It seems since the NoScript update to 2.9.5 searching with DuckDuckGo and other engines (like StartPage) is broken if the security slider is set to "Medium-High" or "High". NoScripts XSS filter starts interfering:
[NoScript XSS] Sanitized suspicious upload to [https://duckduckgo.com/html] from [[System Principal]]: transformed into a download-only GET request.
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Child items ...
Show closed items
Linked items 0
Link issues together to show that they're related.
Learn more.
BTW, does the Tor Browser have its own customized mandatory whitelist? If so, you should add [System+Principal] (yes, with the "+" instead of " "), which is in NoScript's default and should fix half of the cases.
The other half affects Gecko < 52 and we're looking for a work-around.
BTW, does the Tor Browser have its own customized mandatory whitelist? If so, you should add [System+Principal] (yes, with the "+" instead of " "), which is in NoScript's default and should fix half of the cases.
Actually, we don't have a customized whitelist. We are just using NoScript as is in that regard. What do you mean with "which is in NoScript's default"? If I open a clean new Firefox profile and install NoScript I get exactly the same XSS protection exceptions as we ship in Tor Browser and [System+Principal] is not among them.
FWIW: using the location bar or the search bar + having a new tab open works even with the slider level set to Medium-High or High. (Just as another workaround)
I added as work around the XSS Exceptions but I still get XSS Errors when try to load the second/third/... page of search results on startpage.com.
[NoScript XSS] Sanitized suspicious upload to [https://s1-us2.startpage.com/do/search] from [https://www.startpage.com/do/search]: transformed into a download-only GET request.