[tor-bugs] #21923 [Applications/Tor Browser]: Allowing only HTTPS JavaScript on the medium security slider level is broken
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Apr 17 22:20:57 UTC 2017
#21923: Allowing only HTTPS JavaScript on the medium security slider level is
broken
-------------------------------------------------+-------------------------
Reporter: gk | Owner: tbb-
| team
Type: defect | Status: new
Priority: Very High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Critical | Resolution:
Keywords: noscript, tbb-usability-website, | Actual Points:
ff52-esr |
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by ma1):
It is a UI-only bug. The scripts are blocked or allowed according to the
HTTPS status as designed, because the checks happen in the content
process.
Unfortunately the UI-side, living in the parent process, cannot touch the
DOM window. Nevertheless, we've got the URL available, so a work-around is
on its way :)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21923#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list