Searching from about:tor cause a NoScript XSS warning popup
Using the duckduckgo search box on the about:tor page is causing a NoScript XSS warning window to open.
Activity
OK, I can see it. It's when you use the search box inside the page, not the one(s) in the browser UI, which are exempt by the XSS filter fallback warning on every cross-site POST request I had to introduce for POST scanning being disabled due to https://bugzilla.mozilla.org/show_bug.cgi?id=1532530. I'm trying to add a further exception for about:tor, but the real solution would be the aforementioned Mozilla bug (which already has a patch attached) being fixed, of course.
-
Fixed in 10.2.5, thanks.
Trac:
Status: needs_information to assigned
Owner: tbb-team to gk 
Replying to ma1:
Fixed in 10.2.5, thanks.
Thanks. This fixes the problem for me. Pushed to
master(commit aac31f8aa81a76cd33e0bfd1de2294db4ee79c1c) andmaint-8.0(commit a9c6707fcf44fa22e7e9cd806b3d3b11677e87ae) in ourtor-browser-buildrepo.ma1: Once the right fix on Mozilla's side landed I'll open a ticket to track the backport if necessary. We'll ship the next releases with that fix (either we got Mozilla to backport the fix to esr60 or we do it ourselves). Once that's done you can remove all the workarounds on your side and we are back at the status quo ante. :)
Thanks for helping us here.
Trac:
Resolution: N/A to fixed
Status: assigned to closed-
Replying to gk:
ma1: Once the right fix on Mozilla's side landed It has, half an hour ago. I had already told :robwu that a backport to ESR is very needed for the Tor Browser, but a push from your side won't harm ;)
