[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #27651 [Applications/Tor Browser]: Behaviour of NoScript varies in "privileged" sites

To: undisclosed-recipients: ;
Subject: Re: [tor-bugs] #27651 [Applications/Tor Browser]: Behaviour of NoScript varies in "privileged" sites
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Thu, 13 Sep 2018 11:18:37 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 13 Sep 2018 07:18:45 -0400
In-reply-to: <052.e0c6b5c841ddf889cb17a49354f58d9a@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <052.e0c6b5c841ddf889cb17a49354f58d9a@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#27651: Behaviour of NoScript varies in "privileged" sites
--------------------------------------+-----------------------------------
 Reporter:  cypherpunks3              |          Owner:  tbb-team
     Type:  defect                    |         Status:  needs_information
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:                            |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+-----------------------------------

Comment (by cypherpunks3):

 Replying to [comment:1 gk]:
 > No, we don't ship a custom NoScript. In which way does NoScript's
 behavior vary for restricted (not privileged) domains? What is the bug
 here?
 Currently there seem to be 2 places where this affects NS behaviour. The
 most interesting is in popup.js:
 {{{
       await include("/lib/restricted.js");
       let isRestricted = isRestrictedURL(tab.url);
       if (!isHttp || isRestricted) {
         showMessage("warning", _("privilegedPage"));
         let tempTrust = document.getElementById("temp-trust-page");
         tempTrust.disabled = true;
         return;
       }
 }}}
 > restricted (not privileged) domains
 Huh? Perhaps you meant "not privileged from the point of view of TB", but
 surely you can see the point here: even if TB doesn't consider them
 privileged, NS is still behaving as if running on Firefox, and doesn't ask
 the browser it simply looks up in a list of hardcoded domains. So maybe
 now the variance is not very troubling, but what about tomorrow?

 Also calling the domain "restricted" instead of privileged is exactly
 backwards, is not the site that is restricted, but NoScript!

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27651#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #27651 [Applications/Tor Browser]: Behaviour of NoScript varies in "privileged" sites
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #27861 [Core Tor/Tor]: Tor 0.3.5.2-alpha-dev c82163dff468443d Bug in tor_assertion_failed_()
Next by Author: Re: [tor-bugs] #27696 [Applications/Tor Browser]: unable to open browser
Previous by thread: Re: [tor-bugs] #27651 [Applications/Tor Browser]: Behaviour of NoScript varies in "privileged" sites
Next by thread: Re: [tor-bugs] #27651 [Applications/Tor Browser]: Behaviour of NoScript varies in "privileged" sites
Index(es):
- Author
- Thread