Noscript default settings under JAR tab marked as NOT blocked are both no 
script domains in the box within this section and the entry at the very bottom 
of the JAR section titled "pattern matching sample". With default settings, 
wouldn't this allow a rogue exit node to hijack or control Tor client's browser 
sessions by faking the noscript domain with a method?

What should these default settings in the JAR section be changed to? Should the 
entries in these sections be highlighted and removed before Tor use? What harm 
is there in Noscript performance should these two sections within the JAR area 
of Noscript configuration be cleared or left alone with default values?
***********************************************************************
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/

Reply via email to