[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #20366 [Applications/Tor Browser]: NoScript allows all 3rd party scripts when base domain is blocked

Subject: Re: [tor-bugs] #20366 [Applications/Tor Browser]: NoScript allows all 3rd party scripts when base domain is blocked
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Tue, 08 Nov 2016 15:37:24 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 08 Nov 2016 10:37:31 -0500
In-reply-to: <045.2c58f1a24cb8f836028c586707b16975@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <045.2c58f1a24cb8f836028c586707b16975@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#20366: NoScript allows all 3rd party scripts when base domain is blocked
------------------------------------------+-------------------------
 Reporter:  joebt                         |          Owner:
     Type:  defect                        |         Status:  closed
 Priority:  Medium                        |      Milestone:
Component:  Applications/Tor Browser      |        Version:
 Severity:  Normal                        |     Resolution:  invalid
 Keywords:  NoScript, Cascade, 3rd party  |  Actual Points:
Parent ID:                                |         Points:
 Reviewer:                                |        Sponsor:
------------------------------------------+-------------------------

Comment (by joebt):

 I didn't discuss it directly with Giorgio, but NoScript forum's long time
 main moderator, barbaz, claimed this feature  "Cascade top document's
 permissions...." was introduced at Tor devs' request.

 I haven't confirmed that. If true, one question is, was this behavior
 under a specific condition what Tor Project wanted or even considered?
 Whether if a base domain is blocked, all 3rd party sites should be
 '''shown''' as allowed or blocked.

 When base domain is blocked, not sure if allowed 3rd party sites / scripts
 would '''ever''' under any circumstance be able to execute under NS or
 TBB.  Key phrase is "ever under any circumstance," vs. "probably won't."

 Barbaz gave no real explanation - why or when the described behavior would
 be desirable or expected by most users.

 Even if 3rd party scripts could '''never''' execute when a base domain is
 blocked, showing them as "allowed" is probably disconcerting and not what
 users prefer to see.  Far less significant GUI quirks than this have been
 fixed.

 If enabling some TBB / Tor Button option made it incorrectly show "You are
 NOT connected to Tor network," most users wouldn't want to  ignore that as
 just a quirk.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20366#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #20754 [Applications/Tor Browser]: gmail.com and youtube.com aren't obeying first-party isolation
Next by Author: Re: [tor-bugs] #20836 [User Experience/Website]: Remove note about already fixed tickets in faq (was: Remove note about already fixed #8641)
Previous by thread: Re: [tor-bugs] #20366 [Applications/Tor Browser]: NoScript allows all 3rd party scripts when base domain is blocked
Next by thread: Re: [tor-bugs] #20366 [Applications/Tor Browser]: NoScript allows all 3rd party scripts when base domain is blocked
Index(es):
- Author
- Thread