NoScript is broken at .onion pages
When using latest Tor Browser 8.0 (Firefox 60.2.0esr) on OSX with latest NoScript (10.1.9.1) NoScript is not working properly as it can't determine domain name (detects it as http://http:). Because of this, I can not change JavaScript block settings on .onion sites and some of them work incorrectly.
Trac:
Username: torbr0
Activity
So, what is your use case here? You set the security slider to safest but have a onion service where you want to whitelist JavaScript on? That is working for me (just tested with http://expyuzz4wqqyqhjn.onion/ and NoScript 10.1.9.5). Could you give me steps to reproduce your issue?
Trac:
Status: new to needs_information
It looks like we aren't including HTTP .onion sites in the set of sites we allow JS on for the 'Safer' security sliding.
See this issue in onionshare: https://github.com/micahflee/onionshare/pull/901
Trac:
Owner: tbb-team to pospeselr
Status: needs_information to accepted
Cc: N/A to antonela, micahflee
This is also a related issue: https://trac.torproject.org/projects/tor/ticket/29506
And probably it deserves its own separate issue, but when the security slider is at Safer, perhaps JavaScript should not get blocked on non-HTTPS .onion sites.
-
pospeselr/micahlee: I think the bug you wanted was #27313 (moved). Looking at the screenshot and testing a bit I think the issue got somehow resolved, though, as I can adjust trust settings for HTTP onions. Not sure what went wrong in the first place, though.
Trac:
Resolution: N/A to worksforme
Milestone: Tor: unspecified to N/A
Keywords: browser noscript deleted, noscript, tbb-secruity-slider added
Status: accepted to closed
Cc: antonela, micahlee, tbb-team to antonela, micahlee, tbb-team, ma1
Version: Tor: unspecified to N/A
