[tor-bugs] #20752 [Applications/Tor Browser]: Search box with DuckDuckGo (and other search engines) is broken on security level High and Medium-High
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Nov 24 08:13:06 UTC 2016
#20752: Search box with DuckDuckGo (and other search engines) is broken on security
level High and Medium-High
--------------------------------------+--------------------------
Reporter: gk | Owner: tbb-team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------+--------------------------
Comment (by gk):
Replying to [comment:2 ma1]:
> We're investigating this here:
>
> https://forums.informaction.com/viewtopic.php?f=7&t=22296
>
> BTW, does the Tor Browser have its own customized mandatory whitelist?
If so, you should add [System+Principal] (yes, with the "+" instead of "
"), which is in NoScript's default and should fix half of the cases.
Actually, we don't have a customized whitelist. We are just using NoScript
as is in that regard. What do you mean with "which is in NoScript's
default"? If I open a clean new Firefox profile and install NoScript I get
exactly the same XSS protection exceptions as we ship in Tor Browser and
`[System+Principal]` is not among them.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20752#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list