Tor browser runs JS in Safest Mode + missing NoScript completely

I tried using the ‘torbrowser-launcher’ package to get Tor Browser and to my surprise, while HTTPS Everywhere addon is installed and appears to be visible in the Extensions list and working fine…

NoScript is absolutely nowhere to be found!

I even tried switching to Safest Mode. Nope. Not appearing. Javascript is fetched and running!

I even tried visiting a page with some media. Nope. Nothing to block it.

I looked at the TorProject’s Release Notes to see if the they removed NoScript. Nope. They said they upgraded it to the latest.

Is anyone having the same serious problem?

Hey, if you want to disable JS on tor, you can access to about:config and set javascript.enabled to false.

I don’t have too NoScript.

Thanks, but that is not a replacement for having NoScript.

So NoScript is not on your setup either? This is actually pretty serious then.

This issue on the tor browser build gitlab seems relevant: Update noscript URL (#40484) · Issues · The Tor Project / Applications / tor-browser-build · GitLab

if i remember correctly,the last time i used a Tor browser,i had to click on an empty space on the toolbar and choose “Customize”, and then drag the Noscript icon to the tool bar.
(if you want it to be visible and interact with it)

but @Hanzel link do point to a very recent bug report,so it might be that.

1 Like

I recall the same experience. I’m working on a aarch64 system for a few day’s, no way to check/verify, there is no aarch64 tor browser that the project supports to check with.

1 Like

Thanks, I thought that NoScript addon was “packaged” with Tor Browser. Its unclear what the dev meant by “we” in “URL we use for downloading noscript” but Tor browser may only package “settings” for the addons and not addons themselves??

Wonder how the URL for HTTPS Everywhere addon got updated, that one works fine.

Another instance of Tor Browser that I run is supposedly up-to-date and has NoScript.

Yep. Love how everyone still does this to toggle only the minimal javascript possible. Hahaha.

NoScript has had a slightly more minimalist look today. The options itself could still look better, but not complaining.

I use UBlock to emulate TAILS sometimes.

The Block Cloudflare MITM Attack addon is now available from Mozilla too which is good. It could use some work to eliminate any possible fingerprinting issues though. Adding an alert border to websites is a no-no because borders change the size of div which can be reported via CSS, and I’m not sure dropping the connection immediately at the first sighting of the cf-ray in the response header is good behavior.

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.