torbutton issueshttps://gitlab.torproject.org/tpo/applications/torbutton/-/issues2022-05-18T23:36:08Zhttps://gitlab.torproject.org/tpo/applications/torbutton/-/issues/20744add 'media.source.enabled' only where JS is enabled in security settings2022-05-18T23:36:08ZTracadd 'media.source.enabled' only where JS is enabled in security settingsmedia source extensions (MSE)is a "specification allows JavaScript to dynamically construct media streams for <audio> and <video>"
the advances of MSE are:
Allow JavaScript to construct media streams independent of how the media is...media source extensions (MSE)is a "specification allows JavaScript to dynamically construct media streams for <audio> and <video>"
the advances of MSE are:
Allow JavaScript to construct media streams independent of how the media is fetched.
Define a splicing and buffering model that facilitates use cases like adaptive streaming, ad-insertion, time-shifting, and video editing.
Minimize the need for media parsing in JavaScript.
Leverage the browser cache as much as possible.
Provide requirements for byte stream format specifications.
Not require support for any particular media format or codec.
but as user ma1 say in legacy/trac#19200#comment:38
>As a side effect the data flow *appears* less transparent, but what we should focus on is that the JavaScript on a certain webpage has now the power to fuzz (and possibly exploit) any available HTML 5 media codec *without even touching the network*.
put from true to false in 'media.source.enabled' when using high in security settings, probably will be a good for hypothetical security
**Trac**:
**Username**: i139https://gitlab.torproject.org/tpo/applications/torbutton/-/issues/21601media.webaudio.enabled is not a thing anymore -- we should not govern it with...2020-08-21T10:50:12ZGeorg Koppenmedia.webaudio.enabled is not a thing anymore -- we should not govern it with our security sliderA cypherpunk in legacy/trac#15988 notes that `media.webaudio.enabled` is long gone but we still set it in our security slider.
We should
a) stop having that pref in our security slider settings
b) investigate whether there is a replace...A cypherpunk in legacy/trac#15988 notes that `media.webaudio.enabled` is long gone but we still set it in our security slider.
We should
a) stop having that pref in our security slider settings
b) investigate whether there is a replacement pref we should track insteadTor Browser: 10.0Georg KoppenGeorg Koppenhttps://gitlab.torproject.org/tpo/applications/torbutton/-/issues/26407Go over security slider governed preferences and update them where needed2022-05-26T01:12:55ZGeorg KoppenGo over security slider governed preferences and update them where neededWhile reviewing the patch for legacy/trac#26128 i realized there are new preferences we might to add (`javascript.options.wasm_baselinejit` and `javascript.options.wasm_ionjit` come to mind) and there might be old ones we could remove. W...While reviewing the patch for legacy/trac#26128 i realized there are new preferences we might to add (`javascript.options.wasm_baselinejit` and `javascript.options.wasm_ionjit` come to mind) and there might be old ones we could remove. We should double-check that during the ESR60 stabilization.https://gitlab.torproject.org/tpo/applications/torbutton/-/issues/27413Implement better communication between NoScript and Tor Browser2020-11-18T21:06:45ZGeorg KoppenImplement better communication between NoScript and Tor BrowserWhile preparing the Tor Browser 8 release we ran into a number of issues with communicating with NoScript and getting the Security Slider to work (legacy/trac#26520, legacy/trac#27401, legacy/trac#27411). We should implement a better app...While preparing the Tor Browser 8 release we ran into a number of issues with communicating with NoScript and getting the Security Slider to work (legacy/trac#26520, legacy/trac#27401, legacy/trac#27411). We should implement a better approach for communictaion. The currently best plan is outlined in comment:33:ticket:26520:
```
If we wanted to be absolutely sure, NoScript could be patched to listen for a "ping" and reply with a "pong". And then torbutton could repeatedly send "ping" (say, once a second) until it receives a "pong", and then proceed by sending the first updateSettings message.
```