[tbb-bugs] #17797 [Tor Browser]: Medium-High security enables HTTPS javascript despite noscript settings
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Dec 9 19:24:33 UTC 2015
#17797: Medium-High security enables HTTPS javascript despite noscript settings
-----------------------------+----------------------
Reporter: special | Owner: tbb-team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Tor Browser | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Sponsor:
-----------------------------+----------------------
1. Set the security slider to "Medium-High"
2. Using the noscript icon in the toolbar, turn on "Forbid Scripts
Globally"
3. Visit https://check.torproject.org/ - note "JavaScript is enabled"
If the slider is "High" or "Medium-Low", noscript works as expected. The
"Javascript for HTTPS-only" behavior on Medium-High overrides the user's
noscript settings.
I think the noscript setting should work independently from the security
slider. But at the very least, it's a bug to have noscript saying
javascript is blocked when it's actually enabled for all HTTPS.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17797>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list