summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorintrigeri <intrigeri@boum.org>2015-08-30 13:54:45 +0000
committerintrigeri <intrigeri@boum.org>2015-09-16 18:02:50 +0000
commitda579e61c823771f510bbe2b439ad4763cb6421d (patch)
treea7515b64fffb7ca67efab98b416a9524aa3350cf
parent4ddbc9da61fd6a6109a311da753fe9f4c1f93aeb (diff)
Tor Browser: block JavaScript coming the news section of our website.bugfix/7023-disallow-javascript-on-our-website
This limits a little bit the attack surface that's implied by having our website as the default Tor Browser's homepage, and thus loaded by most Tails users soon after startup: a non-negligible proportion of Tor Browser security issues don't apply if JavaScript is disabled. Still, as said on https://labs.riseup.net/code/issues/7023#note-7, this is not a complete solution. Tackling this problem for real needs more research, to find a way to convey important project news to our users without having them systematically load our website. Refs: #7023
-rw-r--r--config/chroot_local-includes/etc/tor-browser/profile/preferences/0000tails.js2
1 files changed, 2 insertions, 0 deletions
diff --git a/config/chroot_local-includes/etc/tor-browser/profile/preferences/0000tails.js b/config/chroot_local-includes/etc/tor-browser/profile/preferences/0000tails.js
index 6abd1b8..62629e4 100644
--- a/config/chroot_local-includes/etc/tor-browser/profile/preferences/0000tails.js
+++ b/config/chroot_local-includes/etc/tor-browser/profile/preferences/0000tails.js
@@ -69,6 +69,8 @@ pref("noscript.forbidPlugins", true);
// Other Tails-specific NoScript preferences
pref("noscript.untrusted", "google-analytics.com");
+pref("noscript.ABE.enabled", true);
+pref("noscript.ABE.rulesets.SYSTEM", "# Prevent Internet sites from requesting LAN resources.\r\nSite LOCAL\r\nAccept from LOCAL\r\nDeny\r\n\r\n# Tails website hardening\r\nSite https://tails.boum.org/news/*\r\nSandbox # this disables JavaScript and plugins");
// Other non-Torbutton, Tails-specific prefs
pref("browser.download.dir", "/home/amnesia/Tor Browser");