[tor-bugs] #20366 [Applications/Tor Browser]: NoScript allows all 3rd party scripts when base domain is blocked

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Nov 8 15:37:24 UTC 2016 

#20366: NoScript allows all 3rd party scripts when base domain is blocked
------------------------------------------+-------------------------
 Reporter:  joebt                         |          Owner:
     Type:  defect                        |         Status:  closed
 Priority:  Medium                        |      Milestone:
Component:  Applications/Tor Browser      |        Version:
 Severity:  Normal                        |     Resolution:  invalid
 Keywords:  NoScript, Cascade, 3rd party  |  Actual Points:
Parent ID:                                |         Points:
 Reviewer:                                |        Sponsor:
------------------------------------------+-------------------------

Comment (by joebt):

 I didn't discuss it directly with Giorgio, but NoScript forum's long time
 main moderator, barbaz, claimed this feature  "Cascade top document's
 permissions...." was introduced at Tor devs' request.

 I haven't confirmed that. If true, one question is, was this behavior
 under a specific condition what Tor Project wanted or even considered?
 Whether if a base domain is blocked, all 3rd party sites should be
 '''shown''' as allowed or blocked.

 When base domain is blocked, not sure if allowed 3rd party sites / scripts
 would '''ever''' under any circumstance be able to execute under NS or
 TBB.  Key phrase is "ever under any circumstance," vs. "probably won't."

 Barbaz gave no real explanation - why or when the described behavior would
 be desirable or expected by most users.

 Even if 3rd party scripts could '''never''' execute when a base domain is
 blocked, showing them as "allowed" is probably disconcerting and not what
 users prefer to see.  Far less significant GUI quirks than this have been
 fixed.

 If enabling some TBB / Tor Button option made it incorrectly show "You are
 NOT connected to Tor network," most users wouldn't want to  ignore that as
 just a quirk.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20366#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list