[tor-bugs] #29733 [Applications/Tor Browser]: Disable NoSript XSS protection for now due to bug 1532530

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Mar 19 22:36:16 UTC 2019


#29733: Disable NoSript XSS protection for now due to bug 1532530
--------------------------------------------+------------------------------
 Reporter:  gk                              |          Owner:  tbb-team
     Type:  defect                          |         Status:
                                            |  needs_information
 Priority:  Very High                       |      Milestone:
Component:  Applications/Tor Browser        |        Version:
 Severity:  Normal                          |     Resolution:
 Keywords:  noscript, TorBrowserTeam201903  |  Actual Points:
Parent ID:                                  |         Points:
 Reviewer:                                  |        Sponsor:
--------------------------------------------+------------------------------

Comment (by ma1):

 Replying to [comment:18 ma1]:
 > Replying to [comment:17 gk]:
 > > ma1: I tested 8.0.7 with 10.2.2 and realized that I am now seeing for
 any search request typed in the URL bar a scary XSS warning popup. That's
 very unfortunate as there is definitely no XSS involved if I type my
 search queries into the URL bar. Could you please fix that?
 >
 > Fixed in [https://github.com/hackademix/noscript/releases/tag/10.2.3rc2
 NoScript 10.2.3rc2].

 [https://github.com/hackademix/noscript/releases/tag/10.2.3 Now also in
 10.2.3], in case you've got an "ship stable releases only" policy.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29733#comment:19>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list