[tor-bugs] #16425 [Tor Browser]: Searching via Disconnect should show no XSS false positive warnings
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Jun 23 08:18:57 UTC 2015
#16425: Searching via Disconnect should show no XSS false positive warnings
---------------------------+--------------------------
Reporter: gk | Owner: tbb-team
Type: defect | Status: new
Priority: normal | Milestone:
Component: Tor Browser | Version:
Keywords: tbb-usability | Actual Points:
Parent ID: | Points:
---------------------------+--------------------------
https://blog.torproject.org/blog/tor-browser-452-released#comment-95374
describes a way to trigger NoScript's XSS warning reliably:
{{{
Whenever I search a term using the right click->"Search for *", it goes to
the disconnect search page and NoScript gives error "NoScript filtered a
potential cross-site scripting (XSS) attempt from [chrome]. Technical
details have been logged ..."
}}}
This does not happen with other search engines, like the one Google
provides.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16425>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list