SVG isn't blocked in Safest security setting with 8.0a9
SVG doesn't seem to be blocked in Safest security setting with 8.0a9 (Linux)
Activity
Replying to cypherpunks:
SVG doesn't seem to be blocked in Safest security setting with 8.0a9 (Linux)
What makes you believe so? Do you have an example that is blocked in Tor Browser stable but not in the alpha?
Trac:
Status: new to needs_informationReplying to gk:
Replying to cypherpunks:
SVG doesn't seem to be blocked in Safest security setting with 8.0a9 (Linux)
What makes you believe so? Do you have an example that is blocked in Tor Browser stable but not in the alpha? I just noticed that quickly while going into my Github account and trying to report an issue and I saw that the "edit" button icon was present when normally it wasn't with the stable series [I may be wrong though if Github added a png fallback, so very sorry in that case for my misleading report] (as well as the non-presence of the canvas anti-fp notification on first visit to Github, though that may be a fix in Firefox?)
Replying to cypherpunks:
Looking at
about:supportone does findsvg.in-content.enabled falseLooking at https://bugzilla.mozilla.org/show_bug.cgi?id=1216893, it looks like the correct pref name is now
svg.disabled. Does the incorrect behavior you observed disappear if you use about:config to set that pref to false?Replying to mcs:
Looking at https://bugzilla.mozilla.org/show_bug.cgi?id=1216893, it looks like the correct pref name is now
svg.disabled. Does the incorrect behavior you observed disappear if you use about:config to set that pref to false? I can confirm.What?! Again?! Now the reversed #21885 (moved). Also check for #16607 (moved).
Trac:
Keywords: N/A deleted, ff60-esr, tbb-security-slider, TorBrowserTeam201807 addedI confirmed we need to update the pref name. Here's a patch that does that:
mentioned in issue #26670 (moved)