#30570: Implement per-site security settings support
 Reporter:  gk                                   |          Owner:
                                                 |  pospeselr
     Type:  enhancement                          |         Status:
                                                 |  assigned
 Priority:  High                                 |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  ux-team, tbb-9.5,                    |  Actual Points:
  TorBrowserTeam202001                           |
Parent ID:  #25658                               |         Points:  10
 Reviewer:                                       |        Sponsor:
                                                 |  Sponsor9

Comment (by ma1):

 I've received a private email by pospeselr and latest update to this
 ticket about at the same time, and realized I've missed some history and
 context in the past weeks

 He had written:

 > if I enable scripts while visiting foo.com as the first
 > party, all the child scripts would also be enabled, but only when they
 > are in the foo.com context. A subsequent visit to baz.com should not
 > have scripts enabled for it or any of its included 3rd parties.

 This looks much like the "Cascade top document permissions to
 subresources" settings in NoScript classic, and it's worth implementing

 I could make it even more granular by turning it into a "cascade" meta-
 capability (like "webgl", "fetch", "ping"...) which can be configured per-
 preset (e.g. for TRUSTED) or customized per-site in CUSTOM.

 How does this sound?

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30570#comment:17>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
tor-bugs mailing list

Reply via email to