[tor-bugs] #27307 [Applications/Tor Browser]: NoScript marks HTTP Onion as insecure
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Oct 9 13:38:54 UTC 2019
#27307: NoScript marks HTTP Onion as insecure
--------------------------------------+--------------------------
Reporter: cypherpunks3 | Owner: tbb-team
Type: defect | Status: closed
Priority: Low | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Minor | Resolution: wontfix
Keywords: noscript | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------+--------------------------
Comment (by gk):
Replying to [comment:6 ma1]:
> It should have been fixed in
[https://github.com/hackademix/noscript/releases/tag/11.0.4rc11 NoScript
11.0.4rc11] :)
Thanks, that's better. There is still the scary http: in red which should
not be relevant for .onions either. Additionally, the expectation here is
that onions over http:// on medium level security can actually run
JavaScript etc. because http:// is secure for .onion domains They should
get treated as loaded over https://. Could you address those two items for
Tor Browser users? (I am fine opening a new bug for the latter if you
like)
A general note, while testing rc11:
1) After installing it in the browser I needed to click twice on the
NoScript icon until the page related info showed up. On first click only a
small empty menu was visible.
2) After restarting the browser it takes like 5-10 second until the
NoScript icon gets clickable at all and CPU of my laptop gets eaten
meanwhile. There is something computationally heavy going on in the
background here...
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27307#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list