[tbb-dev] Firefox/NoScript bug with major downstream effects

Erik Moeller erik at freedom.press
Thu Mar 7 05:26:54 UTC 2019

Dear TBB developers,

I wanted to make sure you've seen this issue regarding uploads and
NoScript's "Sanitize cross-site suspicious requests" option:


As far as we've been able to tell, this option, which is enabled by
default and intended to guard against XSS attacks, is causing large
uploads in non-JS upload forms to break intermittently. This may
ultimately be due to a bug in Firefox itself (the first link).

The only reason the SecureDrop and OnionShare issues are closed is that
we've implemented ugly workaround instructions for now, and NoScript
considers it an upstream issue in Firefox.

Since this impacts Tor browser users much more than Firefox users,
perhaps some folks on this list may be able to help bring this to a
resolution. In any case, I wanted to flag it to this group given the
impact his issue is having.


Principal Project Manager
Freedom of the Press Foundation

More information about the tbb-dev mailing list