Tor Browser needs to handle changes in NoScript 2.6.9.8+
In NoScript 2.6.9.8, Giorgio landed several fixes for us that will result in changes to how Tor Browser interacts with NoScript. Here are the ones I'm aware of:
- We no longer need to add https: to the whitelist for the "Medium-High" security slider position due to fixes to noscript.globalHttpsWhitelist.
- Temporary permissions are no longer stored in the noscript.temp pref (which gets written to disk). Instead, they are stored in a new memory-only data structure. This means New Identity needs to change how it clears NoScript permissions.
- The pref noscript.volatilePrivatePermissions (which governs if temporary permissions are used for Private Browsing Mode) is false by default. We probably want to set it to true if disk records are disabled, but false if they are enabled. We will also need to ensure "New Identity" properly clears the permissions in both cases.
I think that is all, but we should also be sure to have people test NoScript thoroughly in the next TBBs that include NoScript 2.6.9.8+, to make sure there are no other surprise issues.