Comment 4 for bug 457466

Regarding the security concerns, yes,if arbitrary Javascript from a proxied site is included in the re-written web page, then it can do such things as grab the Psiphon cookie and send it anywhere (in other words, the same origin policy security measure breaks when sites are rewritten and returned in the Psiphon proxy domain). Another example risk is exposing user timezone via Javascript calls.

Here’s an idea. What if we support assigning dedicated in-proxies to the whitelisted-Javascript sites? So when a user enters e.g., suspectsite.com in the bluebar in their regular in-proxy, they are redirected to a sub-in-proxy (separate in-proxy, associated with the regular one, and dedicated to the suspectsite.com domain) with a new session cookie. As long as the new session cookie can’t be mapped back to the regular one, it doesn’t matter if suspectsite.com “steals” the sub-in-proxy Psiphon cookie, as it only grants access to the suspectsite.com domain cookies. So, basically, we reinstate the same origin policy defence, at the cost of expending additional IP addresses per whitelisted-site, per in-proxy.