[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #29957 [Applications/Tor Browser]: clicking on "click to play" media leaks URLs via NoScript on-disk preferences
#29957: clicking on "click to play" media leaks URLs via NoScript on-disk
preferences
-------------------------------------------------+-------------------------
Reporter: catalyst | Owner: tbb-
| team
Type: defect | Status:
| needs_information
Priority: High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-disk-leak, tbb-newnym, noscript | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by ma1):
Just to be clear, 11.0.27 in PBM tabs/windows does the following:
1. Disables any contextual widget (in tab-originated the popups) leading
to give permanent permissions (and therefore URLs to persisted on the
disk): therefore you can only set Temp. TRUSTED or Temp. CUSTOM (neither
TRUSTED, UNTRUSTED or permanent CUSTOM) unless that was the setting when
the UI popup has been opened
2. When unblocking a media element, the permission is always marked as
temporary and never persisted to the disk.
Of course you can still turn the temporary permissions to permanent from
the "Per-site preferences" options panel, if you really want to.
I'm not sure whether 1 is too strict for people who intentionally checked
"override Tor Browser security policies", since this would erase any
permission customization on browser restarts (as all Tor Browser windows
are incognito, right?), but it seemed a transparent middle-way to help
them not to shoot themselves in the foot. What do you think?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29957#comment:12>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs