[tor-bugs] #21323 [Applications/Tor Browser]: Activate mixed content blocking

Tor Bug Tracker & Wiki blackhole at torproject.org
Sat May 27 00:34:25 UTC 2017


#21323: Activate mixed content blocking
-------------------------------------------------+-------------------------
 Reporter:  arthuredelstein                      |          Owner:  tbb-
                                                 |  team
     Type:  defect                               |         Status:
                                                 |  needs_information
 Priority:  Medium                               |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  TorBrowserTeam201705R,               |  Actual Points:
  GeorgKoppen201705                              |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by legind):

 Replying to [comment:18 legind]:
 > > In what regard? JS loaded over HTTPS can easily redirect to JS loaded
 over HTTP and Firefox will happily execute it as the MCB does *not* kick
 in in that case. And that's just one of the problems.
 >
 > This is just not the case.  If active mixed content is blocked, even if
 an HTTPS resource redirects to HTTP, it will ''not'' be executed.

 Load https://www.inputoutput.io/non-wp/amcb-test.html and look at the web
 console and network pane in the debugger to check this.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21323#comment:19>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list