subject:"\[tor\-bugs\] #29969 \[Applications\/Tor Browser\]\: Drag\-and\-drop search causes NoScript XSS warning"

Re: [tor-bugs] #29969 [Applications/Tor Browser]: Drag-and-drop search causes NoScript XSS warning

2019-05-31 Thread Tor Bug Tracker & Wiki

#29969: Drag-and-drop search causes NoScript XSS warning
-+--
 Reporter:  cypherpunks  |  Owner:  tbb-team
 Type:  defect   | Status:  closed
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:  fixed
 Keywords:  noscript, TorBrowserTeam201905R  |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+--
Changes (by gk):

 * status:  needs_review => closed
 * resolution:   => fixed


Comment:

 Thanks. Cherry-picked to `master` (commit
 db1ff5cb84595c0b9299d8326bc565517f926511) and `maint-8.5` (commit
 d2c1d1718bbaf892536c5fad371b46ef7acc2555).

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29969 [Applications/Tor Browser]: Drag-and-drop search causes NoScript XSS warning

2019-05-31 Thread Tor Bug Tracker & Wiki

#29969: Drag-and-drop search causes NoScript XSS warning
-+-
 Reporter:  cypherpunks  |  Owner:  tbb-team
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  noscript, TorBrowserTeam201905R  |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by acat):

 Looks good to me.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29969 [Applications/Tor Browser]: Drag-and-drop search causes NoScript XSS warning

2019-05-29 Thread Tor Bug Tracker & Wiki

#29969: Drag-and-drop search causes NoScript XSS warning
-+-
 Reporter:  cypherpunks  |  Owner:  tbb-team
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  noscript, TorBrowserTeam201905R  |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by cypherpunks):

 Bump to RC on `master`?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29969 [Applications/Tor Browser]: Drag-and-drop search causes NoScript XSS warning

2019-05-23 Thread Tor Bug Tracker & Wiki

#29969: Drag-and-drop search causes NoScript XSS warning
-+-
 Reporter:  cypherpunks  |  Owner:  tbb-team
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  noscript, TorBrowserTeam201905R  |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * keywords:  noscript, TorBrowserTeam201905 => noscript,
 TorBrowserTeam201905R
 * status:  new => needs_review


Comment:

 okay, this works for me. `bug_29969`
 (https://gitweb.torproject.org/user/gk/tor-browser-
 build.git/commit/?h=bug_29969&id=ffc98d9108cc6b420ec4cd17de475631013eecfe)
 has a fix for this bug (by bumping NoScript) for review.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29969 [Applications/Tor Browser]: Drag-and-drop search causes NoScript XSS warning

2019-05-23 Thread Tor Bug Tracker & Wiki

#29969: Drag-and-drop search causes NoScript XSS warning
+--
 Reporter:  cypherpunks |  Owner:  tbb-team
 Type:  defect  | Status:  new
 Priority:  Medium  |  Milestone:
Component:  Applications/Tor Browser|Version:
 Severity:  Normal  | Resolution:
 Keywords:  noscript, TorBrowserTeam201905  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+--

Comment (by gk):

 Replying to [comment:8 ma1]:
 > Replying to [comment:7 gk]:
 > > Yes, that's perfectly fine, thanks.
 > Sorry, I'm confused: did you already release yesterday after all?
 > Which buildID should I look for the fix? >= "20190416010130" (per
 https://bugzilla.mozilla.org/show_bug.cgi?id=1532530#c19 ) or something
 else (the 8.5 I've just been updated to has buildID="20190307010101")?
 > And I've just noticed https://developer.mozilla.org/en-US/docs/Mozilla
 /Add-ons/WebExtensions/API/runtime/getBrowserInfo now exposes an
 isTorBrowser info property, apparently because of us (look at the
 "reference" link). Since when (not in 8.5 yet, apparently)?

 We have a different buildID due to our reproducible builds. So, yes 8.5 is
 the one that needs to get out and that got out. The `isTorBrowser`
 property was wrong on MDN. Someone just added that to the wiki. Thanks for
 tjr for correcting that.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29969 [Applications/Tor Browser]: Drag-and-drop search causes NoScript XSS warning

2019-05-22 Thread Tor Bug Tracker & Wiki

#29969: Drag-and-drop search causes NoScript XSS warning
+--
 Reporter:  cypherpunks |  Owner:  tbb-team
 Type:  defect  | Status:  new
 Priority:  Medium  |  Milestone:
Component:  Applications/Tor Browser|Version:
 Severity:  Normal  | Resolution:
 Keywords:  noscript, TorBrowserTeam201905  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+--

Comment (by ma1):

 Now released as stable 10.6.2, too.
 https://github.com/hackademix/noscript/releases/tag/10.6.2

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29969 [Applications/Tor Browser]: Drag-and-drop search causes NoScript XSS warning

2019-05-22 Thread Tor Bug Tracker & Wiki

#29969: Drag-and-drop search causes NoScript XSS warning
+--
 Reporter:  cypherpunks |  Owner:  tbb-team
 Type:  defect  | Status:  new
 Priority:  Medium  |  Milestone:
Component:  Applications/Tor Browser|Version:
 Severity:  Normal  | Resolution:
 Keywords:  noscript, TorBrowserTeam201905  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+--

Comment (by ma1):

 Removed the work-around in
 https://github.com/hackademix/noscript/releases/tag/10.6.2rc2

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29969 [Applications/Tor Browser]: Drag-and-drop search causes NoScript XSS warning

2019-05-22 Thread Tor Bug Tracker & Wiki

#29969: Drag-and-drop search causes NoScript XSS warning
+--
 Reporter:  cypherpunks |  Owner:  tbb-team
 Type:  defect  | Status:  new
 Priority:  Medium  |  Milestone:
Component:  Applications/Tor Browser|Version:
 Severity:  Normal  | Resolution:
 Keywords:  noscript, TorBrowserTeam201905  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+--

Comment (by ma1):

 Replying to [comment:8 ma1]:

 > Which buildID should I look for the fix? >= "20190416010130" (per
 https://bugzilla.mozilla.org/show_bug.cgi?id=1532530#c19 ) or something
 else (the 8.5 I've just been updated to has buildID="20190307010101")?

 OK, I'll assume anybody on with an up-to-date browser don't need the work
 around anymore, and to hell the others. Removing it unconditionally...

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29969 [Applications/Tor Browser]: Drag-and-drop search causes NoScript XSS warning

2019-05-22 Thread Tor Bug Tracker & Wiki

#29969: Drag-and-drop search causes NoScript XSS warning
+--
 Reporter:  cypherpunks |  Owner:  tbb-team
 Type:  defect  | Status:  new
 Priority:  Medium  |  Milestone:
Component:  Applications/Tor Browser|Version:
 Severity:  Normal  | Resolution:
 Keywords:  noscript, TorBrowserTeam201905  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+--

Comment (by ma1):

 Replying to [comment:7 gk]:
 > Yes, that's perfectly fine, thanks.
 Sorry, I'm confused: did you already release yesterday after all?
 Which buildID should I look for the fix? >= "20190416010130" (per
 https://bugzilla.mozilla.org/show_bug.cgi?id=1532530#c19 ) or something
 else?
 And I've just noticed https://developer.mozilla.org/en-US/docs/Mozilla
 /Add-ons/WebExtensions/API/runtime/getBrowserInfo now exposes an
 isTorBrowser info property, apparently because of us (look at the
 "reference" link). Since when? Can I conditionally drop the alternate
 check on setup calls?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29969 [Applications/Tor Browser]: Drag-and-drop search causes NoScript XSS warning

2019-05-19 Thread Tor Bug Tracker & Wiki

#29969: Drag-and-drop search causes NoScript XSS warning
+--
 Reporter:  cypherpunks |  Owner:  tbb-team
 Type:  defect  | Status:  new
 Priority:  Medium  |  Milestone:
Component:  Applications/Tor Browser|Version:
 Severity:  Normal  | Resolution:
 Keywords:  noscript, TorBrowserTeam201905  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+--

Comment (by gk):

 Yes, that's perfectly fine, thanks.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29969 [Applications/Tor Browser]: Drag-and-drop search causes NoScript XSS warning

2019-05-19 Thread Tor Bug Tracker & Wiki

#29969: Drag-and-drop search causes NoScript XSS warning
+--
 Reporter:  cypherpunks |  Owner:  tbb-team
 Type:  defect  | Status:  new
 Priority:  Medium  |  Milestone:
Component:  Applications/Tor Browser|Version:
 Severity:  Normal  | Resolution:
 Keywords:  noscript, TorBrowserTeam201905  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+--

Comment (by ma1):

 Replying to [comment:5 gk]:
 > ma1: We'll get a new Tor Browser out next week with the fix for
 https://bugzilla.mozilla.org/show_bug.cgi?id=1532530. Could you prepare a
 NoScript release without the workaround that is causing so many false
 positive XSS popup warnings? Thanks!

 Of course, thanks for the heads up. Would a NoScript release on Wednesday
 work for you?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29969 [Applications/Tor Browser]: Drag-and-drop search causes NoScript XSS warning

2019-05-19 Thread Tor Bug Tracker & Wiki

#29969: Drag-and-drop search causes NoScript XSS warning
+--
 Reporter:  cypherpunks |  Owner:  tbb-team
 Type:  defect  | Status:  new
 Priority:  Medium  |  Milestone:
Component:  Applications/Tor Browser|Version:
 Severity:  Normal  | Resolution:
 Keywords:  noscript, TorBrowserTeam201905  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+--

Comment (by gk):

 ma1: We'll get a new Tor Browser out next week with the fix for
 https://bugzilla.mozilla.org/show_bug.cgi?id=1532530. Could you prepare a
 NoScript release without the workaround that is causing so many false
 positive XSS popup warnings? Thanks!

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29969 [Applications/Tor Browser]: Drag-and-drop search causes NoScript XSS warning

2019-04-30 Thread Tor Bug Tracker & Wiki

#29969: Drag-and-drop search causes NoScript XSS warning
+--
 Reporter:  cypherpunks |  Owner:  tbb-team
 Type:  defect  | Status:  new
 Priority:  Medium  |  Milestone:
Component:  Applications/Tor Browser|Version:
 Severity:  Normal  | Resolution:
 Keywords:  noscript, TorBrowserTeam201904  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+--

Comment (by gk):

 Cherry-picked the fix for bug 1532530 onto `tor-browser-60.6.1esr-8.5-1`
 (commit 30a070eefe4c881a1804690b8983db2911c2c99b) so we get it into Tor
 Browser 8.5.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29969 [Applications/Tor Browser]: Drag-and-drop search causes NoScript XSS warning

2019-04-01 Thread Tor Bug Tracker & Wiki

#29969: Drag-and-drop search causes NoScript XSS warning
+--
 Reporter:  cypherpunks |  Owner:  tbb-team
 Type:  defect  | Status:  new
 Priority:  Medium  |  Milestone:
Component:  Applications/Tor Browser|Version:
 Severity:  Normal  | Resolution:
 Keywords:  noscript, TorBrowserTeam201904  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+--
Changes (by gk):

 * cc: ma1 (added)
 * keywords:   => noscript, TorBrowserTeam201904


Comment:

 That's a fallout from working around
 https://bugzilla.mozilla.org/show_bug.cgi?id=1532530 I guess (see: #29733
 for details). We'll pick the fix for that bug up with the next release and
 then Giorgio can remove the workaround causing this bug in NoScript. I'll
 leave this bug open for tracking our inclusion of that new NoScript
 version (which should fix this issue then).

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29969 [Applications/Tor Browser]: Drag-and-drop search causes NoScript XSS warning

2019-03-31 Thread Tor Bug Tracker & Wiki

#29969: Drag-and-drop search causes NoScript XSS warning
--+--
 Reporter:  cypherpunks   |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by arma):

 I just noticed this ticket, and confirmed that indeed the behavior does
 happen as described.

 It looks like the intended behavior from the browser is that whatever text
 I drop into a tab should turn into a new search (using the default search
 engine).

 I wonder what is triggering the noscript complaint... cross-site from
 where?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #29969 [Applications/Tor Browser]: Drag-and-drop search causes NoScript XSS warning

2019-03-31 Thread Tor Bug Tracker & Wiki

#29969: Drag-and-drop search causes NoScript XSS warning
-+--
 Reporter:  cypherpunks  |  Owner:  tbb-team
 Type:  defect   | Status:  new
 Priority:  Medium   |  Component:  Applications/Tor Browser
  Version:   |   Severity:  Normal
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+--
 Select some text and drag it onto the current tab or new tab to create a
 search.

 Example warning:

 NoScript detected a potential Cross-Site Scripting attack

 from https://trac.torproject.org to https://duckduckgo.com.

 Suspicious data:

 (POST)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29969 [Applications/Tor Browser]: Drag-and-drop search causes NoScript XSS warning

Re: [tor-bugs] #29969 [Applications/Tor Browser]: Drag-and-drop search causes NoScript XSS warning

Re: [tor-bugs] #29969 [Applications/Tor Browser]: Drag-and-drop search causes NoScript XSS warning

Re: [tor-bugs] #29969 [Applications/Tor Browser]: Drag-and-drop search causes NoScript XSS warning

Re: [tor-bugs] #29969 [Applications/Tor Browser]: Drag-and-drop search causes NoScript XSS warning

Re: [tor-bugs] #29969 [Applications/Tor Browser]: Drag-and-drop search causes NoScript XSS warning

Re: [tor-bugs] #29969 [Applications/Tor Browser]: Drag-and-drop search causes NoScript XSS warning

Re: [tor-bugs] #29969 [Applications/Tor Browser]: Drag-and-drop search causes NoScript XSS warning

Re: [tor-bugs] #29969 [Applications/Tor Browser]: Drag-and-drop search causes NoScript XSS warning

Re: [tor-bugs] #29969 [Applications/Tor Browser]: Drag-and-drop search causes NoScript XSS warning

Re: [tor-bugs] #29969 [Applications/Tor Browser]: Drag-and-drop search causes NoScript XSS warning

Re: [tor-bugs] #29969 [Applications/Tor Browser]: Drag-and-drop search causes NoScript XSS warning

Re: [tor-bugs] #29969 [Applications/Tor Browser]: Drag-and-drop search causes NoScript XSS warning

Re: [tor-bugs] #29969 [Applications/Tor Browser]: Drag-and-drop search causes NoScript XSS warning

Re: [tor-bugs] #29969 [Applications/Tor Browser]: Drag-and-drop search causes NoScript XSS warning

[tor-bugs] #29969 [Applications/Tor Browser]: Drag-and-drop search causes NoScript XSS warning

16 matches

Site Navigation

Mail list logo

Footer information