Opened 6 months ago

Closed 4 weeks ago

#27610 closed defect (worksforme)

NoScript is broken at .onion pages

Reported by: torbr0 Owned by: pospeselr
Priority: High Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-secruity-slider, noscript
Cc: antonela, micahlee, tbb-team, ma1 Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

When using latest Tor Browser 8.0 (Firefox 60.2.0esr) on OSX with latest NoScript (10.1.9.1) NoScript is not working properly as it can't determine domain name (detects it as http://http:). Because of this, I can not change JavaScript block settings on .onion sites and some of them work incorrectly.

Child Tickets

Attachments (1)

Screen Shot 2018-09-10 at 19.05.00.png (68.9 KB) - added by torbr0 6 months ago.

Download all attachments as: .zip

Change History (7)

Changed 6 months ago by torbr0

comment:1 Changed 6 months ago by gk

Status: newneeds_information

So, what is your use case here? You set the security slider to safest but have a onion service where you want to whitelist JavaScript on? That is working for me (just tested with http://expyuzz4wqqyqhjn.onion/ and NoScript 10.1.9.5). Could you give me steps to reproduce your issue?

comment:2 Changed 5 weeks ago by pospeselr

Cc: antonela micahflee added
Owner: changed from tbb-team to pospeselr
Status: needs_informationaccepted

It looks like we aren't including HTTP .onion sites in the set of sites we allow JS on for the 'Safer' security sliding.

See this issue in onionshare: https://github.com/micahflee/onionshare/pull/901

comment:3 Changed 5 weeks ago by boklm

Cc: tbb-team added

comment:4 Changed 5 weeks ago by micahlee

This is also a related issue: https://trac.torproject.org/projects/tor/ticket/29506

And probably it deserves its own separate issue, but when the security slider is at Safer, perhaps JavaScript should not get blocked on non-HTTPS .onion sites.

comment:5 Changed 5 weeks ago by pospeselr

Cc: micahlee added; micahflee removed

comment:6 Changed 4 weeks ago by gk

Cc: ma1 added
Keywords: tbb-secruity-slider added; browser removed
Milestone: Tor: unspecified
Resolution: worksforme
Status: acceptedclosed
Version: Tor: unspecified

pospeselr/micahlee: I think the bug you wanted was #27313. Looking at the screenshot and testing a bit I think the issue got somehow resolved, though, as I *can* adjust trust settings for HTTP onions. Not sure what went wrong in the first place, though.

Note: See TracTickets for help on using tickets.