[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #26847 [Applications/Tor Browser]: Tor Browser 8.0, noscript pops up a full-browser-size window to warn me about x-site scripting

To: undisclosed-recipients: ;
Subject: Re: [tor-bugs] #26847 [Applications/Tor Browser]: Tor Browser 8.0, noscript pops up a full-browser-size window to warn me about x-site scripting
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Thu, 01 Aug 2019 18:25:52 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 01 Aug 2019 14:26:04 -0400
In-reply-to: <044.4cfebe960b25483730867cdfa7098450@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <044.4cfebe960b25483730867cdfa7098450@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#26847: Tor Browser 8.0, noscript pops up a full-browser-size window to warn me
about x-site scripting
-------------------------------------------------+-------------------------
 Reporter:  arma                                 |          Owner:  tbb-
                                                 |  team
     Type:  defect                               |         Status:  new
 Priority:  Medium                               |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  tbb-8.0-issues, tbb-regression,      |  Actual Points:
  noscript, tbb-usability                        |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------
Changes (by mikeperry):

 * keywords:  tbb-8.0-issues, tbb-regression, noscript => tbb-8.0-issues,
     tbb-regression, noscript, tbb-usability


Comment:

 Hrmm, this situation does not seem to have improved. Doubleclick is
 encoding URLs in like all of its ad query params (probably because of the
 referer field not being present for https fetches), and this is getting
 triggered multiple times all over the place. It is making many sites
 unusable for me.

 If we can't eliminate these false positives, I think we should disable
 this XSS protection, certainly by default. With as noisy as it currently
 is, I don't think it should be on unless the security level is at High.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26847#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #31498 [Core Tor/Tor]: clarify that tor's license is free software / open source
Next by Author: Re: [tor-bugs] #31467 [Applications/Tor Browser]: Switch to clang for cctools project
Previous by thread: Re: [tor-bugs] #31143 [Internal Services/Tor Sysadmin Team]: Add cohosh to ldap group snowflake
Next by thread: Re: [tor-bugs] #26847 [Applications/Tor Browser]: Tor Browser 8.0, noscript pops up a full-browser-size window to warn me about x-site scripting
Index(es):
- Author
- Thread