[tor-bugs] #32362 [Applications/Tor Browser]: NoScript TRUSTED setting doesn't work
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Nov 7 07:44:06 UTC 2019
#32362: NoScript TRUSTED setting doesn't work
-------------------------------------------------+-------------------------
Reporter: nDe15o | Owner: tbb-
| team
Type: defect | Status:
| needs_information
Priority: High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-9.0-issues, | Actual Points:
TorBrowserTeam201912 |
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by nDe15o):
I tried to debug NoScript. This is what happens when I reload the tab
where http://archivecaslytosk.onion/ is opened. It goes to Policy.js#448
and siteMatch is null, so it return the default permission (which is only
perm.capabilities: Set(2) of 0:"frame" 1: "other"):
{{{
get(site, ctx = null) {
let perms, contextMatch;
let siteMatch = !(this.onlySecure && /^\w+tp:/i.test(site)) &&
this.sites.match(site);
if (siteMatch) {
perms = this.sites.get(siteMatch);
if (ctx) {
contextMatch = perms.contextual.match(ctx);
if (contextMatch) perms = perms.contextual.get(ctx);
}
} else {
perms = this.DEFAULT;
}
return {perms, siteMatch, contextMatch};
}
}}}
it is null because this.onlySecure is undefined. Why it's undefined I
don't know.
Stack trace:
{{{
get (Policy.js#448)
fetchChildPolicySync (main.js#167)
onSyncMessage (main.js#207)
notifyListeners (SyncMessage.js#138)
<anonymous> (SyncMessage.js#28)
}}}
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/32362#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list