[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-bugs] #22699 [Applications/Tor Browser]: Use browser pref for javascript at High Security Level
#22699: Use browser pref for javascript at High Security Level
------------------------------------------+--------------------------
Reporter: mikeperry | Owner: tbb-team
Type: enhancement | Status: new
Priority: High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Keywords: tbb-security
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
------------------------------------------+--------------------------
It would be wise to set javascript.enabled to false in about:config at the
high security level, in addition to having NoScript disable scripting for
us. This should be an easy change, and there is no reason to exclusively
depend on NoScript. NoScript could miss something, especially if the e10s
transition caused a lot of upheaval.
(Similarly, Firefox could miss something, since javascript.enabled is no
longer a UI-exposed pref, so we should do both, for defense in depth.)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22699>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs