[tor-bugs] #27589 [Applications/Tor Browser]: "Javascript is disabled on non-HTTPS sites" from security slider has regressed in TBB 8 / NoScript 10

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Oct 3 07:40:45 UTC 2018


#27589: "Javascript is disabled on non-HTTPS sites" from security slider has
regressed in TBB 8 / NoScript 10
-------------------------------------------------+-------------------------
 Reporter:  cypherpunks_reply                    |          Owner:  tbb-
                                                 |  team
     Type:  enhancement                          |         Status:
                                                 |  reopened
 Priority:  Medium                               |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  noscript, tbb-8.0-issues, tbb-       |  Actual Points:
  regression                                     |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by cypherpunks_reply):

 I added some screenshots to illustrate the issue.

 7.5.6 - Copy.png: Tooltip confirms the privilege grant only applies
 geistglobal.com

 8.0.2 - Copy.png: Where's geistglobal.com?  To grant the least privilege
 that allows scripts, and without using the custom option, click on DEFAULT
 for http:.

 8.0.2after - Copy.png: After clicking DEFAULT for http:.  Where's http:?
 All HTTP origins now have entries in the UI with DEFAULT permission.

 802newtab - Copy.png: "All HTTP origins" as mentioned above is not
 restricted to third party origins (I hope this is the correct use of
 origin?) for geistblobal.com but to all HTTP origins.  The domains colored
 red in the UI indicate that they are HTTP origins.

 custom_ui - Copy.png:  This is to illustrate a personal wish that I think
 could be done with low effort.  I feel like the NoScript UI is targeted to
 more advanced users than TorBrowser, and in TorBrowser the NoScript UI is
 essentially there to implement the slider which is supposed to be a user
 friendly feature.  If the UI for the custom tab as seen in the screenshot
 was always displayed for every domain, it would be much easier for users
 to learn that unchecked checkboxes with red backgrounds should be clicked
 to make the page work.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27589#comment:12>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list