[tor-bugs] #17637 [Tor Browser]: NoScript in Tor-Browser allows all third party domains
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Nov 19 18:23:33 UTC 2015
#17637: NoScript in Tor-Browser allows all third party domains
----------------------------------+-----------------------------------
Reporter: ctbu | Owner: tbb-team
Type: defect | Status: needs_information
Priority: Medium | Milestone:
Component: Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: Tor-Browser NoScript | Actual Points:
Parent ID: | Points:
Sponsor: |
----------------------------------+-----------------------------------
Comment (by ctbu):
I am not doing anything to reproduce it. The browser shipped this way. I
just click on the NoScript logo, then the on 'temporarily allow top-level
domain' and when the site is reloaded all subdomains/3rd-party domains are
allowed, too. E.g., if a site has an embedded YouTube video and I want
allow only the current site then, on reload, the YouTube video can be
played, too, although I did not allow it explicitly.
I have attached a screenshot of my security settings. I never changed
them.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17637#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list