[tor-bugs] #26847 [Applications/Tor Browser]: Tor Browser 8.0, noscript pops up a full-browser-size window to warn me about x-site scripting

[Tor Bug Tracker & Wiki]

#26847: Tor Browser 8.0, noscript pops up a full-browser-size window to warn me
about x-site scripting
-------------------------------------------------+-------------------------
 Reporter:  arma                                 |          Owner:  tbb-
                                                 |  team
     Type:  defect                               |         Status:  new
 Priority:  Medium                               |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  tbb-8.0-issues, tbb-regression,      |  Actual Points:
  noscript, tbb-usability                        |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------
Changes (by mikeperry):

 * keywords:  tbb-8.0-issues, tbb-regression, noscript => tbb-8.0-issues,
     tbb-regression, noscript, tbb-usability


Comment:

 Hrmm, this situation does not seem to have improved. Doubleclick is
 encoding URLs in like all of its ad query params (probably because of the
 referer field not being present for https fetches), and this is getting
 triggered multiple times all over the place. It is making many sites
 unusable for me.

 If we can't eliminate these false positives, I think we should disable
 this XSS protection, certainly by default. With as noisy as it currently
 is, I don't think it should be on unless the security level is at High.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26847#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online