Dear TBB developers,
I wanted to make sure you've seen this issue regarding uploads and NoScript's "Sanitize cross-site suspicious requests" option:
https://bugzilla.mozilla.org/show_bug.cgi?id=1532530 https://github.com/hackademix/noscript/issues/64 https://github.com/freedomofpress/securedrop/issues/4078 https://github.com/micahflee/onionshare/issues/899
As far as we've been able to tell, this option, which is enabled by default and intended to guard against XSS attacks, is causing large uploads in non-JS upload forms to break intermittently. This may ultimately be due to a bug in Firefox itself (the first link).
The only reason the SecureDrop and OnionShare issues are closed is that we've implemented ugly workaround instructions for now, and NoScript considers it an upstream issue in Firefox.
Since this impacts Tor browser users much more than Firefox users, perhaps some folks on this list may be able to help bring this to a resolution. In any case, I wanted to flag it to this group given the impact his issue is having.
Warmly,
Erik