Hey,
as far as I know, javascript.enabled was disabled by default on the safest security level due to an issue with NoScript not blocking scripts when it should have in certain cases.
As far as I know, this issue has been fixed on the latest NoScript version.
To me it would make sense to revert the change disabling javascript.enabled by default and use a tight NoScript permissions list by default on the safest security level, so users such as myself can decide to whitelist sites that require JavaScript through the NoScript panel, instead of having to open about:config and changing it manually.
Thoughts?
P.S: Excuse the posts to the other mailing lists, apparently I can't read and couldn't find the right mailing list. But eh, more exposure I guess..
analord@secmail.pro:
Hey,
as far as I know, javascript.enabled was disabled by default on the safest security level due to an issue with NoScript not blocking scripts when it should have in certain cases.
As far as I know, this issue has been fixed on the latest NoScript version.
To me it would make sense to revert the change disabling javascript.enabled by default and use a tight NoScript permissions list by default on the safest security level, so users such as myself can decide to whitelist sites that require JavaScript through the NoScript panel, instead of having to open about:config and changing it manually.
Thoughts?
It's not clear whether *all* of the problems have really been fixed. The underlying Mozilla bug is still unresolved and we already got burned twice by it. So, there won't be any changes regarding `javascript.enabled` as long as Tor Browser is based on ESR 68. That means we could start reconsidering the old behavior with Tor Browser 10 which is due 9/22/2020.
P.S: Excuse the posts to the other mailing lists, apparently I can't read and couldn't find the right mailing list. But eh, more exposure I guess..
This one is a good one for this topic
Georg
-
analord@secmail.pro -
Georg Koppen