[tor-bugs] #27313 [Applications/Tor Browser]: Help NoScript marking HTTP .onions as secure

Wed Oct 9 13:43:09 UTC 2019

#27313: Help NoScript marking HTTP .onions as secure
--------------------------------------+---------------------------
 Reporter:  gk                        |          Owner:  tbb-team
     Type:  enhancement               |         Status:  new
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:  noscript                  |  Actual Points:
Parent ID:  #21728                    |         Points:
 Reviewer:                            |        Sponsor:  Sponsor27
--------------------------------------+---------------------------

Comment (by gk):

 Blech, commented on the wrong ticket:

 Thanks, that's better. There is still the scary http: in red which should
 not be relevant for .onions either. Additionally, the expectation here is
 that onions over http:// on medium level security can actually run
 JavaScript etc. because http:// is secure for .onion domains They should
 get treated as loaded over https://. Could you address those two items for
 Tor Browser users? (I am fine opening a new bug for the latter if you
 like)

 A general note, while testing rc11:

 1) After installing it in the browser I needed to click twice on the
 NoScript icon until the page related info showed up. On first click only a
 small empty menu was visible.
 2) After restarting the browser it takes like 5-10 second until the
 NoScript icon gets clickable at all and CPU of my laptop gets eaten
 meanwhile. There is something computationally heavy going on in the
 background here...

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27313#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online