#22699: Use browser pref for javascript at High Security Level ------------------------------------------------+-------------------------- Reporter: mikeperry | Owner: tbb-team Type: enhancement | Status: new Priority: High | Milestone: Component: Applications/Tor Browser | Version: Severity: Normal | Resolution: Keywords: tbb-security, TorBrowserTeam201707 | Actual Points: Parent ID: | Points: Reviewer: | Sponsor: ------------------------------------------------+--------------------------
Comment (by gk): Replying to [comment:1 cypherpunks]: > And get "Temporarily allow all this page" broken? Yes, the easy change, just adding `javascript.enabled` to the slider and have it set to `false` on the highest level does not work pretty well with temporarily allowing JavaScript. What we could do, though, is trying to bind `javascript.enabled` to the slider mode AND temporary NoScript permissions: if there are no websites where JavaScript is temporarily allowed AND the slider is on the highest level then `javascript.enabled` is set to `false`. Otherwise it is set to `true`. One of the downsides with this approach, though, is that the state of a global pref (`javascript.enabled`) can now depend on domain-wide decisions (i.e. allowing JavaScript on particular domains only). That's confusing but might be okay, given that allowing scripts on the highest security level is not recommended anyway. -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22699#comment:4> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online _______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs