[tbb-bugs] #29733 [Applications/Tor Browser]: Disable NoSript XSS protection for now due to bug 1532530

Tor Bug Tracker & Wiki blackhole at torproject.org
Sat Mar 16 01:11:19 UTC 2019


#29733: Disable NoSript XSS protection for now due to bug 1532530
--------------------------------------------+------------------------------
 Reporter:  gk                              |          Owner:  tbb-team
     Type:  defect                          |         Status:
                                            |  needs_information
 Priority:  Very High                       |      Milestone:
Component:  Applications/Tor Browser        |        Version:
 Severity:  Normal                          |     Resolution:
 Keywords:  noscript, TorBrowserTeam201903  |  Actual Points:
Parent ID:                                  |         Points:
 Reviewer:                                  |        Sponsor:
--------------------------------------------+------------------------------

Comment (by eloquence):

 Did a bit more 127.0.0.1 testing in this version of Tor as well (using
 Micah's upload server script: https://github.com/micahflee/noscript-
 upload-bug) and can further confirm that 1) As expected, I can't reproduce
 the issue with the "Scan uploads for potential cross-site attacks"
 checkbox unchecked; 2) As expected, I can reproduce it quickly with that
 checkbox checked.

 As long as the preferences are indeed set correctly in the shipped
 version, I think we're good to go as far as this bug is concerned. :)

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29733#comment:16>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tbb-bugs mailing list