[tor-bugs] #17637 [Tor Browser]: NoScript in Tor-Browser allows all third party domains
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Nov 19 20:59:40 UTC 2015
#17637: NoScript in Tor-Browser allows all third party domains
----------------------------------+----------------------------
Reporter: ctbu | Owner: tbb-team
Type: defect | Status: closed
Priority: Medium | Milestone:
Component: Tor Browser | Version:
Severity: Normal | Resolution: worksforme
Keywords: Tor-Browser NoScript | Actual Points:
Parent ID: | Points:
Sponsor: |
----------------------------------+----------------------------
Changes (by ctbu):
* status: needs_information => closed
* resolution: => worksforme
Comment:
After going through all the options I finally found the setting to correct
this behavior.
Under Options->Advanced->Trusted untick "Cascade top document's
permissions to 3rd party scripts'.
Now every subdomain can be allowed/disallowed individually. This should be
the default behavior.
This setting should not be checked by default out of convenience. The Tor
Homepage encourages the user to not just trust on Tor to magically
anonymize his traffic, but to actively read up on the material and change
his browsing behavior. Therefore, the user should also engage himself in
handling NoScript.
PS:
I also noticed that NoScript is initially deactivated in Tor-Browser.
Maybe this should also be changed in upcoming releases.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17637#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list