[tbb-dev] Tor Browser: Re-enable 'javascript.enabled' on safest security level?
Georg Koppen
gk at torproject.org
Mon Jun 1 12:21:18 UTC 2020
analord at secmail.pro:
>
>
> Hey,
>
> as far as I know, javascript.enabled was disabled by default on the safest
> security level due to an issue with NoScript not blocking scripts when it
> should have in certain cases.
>
> As far as I know, this issue has been fixed on the latest NoScript version.
>
> To me it would make sense to revert the change disabling
> javascript.enabled by default and use a tight NoScript permissions list by
> default on the safest security level, so users such as myself can decide
> to whitelist sites that require JavaScript through the NoScript panel,
> instead of having to open about:config and changing it manually.
>
> Thoughts?
It's not clear whether *all* of the problems have really been fixed. The
underlying Mozilla bug is still unresolved and we already got burned
twice by it. So, there won't be any changes regarding
`javascript.enabled` as long as Tor Browser is based on ESR 68. That
means we could start reconsidering the old behavior with Tor Browser 10
which is due 9/22/2020.
> P.S: Excuse the posts to the other mailing lists, apparently I can't read
> and couldn't find the right mailing list. But eh, more exposure I guess..
This one is a good one for this topic
Georg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tbb-dev/attachments/20200601/9489c15d/attachment.sig>
More information about the tbb-dev
mailing list