[tbb-bugs] #24143 [Applications/Tor Browser]: Have medium security level allow JavaScript on non-HTTPS onion sites?
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sat Nov 4 12:44:05 UTC 2017
#24143: Have medium security level allow JavaScript on non-HTTPS onion sites?
-------------------------------------+-------------------------------------
Reporter: nido | Owner: tbb-team
Type: enhancement | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor | Version:
Browser | Keywords: securitylevel
Severity: Normal | javascript onionservices
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
-------------------------------------+-------------------------------------
Medium security level allows JavaScript only on HTTPS sites, with no
exception for onion sites. But is it any less secure to run JavaScript on
an onion site (with or without HTTPS) than on a HTTPS clearnet site? (If
so, how?) If not, wouldn't it be a good idea to allow JavaScript on all
onion sites?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24143>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list