[tbb-dev] Tor Browser: Re-enable 'javascript.enabled' on safest security level?

Georg Koppen gk at torproject.org
Mon Jun 1 12:21:18 UTC 2020

analord at secmail.pro:
> Hey,
> as far as I know, javascript.enabled was disabled by default on the safest
> security level due to an issue with NoScript not blocking scripts when it
> should have in certain cases.
> As far as I know, this issue has been fixed on the latest NoScript version.
> To me it would make sense to revert the change disabling
> javascript.enabled by default and use a tight NoScript permissions list by
> default on the safest security level, so users such as myself can decide
> to whitelist sites that require JavaScript through the NoScript panel,
> instead of having to open about:config and changing it manually.
> Thoughts?

It's not clear whether *all* of the problems have really been fixed. The
underlying Mozilla bug is still unresolved and we already got burned
twice by it. So, there won't be any changes regarding
`javascript.enabled` as long as Tor Browser is based on ESR 68. That
means we could start reconsidering the old behavior with Tor Browser 10
which is due 9/22/2020.

> P.S: Excuse the posts to the other mailing lists, apparently I can't read
> and couldn't find the right mailing list. But eh, more exposure I guess..

This one is a good one for this topic


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tbb-dev/attachments/20200601/9489c15d/attachment.sig>

More information about the tbb-dev mailing list