[tor-bugs] #27307 [Applications/Tor Browser]: NoScript marks HTTP Onion as insecure
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Oct 28 09:57:05 UTC 2019
#27307: NoScript marks HTTP Onion as insecure
---------------------------------------------+--------------------------
Reporter: cypherpunks3 | Owner: tbb-team
Type: defect | Status: reopened
Priority: Low | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Minor | Resolution:
Keywords: noscript, TorBrowserTeam201910R | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
---------------------------------------------+--------------------------
Changes (by gk):
* status: closed => reopened
* keywords: noscript => noscript, TorBrowserTeam201910R
* resolution: wontfix =>
Comment:
Replying to [comment:8 ma1]:
> Replying to [comment:7 gk]:
> > There is still the scary http: in red which should not be relevant for
.onions either. Additionally, the expectation here is that onions over
http:// on medium level security can actually run JavaScript etc. because
http:// is secure for .onion domains They should get treated as loaded
over https://. Could you address those two items for Tor Browser users? (I
am fine opening a new bug for the latter if you like)
>
> Not sure if you opened another bug (if you did, sorry for the cross-
posting): I've addressed this in
https://github.com/hackademix/noscript/releases/tag/11.0.4rc15
No, I did not as I actually found an already open ticket for that: #21004.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27307#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list