[tor-bugs] #27307 [Applications/Tor Browser]: NoScript marks HTTP Onion as insecure

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Oct 29 13:35:52 UTC 2019 

#27307: NoScript marks HTTP Onion as insecure
---------------------------------------------+--------------------------
 Reporter:  cypherpunks3                     |          Owner:  tbb-team
     Type:  defect                           |         Status:  reopened
 Priority:  Low                              |      Milestone:
Component:  Applications/Tor Browser         |        Version:
 Severity:  Minor                            |     Resolution:
 Keywords:  noscript, TorBrowserTeam201910R  |  Actual Points:
Parent ID:  #21728                           |         Points:
 Reviewer:                                   |        Sponsor:
---------------------------------------------+--------------------------

Comment (by gk):

 Replying to [comment:8 ma1]:
 > Replying to [comment:7 gk]:
 > > There is still the scary http: in red which should not be relevant for
 .onions either. Additionally, the expectation here is that onions over
 http:// on medium level security can actually run JavaScript etc. because
 http:// is secure for .onion domains They should get treated as loaded
 over https://. Could you address those two items for Tor Browser users? (I
 am fine opening a new bug for the latter if you like)
 >
 > Not sure if you opened another bug (if you did, sorry for the cross-
 posting): I've addressed this in
 https://github.com/hackademix/noscript/releases/tag/11.0.4rc15

 Seems to work nicely, thanks! FWIW: I can still see the problem mentioned
 in comment:9:ticket:27313 that the NoScript settings show only up every
 other time after updating the NoScript version in the browser. Pasting
 here my STR for convenience:

 Here is what I did
 1) Take a Tor Browser 9.5a1 (​https://www.torproject.org/download/alpha/)
 (I took a sv-SE one).
 2) Open this ticket
 3) Open in a new tab the link to rc15
 4) Install rc11 into Tor Browser
 5) Add the NoScript button to the toolbar
 6) The bug as described is visible: the NoScript menu contents are shown
 only every other click on the icon (otherwise the menu is empty). A
 restart seems to fix that, though.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27307#comment:11>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list