[tbb-bugs] #22067 [Applications/Tor Browser]: NoScript Click-to-Play bypass with embedded videos (was: NoScript Click-to-Play bypass)

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Apr 26 10:06:13 UTC 2017

#22067: NoScript Click-to-Play bypass with embedded videos
 Reporter:  samantharis               |          Owner:  tbb-team
     Type:  defect                    |         Status:  new
 Priority:  High                      |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Major                     |     Resolution:
 Keywords:                            |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
Changes (by gk):

 * cc: ma1 (added)


 samantharis: what makes you believe this is a onion service related issue?
 Are you saying with "9/10" that in both cases you get the video to play?

 That said: I can reproduce your findings in your first example but only on
 the second try. The first try to load the video is always blocked for me.
 I guess the crucial difference here is that you click on an embedded video
 in the first example while you are loading the video directly in the
 second example.

 Tested on a Linux system with Tor Browser 7.0a3 and NoScript 5.0a3.

 I think this is a NoScript bug.

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22067#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list