[tor-bugs] #27307 [Applications/Tor Browser]: NoScript marks HTTP Onion as insecure
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sat Aug 25 16:29:39 UTC 2018
#27307: NoScript marks HTTP Onion as insecure
--------------------------------------+--------------------------
Reporter: cypherpunks3 | Owner: tbb-team
Type: defect | Status: closed
Priority: Low | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Minor | Resolution: wontfix
Keywords: noscript | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------+--------------------------
Comment (by gk):
Replying to [comment:4 ma1]:
> Replying to [comment:2 gk]:
> > Replying to [comment:1 cypherpunks3]:
> > > PS: Just to be clear, I'm not calling for JS to be enabled for HTTP
onions on Safer security setting in this ticket, only that ALL onions
should be marked as secure in the NoScript UI.
> >
> > That's a good thing to bring up with the NoScript dev but it is
nothing we'll fix in Tor Browser ourselves.
>
> I think it might be a good idea, but only if I've got a sure-fire way to
tell NoScript is running inside the Tor browser.
>
> {{{
> > console.log(await browser.runtime.getBrowserInfo())
>
> Object { name: "Firefox", vendor: "Mozilla", version: "60.1.0", buildID:
"20180204020101" }
> }}}
>
> Maybe you could send an "isTorBrowser: true" additional property within
your updateSettings messages.
>
> Any better suggestion?
Not sure yet, but I filed #27313 to help with that.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27307#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list