[tbb-bugs] #27307 [Applications/Tor Browser]: NoScript marks HTTP Onion as insecure

Tor Bug Tracker & Wiki blackhole at torproject.org
Sat Aug 25 08:31:04 UTC 2018

#27307: NoScript marks HTTP Onion as insecure
 Reporter:  cypherpunks3              |          Owner:  tbb-team
     Type:  defect                    |         Status:  closed
 Priority:  Low                       |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Minor                     |     Resolution:  wontfix
 Keywords:  noscript                  |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:

Comment (by ma1):

 Replying to [comment:2 gk]:
 > Replying to [comment:1 cypherpunks3]:
 > > PS: Just to be clear, I'm not calling for JS to be enabled for HTTP
 onions on Safer security setting in this ticket, only that ALL onions
 should be marked as secure in the NoScript UI.
 > That's a good thing to bring up with the NoScript dev but it is nothing
 we'll fix in Tor Browser ourselves.

 I think it might be a good idea, but only if I've got a sure-fire way to
 tell NoScript is running inside the Tor browser.

 > console.log(await browser.runtime.getBrowserInfo())

 Object { name: "Firefox", vendor: "Mozilla", version: "60.1.0", buildID:
 "20180204020101" }

 Maybe you could send an "isTorBrowser: true" additional property within
 your updateSettings messages.

 Any better suggestion?

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27307#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list