Skip to content
GitLab
Projects Groups Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
  • Tor Browser Tor Browser
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 830
    • Issues 830
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 6
    • Merge requests 6
  • Deployments
    • Deployments
    • Releases
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • Repository
  • Wiki
    • Wiki
  • Activity
  • Graph
  • Create a new issue
  • Commits
  • Issue Boards
Collapse sidebar
  • The Tor Project
  • Applications
  • Tor BrowserTor Browser
  • Issues
  • #22699
Closed
Open
Issue created Jun 22, 2017 by Mike Perry@mikeperryDeveloper

Use browser pref for javascript at High Security Level

It would be wise to set javascript.enabled to false in about:config at the high security level, in addition to having NoScript disable scripting for us. This should be an easy change, and there is no reason to exclusively depend on NoScript. NoScript could miss something, especially if the e10s transition caused a lot of upheaval.

(Similarly, Firefox could miss something, since javascript.enabled is no longer a UI-exposed pref, so we should do both, for defense in depth.)

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Time tracking