[tor-bugs] #25000 [Applications/Tor Browser]: TorBrowser's NoScript is breaking add-on system
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sat Jan 27 22:42:51 UTC 2018
#25000: TorBrowser's NoScript is breaking add-on system
--------------------------------------+-----------------------------------
Reporter: cypherpunks | Owner: tbb-team
Type: defect | Status: needs_information
Priority: High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points: 100
Reviewer: | Sponsor:
--------------------------------------+-----------------------------------
Comment (by ma1):
Is there any valid reason why [System+Principal] (which is the very first
entry in NoScript 5's "stock" mandatory whitelist) is not included in the
default Tor Browser whitelist?
Anyway, this absence is the culprit (and in facts, this problem happens
only in the Tor Browser which deploys its "special" shortlisted mandatory
whitelist).
The Tor Browser enforces permissions cascading, and in the Add-ons Options
window the top frame is about:addons, whose principal's origin is
[System+Principal]. Since this origin is omitted from Tor Browser's
version of NoScript mandatory whitelist, the top site by default is
considered forbidden, cascading down script blocking to the WebExtension's
subframe.
Temporary work-around for users having this problem: manually add
[System+Principal] to your whitelist.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/25000#comment:14>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list