Skip to content
Snippets Groups Projects
Closed (moved) NoScript's XSS popup breaks circuit display in some cases
  • View options

    • NoScript's XSS popup breaks circuit display in some cases

    • View options
    • Closed (moved) created by Georg Koppen

    Go to https://getharvest.com and sign in. After entering your credentials and sending them you'll get a NoScript XSS popup which is a false positive in this case. More importantly for this bug, though: if you go back to your window with the Harvest URL in the URL bar, clicking on the identity box does not show your circuit anymore. The whole panel is gone. This does not change either if I select the "block your request" option. The result is, one is stuck and can't change/look at the circuit even.

    Found by arma.

    Attributes

    Assignees

    None

    Labels

    TorBrowserTeam201904R component applications/tor browser owner tbb-team priority medium resolution fixed severity normal status closed tbb-circuit-display tbb-torbutton type defect

    Milestone

    None

    Dates

    Start: None

    Due: None

    Time tracking

    No estimate or time spent

    Activity

    • All activity
    • Comments only
    • History only
    • Newest first
    • Oldest first