[tor-bugs] #27589 [Applications/Tor Browser]: "Javascript is disabled on non-HTTPS sites" from security slider has regressed in TBB 8 / NoScript 10

Tor Bug Tracker & Wiki blackhole at torproject.org
Sun Oct 7 03:18:50 UTC 2018 

#27589: "Javascript is disabled on non-HTTPS sites" from security slider has
regressed in TBB 8 / NoScript 10
-------------------------------------------------+-------------------------
 Reporter:  cypherpunks_reply                    |          Owner:  tbb-
                                                 |  team
     Type:  enhancement                          |         Status:
                                                 |  reopened
 Priority:  Medium                               |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  noscript, tbb-8.0-issues, tbb-       |  Actual Points:
  regression                                     |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by cypherpunks_reply):

 I tried the beta and while it does show the http domains in the pop up, it
 is still pretty confusing.  The leftmost column is highlighted with
 UNTRUSTED* for the HTTP domains, but until now that column indicated
 DEFAULT permission.  Also this means you can't assign DEFAULT permission
 to individual HTTP domains.  You could allow scripts by changing them to
 TRUSTED or change all HTTP domains to DEFAULT by modifying the http: row.

 I think one issue here is that the term default and trusted are
 overloaded.  HTTPS domains default to DEFAULT permissions, and HTTP
 domains default to UNTRUSTED.  If highlighting the leftmost column in the
 popup means that the default permission applies (the default permission
 doesn't have to be the DEFAULT ruleset) then the name of the DEFAULT
 ruleset is misleading.  Similarly, TRUSTED here basically means greater
 than normal trust.  DEFAULT means neutral trust.  UNTRUSTED has two
 possible meanings, neutral trust (so, not worthy of elevation to TRUSTED,
 which today is DEFAULT), or today's meaning, negative trust (less trust
 than neutral / DEFAULT).  So renaming the DEFAULT ruleset to something
 that implies generic or no-opinion would clarify the meaning of the left-
 most column in the popup.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27589#comment:21>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list