[tor-bugs] #27651 [Applications/Tor Browser]: Behaviour of NoScript varies in "privileged" sites

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Sep 13 11:18:37 UTC 2018


#27651: Behaviour of NoScript varies in "privileged" sites
--------------------------------------+-----------------------------------
 Reporter:  cypherpunks3              |          Owner:  tbb-team
     Type:  defect                    |         Status:  needs_information
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:                            |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+-----------------------------------

Comment (by cypherpunks3):

 Replying to [comment:1 gk]:
 > No, we don't ship a custom NoScript. In which way does NoScript's
 behavior vary for restricted (not privileged) domains? What is the bug
 here?
 Currently there seem to be 2 places where this affects NS behaviour. The
 most interesting is in popup.js:
 {{{
       await include("/lib/restricted.js");
       let isRestricted = isRestrictedURL(tab.url);
       if (!isHttp || isRestricted) {
         showMessage("warning", _("privilegedPage"));
         let tempTrust = document.getElementById("temp-trust-page");
         tempTrust.disabled = true;
         return;
       }
 }}}
 > restricted (not privileged) domains
 Huh? Perhaps you meant "not privileged from the point of view of TB", but
 surely you can see the point here: even if TB doesn't consider them
 privileged, NS is still behaving as if running on Firefox, and doesn't ask
 the browser it simply looks up in a list of hardcoded domains. So maybe
 now the variance is not very troubling, but what about tomorrow?

 Also calling the domain "restricted" instead of privileged is exactly
 backwards, is not the site that is restricted, but NoScript!

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27651#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list