Trust Tor Project domain in NoScript when TorButton security level is changed
Trust *.torproject.org in NoScript for first-party access when the TorButton security level is changed.
I don't know if it's possible to restrict to first-party in NoScript. It is in uMatrix. I don't know if trusting TP's sites by default could aid fingerprinting TB as TB rather than its UserAgent if, for example, a TP resource is embedded in a third-party page. On a related note, IIRC, the blog is hosted by a third-party.
Or always trust TP's onions only? https://onion.torproject.org/ Same unknown but for onion and non-onion third parties.
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information