[tor-bugs] #22699 [Applications/Tor Browser]: Use browser pref for javascript at High Security Level

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Jul 25 13:52:00 UTC 2017


#22699: Use browser pref for javascript at High Security Level
------------------------------------------------+--------------------------
 Reporter:  mikeperry                           |          Owner:  tbb-team
     Type:  enhancement                         |         Status:  new
 Priority:  High                                |      Milestone:
Component:  Applications/Tor Browser            |        Version:
 Severity:  Normal                              |     Resolution:
 Keywords:  tbb-security, TorBrowserTeam201707  |  Actual Points:
Parent ID:                                      |         Points:
 Reviewer:                                      |        Sponsor:
------------------------------------------------+--------------------------

Comment (by gk):

 Replying to [comment:1 cypherpunks]:
 > And get "Temporarily allow all this page" broken?

 Yes, the easy change, just adding `javascript.enabled` to the slider and
 have it set to `false` on the highest level does not work pretty well with
 temporarily allowing JavaScript.

 What we could do, though, is trying to bind `javascript.enabled` to the
 slider mode AND temporary NoScript permissions: if there are no websites
 where JavaScript is temporarily allowed AND the slider is on the highest
 level then `javascript.enabled` is set to `false`. Otherwise it is set to
 `true`. One of the downsides with this approach, though, is that the state
 of a global pref (`javascript.enabled`) can now depend on domain-wide
 decisions (i.e. allowing JavaScript on particular domains only). That's
 confusing but might be okay, given that allowing scripts on the highest
 security level is not recommended anyway.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22699#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list