[tor-bugs] #27313 [Applications/Tor Browser]: Help NoScript marking HTTP .onions as secure

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Oct 9 14:16:29 UTC 2019 

#27313: Help NoScript marking HTTP .onions as secure
--------------------------------------+---------------------------
 Reporter:  gk                        |          Owner:  tbb-team
     Type:  enhancement               |         Status:  new
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:  noscript                  |  Actual Points:
Parent ID:  #21728                    |         Points:
 Reviewer:                            |        Sponsor:  Sponsor27
--------------------------------------+---------------------------

Comment (by ma1):

 Replying to [comment:6 gk]:

 > Thanks, that's better. There is still the scary http: in red which
 should not be relevant for .onions either.

 If you mean the lonesome "http:" entry which is displayed on any
 http://acme.com page at your "Safer" security level, don't you think I
 should just hide it for any website (in the popup at least, if not
 NoScript's Options page)? After all, rather than downgrading the whole
 security level from the popup menu by setting "http:" to DEFAULT or
 TRUSTED, we want user to interact with the security slider, don't we?

 > Additionally, the expectation here is that onions over http:// on medium
 level security can actually run JavaScript etc. because http:// is secure
 for .onion domains They should get treated as loaded over https://. Could
 you address those two items for Tor Browser users? (I am fine opening a
 new bug for the latter if you like)

 Yes, please. On ticket #27307 someone stated that was not the goal.

 > 1) After installing it in the browser I needed to click twice on the
 NoScript icon until the page related info showed up. On first click only a
 small empty menu was visible.
 > 2) After restarting the browser it takes like 5-10 second until the
 NoScript icon gets clickable at all and CPU of my laptop gets eaten
 meanwhile. There is something computationally heavy going on in the
 background here...

 The two are likely related. Did you have many tabs opened when installing?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27313#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list