/web/FontList.swf http://nitroflare.com/../plugins/RandHashFlash/compiled/FontList.swf https://www.emarsys.net/js/vendor/fingerprintjs2/FontList.swf
|
|
||
Comment 3•8 years ago
|
||
(In reply to Chris Peterson [:cpeterson] from comment #2) > Tobias is building a list now. We will probably block by SWF filename or URL > suffix, not by domain or full URL, because the same SWFs are host on > different CDNs and sites. URL suffixes or bare filenames cannot be expressed in the Safe Browsing format unfortunately. > http://edgecast.cam4s.com/web/FontList.swf > https://www.emarsys.net/js/vendor/fingerprintjs2/FontList.swf These ones work since they are full URLs. > http://nitroflare.com/../plugins/RandHashFlash/compiled/FontList.swf What does the ".." mean here? The actual ".." directory (works fine in SB) or it's a placeholder for any directory (doesn't work in SB)?
|
|
Reporter | |
Comment 4•8 years ago
|
||
(In reply to François Marier [:francois] from comment #3) > (In reply to Chris Peterson [:cpeterson] from comment #2) > > Tobias is building a list now. We will probably block by SWF filename or URL > > suffix, not by domain or full URL, because the same SWFs are host on > > different CDNs and sites. > > URL suffixes or bare filenames cannot be expressed in the Safe Browsing > format unfortunately. That's unfortunate, but not a big problem. > > http://nitroflare.com/../plugins/RandHashFlash/compiled/FontList.swf > > What does the ".." mean here? The actual ".." directory (works fine in SB) > or it's a placeholder for any directory (doesn't work in SB)? That is the literal URL with the ".." directory.
|
|
||
Comment 5•8 years ago
|
||
This is available in production: $ ./get-lists.py mozfull-track-digest256 mozfullstaging-track-digest256 mozplugin-block-digest256 mozplugin2-block-digest256 mozpub-track-digest256 mozstd-track-digest256 mozstd-trackwhite-digest256 mozstdstaging-track-digest256 mozstdstaging-trackwhite-digest256 Chris, can we make this bug public?
Status: NEW → RESOLVED
Closed: 8 years ago
Flags: needinfo?(cpeterson)
Resolution: --- → FIXED
|
|
Reporter | |
Comment 6•8 years ago
|
||
SGTM
Group: mozilla-employee-confidential
Flags: needinfo?(cpeterson)
|
||
Updated•2 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•