[tor-bugs] #9387 [Tor Launcher]: Tor Launcher/Torbutton should provide a "Security Slider"
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Oct 30 22:03:13 UTC 2014
#9387: Tor Launcher/Torbutton should provide a "Security Slider"
-------------------------+-------------------------------------------------
Reporter: | Owner: gk
mikeperry | Status: needs_information
Type: | Milestone:
enhancement | Version:
Priority: major | Keywords: TorBrowserTeam201410D, tbb-
Component: Tor | security, tbb-usability, tbb-linkability,
Launcher | tbb-3.0, extdev-interview, tbb-isec-report,
Resolution: | MikePerry201410R, tbb-4.5-alpha
Actual Points: | Parent ID:
Points: |
-------------------------+-------------------------------------------------
Comment (by gk):
Replying to [comment:58 mikeperry]:
> Well, I don't think `noscript.allowHttpsOnly` exists.
Well, take a look at a vanilla NoScript .xpi and you'll find it in the
preferences file which it includes.
> We want `noscript.globalHttpsWhitelist` to be set only in mode 3. In
that mode, we also want https: in the whitelist
(`capability.policy.maonoscript.sites`).
>
> In modes 1, 2, and 4 we want `noscript.globalHttpsWhitelist` unset. We
also want 'https:' removed from `capability.policy.maonoscript.sites` in
these modes.
>
> I will update the summary in comment:43.
Okay, I think I've addressed this issue and a working checkbox/custom mode
is contained in bug_9387_test_02 as well. What is still missing is:
-tooltips/help buttons explaining the security levels
-preferences for disabling SVG and MathML (#12827 and #13548)
-the test mentioned in comment:57
-thinking about some custom settings corner cases (Should they be
preserved during New Identity? Should they be reset during start-up?)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9387#comment:59>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list