[tor-bugs] #30570 [Applications/Tor Browser]: Implement per-site security settings support

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Jan 15 00:04:11 UTC 2020


#30570: Implement per-site security settings support
-------------------------------------------------+-------------------------
 Reporter:  gk                                   |          Owner:
                                                 |  pospeselr
     Type:  enhancement                          |         Status:
                                                 |  assigned
 Priority:  High                                 |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  ux-team, tbb-9.5,                    |  Actual Points:
  TorBrowserTeam202001                           |
Parent ID:  #25658                               |         Points:  10
 Reviewer:                                       |        Sponsor:
                                                 |  Sponsor9
-------------------------------------------------+-------------------------

Comment (by ma1):

 I've received a private email by pospeselr and latest update to this
 ticket about at the same time, and realized I've missed some history and
 context in the past weeks

 He had written:

 > if I enable scripts while visiting foo.com as the first
 > party, all the child scripts would also be enabled, but only when they
 > are in the foo.com context. A subsequent visit to baz.com should not
 > have scripts enabled for it or any of its included 3rd parties.

 This looks much like the "Cascade top document permissions to
 subresources" settings in NoScript classic, and it's worth implementing
 indeed.

 I could make it even more granular by turning it into a "cascade" meta-
 capability (like "webgl", "fetch", "ping"...) which can be configured per-
 preset (e.g. for TRUSTED) or customized per-site in CUSTOM.

 How does this sound?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30570#comment:17>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list