Erik Moeller:
On 3/6/19 11:16 PM, Georg Koppen wrote:
Thanks for doing so. Would it be helpful if we just disabled the XSS protection in the coming release (it causes other issues like #29647 and we have a bug treating "allow/deny always" cases (#29646) properly, so the motivation to do so is kind of independent of your bug)?
Thanks for the quick response!
Yes, that would be very helpful; the impact of this bug appears to be widespread and severe, and it's very difficult for users and devs to understand why it is occurring and how they can work around it.
If the root cause is indeed an upstream Firefox bug, perhaps the balance will shift again in favor of enabling the feature by default, once that bug is resolved.
If you do decide to disable this preference, can you already anticipate when that update would likely reach users?
We could try to squeeze this in into the upcoming release which should be available for users next Tuesday, March 19, in Tor Browser 8.0.7.
Georg