[tor-bugs] #26128 [Applications/Tor Browser]: Make security slider work with NoScript for ESR60

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Jun 14 23:58:04 UTC 2018 

#26128: Make security slider work with NoScript for ESR60
---------------------------------------------+-----------------------------
 Reporter:  arthuredelstein                  |          Owner:  tbb-team
     Type:  defect                           |         Status:
                                             |  needs_information
 Priority:  Very High                        |      Milestone:
Component:  Applications/Tor Browser         |        Version:
 Severity:  Normal                           |     Resolution:
 Keywords:  ff60-esr, TorBrowserTeam201806R  |  Actual Points:
Parent ID:                                   |         Points:
 Reviewer:                                   |        Sponsor:
---------------------------------------------+-----------------------------

Comment (by ma1):

 Replying to [comment:8 arthuredelstein]:
 > Replying to [comment:5 mcs]:
 >
 > > * Do we have any kind of commitment from the NoScript author (Giorgio)
 that the IPC message we are using will continue to work with future
 releases of NoScript?

 Yes, the updateSettings responder is going to work for the foreseeable
 future.

 > But it would be better if we could define the protocol more formally.
 And what do you think about idea of NoScript accepting diffs to Settings
 (see comment:7)?


 If I understand correctly you need it to accept diffs to the default
 Policy object, rather than to the updateSettings argument (which already
 expects a subset or just one of the supported settings to be actually
 defined, and therefore modified).

 > Is that already possible in some way or could we add this capability to
 NoScript?
 It's not possible yet from the UI or the content script, and so far I
 didn't have a compelling reason to do it.

 > Also, I used a hack to treat http and https domain differently (using a
 "site" whose "domain" is the string "http:". Is there a cleaner way to do
 this?

 I don't consider it a hack: "just by protocol" is explicitly supported by
 the Policy site matching algorithm. However if by "cleaner" you mean an
 ad-hoc switch, no there's none.

 Regarding both the enhancements, if they're really needed, have you got
 any design proposal?

 Thanks!

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26128#comment:10>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list