[tor-bugs] #24143 [Applications/Tor Browser]: Have medium security level allow JavaScript on non-HTTPS onion sites?

Tor Bug Tracker & Wiki blackhole at torproject.org
Sat Nov 4 12:44:05 UTC 2017


#24143: Have medium security level allow JavaScript on non-HTTPS onion sites?
-------------------------------------+-------------------------------------
     Reporter:  nido                 |      Owner:  tbb-team
         Type:  enhancement          |     Status:  new
     Priority:  Medium               |  Milestone:
    Component:  Applications/Tor     |    Version:
  Browser                            |   Keywords:  securitylevel
     Severity:  Normal               |  javascript onionservices
Actual Points:                       |  Parent ID:
       Points:                       |   Reviewer:
      Sponsor:                       |
-------------------------------------+-------------------------------------
 Medium security level allows JavaScript only on HTTPS sites, with no
 exception for onion sites. But is it any less secure to run JavaScript on
 an onion site (with or without HTTPS) than on a HTTPS clearnet site? (If
 so, how?) If not, wouldn't it be a good idea to allow JavaScript on all
 onion sites?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24143>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list