Unexpected NoScript behavior when security level is pinned using user.js
If a Tor Browser user attempts to pin the security level using
user.js (see below), Tor Browser will launch with the pinned security level, but NoScript will not respect that choice and instead retain its previous behavior. For example, if the user attempts to pin the security level to "Safest" using
- Tor Browser 9.0 and 9.0.1 (the first affected version is unknown)
- NoScript 11.0.8 (the first affected version is unknown)
- Debian 9 (stretch)
How to reproduce:
user.jsallows pinning of Tor Browser (Firefox) parameters upon launch.
- Pin the security level to "Safest". Add the line:
- Launch Tor Browser, change the security level from "Safest" to something different, then close Tor Browser.
- Launch Tor Browser again, and confirm the security level is set to "Safest".