[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #24143 [Applications/Tor Browser]: Have medium security level allow JavaScript on non-HTTPS onion sites?



#24143: Have medium security level allow JavaScript on non-HTTPS onion sites?
-------------------------------------+-------------------------------------
     Reporter:  nido                 |      Owner:  tbb-team
         Type:  enhancement          |     Status:  new
     Priority:  Medium               |  Milestone:
    Component:  Applications/Tor     |    Version:
  Browser                            |   Keywords:  securitylevel
     Severity:  Normal               |  javascript onionservices
Actual Points:                       |  Parent ID:
       Points:                       |   Reviewer:
      Sponsor:                       |
-------------------------------------+-------------------------------------
 Medium security level allows JavaScript only on HTTPS sites, with no
 exception for onion sites. But is it any less secure to run JavaScript on
 an onion site (with or without HTTPS) than on a HTTPS clearnet site? (If
 so, how?) If not, wouldn't it be a good idea to allow JavaScript on all
 onion sites?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24143>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs