[tbb-bugs] #25000 [Applications/Tor Browser]: TorBrowser's NoScript is breaking add-on system

Tor Bug Tracker & Wiki blackhole at torproject.org
Sat Jan 27 22:42:51 UTC 2018

#25000: TorBrowser's NoScript is breaking add-on system
 Reporter:  cypherpunks               |          Owner:  tbb-team
     Type:  defect                    |         Status:  needs_information
 Priority:  High                      |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:                            |  Actual Points:
Parent ID:                            |         Points:  100
 Reviewer:                            |        Sponsor:

Comment (by ma1):

 Is there any valid reason why [System+Principal] (which is the very first
 entry in NoScript 5's "stock" mandatory whitelist) is not included in the
 default Tor Browser whitelist?

 Anyway, this absence is the culprit (and in facts, this problem happens
 only in the Tor Browser which deploys its "special" shortlisted mandatory

 The Tor Browser enforces permissions cascading, and in the Add-ons Options
 window the top frame is about:addons, whose principal's origin is
 [System+Principal]. Since this origin is omitted from Tor Browser's
 version of NoScript mandatory whitelist, the top site by default is
 considered forbidden, cascading down script blocking to the WebExtension's

 Temporary work-around for users having this problem: manually add
 [System+Principal] to your whitelist.

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/25000#comment:14>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list