[tor-bugs] #20752 [Applications/Tor Browser]: Search box with DuckDuckGo (and other search engines) is broken on security level High and Medium-High

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Nov 24 14:51:26 UTC 2016


#20752: Search box with DuckDuckGo (and other search engines) is broken on security
level High and Medium-High
-------------------------------------------------+-------------------------
 Reporter:  gk                                   |          Owner:  tbb-
                                                 |  team
     Type:  defect                               |         Status:  new
 Priority:  Medium                               |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  tbb-usability, TorBrowserTeam201611  |  Actual Points:
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by cypherpunks):

 I added as work around the XSS Exceptions but I still get XSS Errors when
 try to load the second/third/... page of search results on startpage.com.

 {{{
 [NoScript XSS] Sanitized suspicious upload to
 [https://s1-us2.startpage.com/do/search] from
 [https://www.startpage.com/do/search]: transformed into a download-only
 GET request.
 }}}

 {{{
 ^https://www\.startpage\.com/do/search
 ^https?://[^/]+\.startpage.com/do/search
 }}}

 To solve this I added another XSS Exception to allow
 https://s5-us2.startpage.com/do/search,
 https://s1-us2.startpage.com/do/search etc., ie second, third aso search-
 result-pages to be opened.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20752#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list