[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #22699 [Applications/Tor Browser]: Use browser pref for javascript at High Security Level

Subject: Re: [tor-bugs] #22699 [Applications/Tor Browser]: Use browser pref for javascript at High Security Level
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Tue, 25 Jul 2017 13:52:00 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 25 Jul 2017 09:52:12 -0400
In-reply-to: <049.d60c6defb26cac371feb0d02d11375fd@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <049.d60c6defb26cac371feb0d02d11375fd@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#22699: Use browser pref for javascript at High Security Level
------------------------------------------------+--------------------------
 Reporter:  mikeperry                           |          Owner:  tbb-team
     Type:  enhancement                         |         Status:  new
 Priority:  High                                |      Milestone:
Component:  Applications/Tor Browser            |        Version:
 Severity:  Normal                              |     Resolution:
 Keywords:  tbb-security, TorBrowserTeam201707  |  Actual Points:
Parent ID:                                      |         Points:
 Reviewer:                                      |        Sponsor:
------------------------------------------------+--------------------------

Comment (by gk):

 Replying to [comment:1 cypherpunks]:
 > And get "Temporarily allow all this page" broken?

 Yes, the easy change, just adding `javascript.enabled` to the slider and
 have it set to `false` on the highest level does not work pretty well with
 temporarily allowing JavaScript.

 What we could do, though, is trying to bind `javascript.enabled` to the
 slider mode AND temporary NoScript permissions: if there are no websites
 where JavaScript is temporarily allowed AND the slider is on the highest
 level then `javascript.enabled` is set to `false`. Otherwise it is set to
 `true`. One of the downsides with this approach, though, is that the state
 of a global pref (`javascript.enabled`) can now depend on domain-wide
 decisions (i.e. allowing JavaScript on particular domains only). That's
 confusing but might be okay, given that allowing scripts on the highest
 security level is not recommended anyway.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22699#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #22073 [Applications/Tor Browser]: Disable GetAddons pane on about:addons
Next by Author: Re: [tor-bugs] #22866 [Applications/Tor Browser]: Default language
Previous by thread: Re: [tor-bugs] #23030 [Core Tor/Tor]: Review coverity build warnings
Next by thread: Re: [tor-bugs] #22478 [Applications/Tor Browser]: Tor Browser fails to load Google Docs with security slider set to "high" (if SVG is involved) (was: Tor Browser fails to load Google Docs with security slider set to "high")
Index(es):
- Author
- Thread