[tor-bugs] #17637 [Tor Browser]: NoScript in Tor-Browser allows all third party domains

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Nov 19 20:59:40 UTC 2015


#17637: NoScript in Tor-Browser allows all third party domains
----------------------------------+----------------------------
 Reporter:  ctbu                  |          Owner:  tbb-team
     Type:  defect                |         Status:  closed
 Priority:  Medium                |      Milestone:
Component:  Tor Browser           |        Version:
 Severity:  Normal                |     Resolution:  worksforme
 Keywords:  Tor-Browser NoScript  |  Actual Points:
Parent ID:                        |         Points:
  Sponsor:                        |
----------------------------------+----------------------------
Changes (by ctbu):

 * status:  needs_information => closed
 * resolution:   => worksforme


Comment:

 After going through all the options I finally found the setting to correct
 this behavior.
 Under Options->Advanced->Trusted untick "Cascade top document's
 permissions to 3rd party scripts'.
 Now every subdomain can be allowed/disallowed individually. This should be
 the default behavior.
 This setting should not be checked by default out of convenience. The Tor
 Homepage encourages the user to not just trust on Tor to magically
 anonymize his traffic, but to actively read up on the material and change
 his browsing behavior. Therefore, the user should also engage himself in
 handling NoScript.

 PS:
 I also noticed that NoScript is initially deactivated in Tor-Browser.
 Maybe this should also be changed in upcoming releases.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17637#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list