Noscript default settings under JAR tab marked as NOT blocked are both no script domains in the box within this section and the entry at the very bottom of the JAR section titled "pattern matching sample". With default settings, wouldn't this allow a rogue exit node to hijack or control Tor client's browser sessions by faking the noscript domain with a method?
What should these default settings in the JAR section be changed to? Should the entries in these sections be highlighted and removed before Tor use? What harm is there in Noscript performance should these two sections within the JAR area of Noscript configuration be cleared or left alone with default values? *********************************************************************** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talk in the body. http://archives.seul.org/or/talk/