#21004: "JavaScript is disabled by default on all non-HTTPS sites" option
shouldn't
block JS on hidden services
--------------------------------------+--------------------------
Reporter: righnaw | Owner: tbb-team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-security-slider | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------+--------------------------
Comment (by micah):
This happens with Riseup's onion version of webmail (roundcube):
http://zsolxunfmbfuq7wf.onion
If you login to the site with the TBB security settings set to Medium,
javascript is disabled because it is not using https.
Either we have a way of issuing certificates for onion sites, or we should
whitelist this restriction when using onion sites, otherwise you get the
worst of both worlds :)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21004#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
[email protected]
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs
