[tor-bugs] #30624 [Applications/Tor Browser]: Disable NoScript's XSS protection to avoid the whole computer freezing
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sun May 26 07:39:19 UTC 2019
#30624: Disable NoScript's XSS protection to avoid the whole computer freezing
-------------------------------------------------+-------------------------
Reporter: gk | Owner: tbb-
| team
Type: defect | Status: new
Priority: Very High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: TorBrowserTeam201905, | Actual Points:
GeorgKoppen201905 |
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by ma1):
NVM, I managed to reproduce. It freezes the browser for a few seconds on
8.5 (where browser.webextensions.remote is false) while the firefox.real
process gets 100% CPU.
What's more annoying, it appears to affect more than just the browser on
my Ubuntu box if I turn browser.webextensions.remote to true, which is
counterintuitive (the extension should be doing its thing in its own
process while the facebook HTTP subrequest is suspended) but might be due
to some kind of IPC bug: this time nothing really freeze, but again for a
few seconds other application become sluggish as well while a
WebExtensions process takes 100% CPU.
Do Tor Browser 9.0 have browser.webextensions.remote set to false or true?
Either way, since it's already executed asyncronously, I wanna try
breaking the main InjectionChecker loop into time-capped chunks (e.g.
100ms max) which give the CPU back periodically on these very costly to
analyze payload, and possibly (but it might not be necessary) move the
whole in a dedicated worker.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30624#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list