[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Tor browser 9.0.7 is broken



On Tue, 24 Mar 2020, Robin Lee wrote:

> Hi
> 
> I just updated to Tor browser 9.0.7 and now any site that I've given
> javascript permission to no longer works! For example I go to 
> https://protonirockerxow.onion and the website says I should enable
> javascript, but I already added this site to the ones that can send
> javascript and Tor browser tells me that it has blocked 0 items.

Tor Browser 9.0.7 is now disabling javascript completely when selecting
the Safest security level, which also prevents using noscript to allow
some javascript to run:
https://blog.torproject.org/new-release-tor-browser-907

The reason we did this change is that a bug in Firefox ESR might allow
bypassing Noscript. Although Noscript now includes some workarounds to
prevent that from happenning, but we don't know if that is enough.

If you want to allow javascript on a specific website, I think there
are two main options:

 - set javascript.enabled and use noscript configuration to allow
   javascript on some specific website, and accept the risk that some
   other website might be able to bypass noscript.

 - change the security level before visiting the website where you want
   javascript. But also remember that the security level applies to all
   open tabs, so you should not forget to change it back to Safest
   before visiting other websites.

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk