[tbb-bugs] #22478 [Applications/Tor Browser]: Tor Browser fails to load Google Docs with security slider set to "high" (if SVG is involved) (was: Tor Browser fails to load Google Docs with security slider set to "high")

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Jul 25 14:23:43 UTC 2017 

#22478: Tor Browser fails to load Google Docs with security slider set to "high"
(if SVG is involved)
-------------------------------------------------+-------------------------
 Reporter:  teor                                 |          Owner:  tbb-
                                                 |  team
     Type:  defect                               |         Status:  closed
 Priority:  Medium                               |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:  not a
 Keywords:  tbb-security-slider, tbb-usability-  |  bug
  website                                        |  Actual Points:
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------
Changes (by gk):

 * status:  new => closed
 * resolution:   => not a bug


Comment:

 Replying to [comment:5 gk]:
 > Replying to [comment:4 teor]:
 > > Replying to [comment:3 gk]:
 > > > Replying to [comment:2 teor]:
 > > > > Replying to [comment:1 cypherpunks]:
 > > > > > I just tried it with Tor Browser 7.0a4 and I did not experience
 this issue.
 > > > >
 > > > > I think it might be latency related.
 > > > >
 > > > > I'm using Tor Browser 6.5.2 in High Security Mode (with a JS
 exception for Google Docs) on macOS from Australia.
 > > >
 > > > I see the same with this setup (not being in Australia, though). I
 suspect you are not excepting enough from your JS ban or some other high
 level setting is interfering because it works fine for me with a clean
 6.5.2 on the default security level. Could you try that scenario?
 > >
 > > Yes, this works for me on 6.5.2 when I start in Medium security mode,
 and Low security mode.
 >
 > Good.
 >
 > > So this is a NoScript bug: I expect that "Temporarily allow all this
 page" actually does allow all the scripts needed for the google docs page.
 >
 > Might be something else that is interfering on the high level. Worth
 investigating.

 Yes. The problem is not NoScript but `svg.in-content.enabled` set to
 `false`. ALlowing SVG to load and render solves this problem. But that's
 not a bug but a design decision made for the high security level.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22478#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list