Skip to content

Determine whether noscript_persist users need to have their NoScript settings migrated

A while ago, #27175 (closed) introduced a hidden preference extensions.torbutton.noscript_persist which prevents Tor Browser from sending security level settings to the NoScript addon at startup. If the user changes their security level mid-session (rather than in prefs.js) then the settings will be sent once in response to this, but after that point will be in the same position.

As a result, if we have ever changed the settings we send to NoScript, this would not have been updated for such users. E.g. we add a new NoScript setting, such users would not have the new setting sent to NoScript until they change their security level, which may have been never.

So the question is:

  1. Have we ever adjusted the settings sent to NoScript since extensions.torbutton.noscript_persist was first introduced?
  2. If yes, do we need to migrate these users? Can we do it in a way that doesn't break other persistent NoScript settings.
  3. If no, we should at least add a note to the SecurityLevel.sys.mjs module to describing this limitation so that it will be addressed if we ever need to adjust NoScript settings in the future.

/cc @ma1

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information