[tor-bugs] #22067 [Applications/Tor Browser]: NoScript Click-to-Play bypass with embedded videos (was: NoScript Click-to-Play bypass)
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Apr 26 10:06:13 UTC 2017
#22067: NoScript Click-to-Play bypass with embedded videos
--------------------------------------+--------------------------
Reporter: samantharis | Owner: tbb-team
Type: defect | Status: new
Priority: High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Major | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------+--------------------------
Changes (by gk):
* cc: ma1 (added)
Comment:
samantharis: what makes you believe this is a onion service related issue?
Are you saying with "9/10" that in both cases you get the video to play?
That said: I can reproduce your findings in your first example but only on
the second try. The first try to load the video is always blocked for me.
I guess the crucial difference here is that you click on an embedded video
in the first example while you are loading the video directly in the
second example.
Tested on a Linux system with Tor Browser 7.0a3 and NoScript 5.0a3.
I think this is a NoScript bug.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22067#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list