#21923: Allowing only HTTPS JavaScript on the medium security slider level is broken -------------------------------------------------+------------------------- Reporter: gk | Owner: tbb- | team Type: defect | Status: | needs_review Priority: Very High | Milestone: Component: Applications/Tor Browser | Version: Severity: Critical | Resolution: Keywords: noscript, tbb-usability-website, | Actual Points: ff52-esr, TorBrowserTeam201704R | Parent ID: | Points: Reviewer: | Sponsor: -------------------------------------------------+-------------------------
Comment (by cypherpunks): Replying to [comment:9 ma1]: > Replying to [comment:8 cypherpunks]: > > > Didn't you guess? ;-) > > From your URL it failed with [...] > > From AMO - works. > > No, I didn't and couldn't guess: those XPI files are identical (I sinchronize them as soon as they're signed by AMO) and they both install fine on a stable Firefox. Weird. Well, it was 'Temporary load add-on for debugging' feature :) > But, can you verify the bug reported here is fixed? Hmm, how to say? Testing revealed: 1. https://check.torproject.org/?lang=en_US now is loading forever with no success (e10s), or there is OCSP failure (non-e10s). 2. reloading youtube after high->medium gives no svg, etc (not noscript- related?), second reloading works. 3. video is behind placeholder which allows video/mse, after clicking, reloading leads to error on video, because audio/mse is blocked (but no placeholder). 4. seems it was ad video, because after enabling audio/mse from menu, there is an error again, because video/mse was blocked (but no placeholder again). 5. strong feeling that that's not all ;) -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21923#comment:10> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online _______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs