[tor-bugs] #22699 [Applications/Tor Browser]: Use browser pref for javascript at High Security Level
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Jun 22 19:02:24 UTC 2017
#22699: Use browser pref for javascript at High Security Level
------------------------------------------+--------------------------
Reporter: mikeperry | Owner: tbb-team
Type: enhancement | Status: new
Priority: High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Keywords: tbb-security
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
------------------------------------------+--------------------------
It would be wise to set javascript.enabled to false in about:config at the
high security level, in addition to having NoScript disable scripting for
us. This should be an easy change, and there is no reason to exclusively
depend on NoScript. NoScript could miss something, especially if the e10s
transition caused a lot of upheaval.
(Similarly, Firefox could miss something, since javascript.enabled is no
longer a UI-exposed pref, so we should do both, for defense in depth.)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22699>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list