diff options
author | Micah Lee <micah@micahflee.com> | 2019-05-29 19:27:21 -0700 |
---|---|---|
committer | Micah Lee <micah@micahflee.com> | 2019-05-29 19:27:21 -0700 |
commit | c3ba542ecb1aaa3e8b7b5cab4395595e184a860a (patch) | |
tree | 99e08a8154a97e75ab8f00508c3b71834db2b6ca /share | |
parent | 12392378d1c90d2bb023f0eb287948af208391cc (diff) | |
download | onionshare-c3ba542ecb1aaa3e8b7b5cab4395595e184a860a.tar.gz onionshare-c3ba542ecb1aaa3e8b7b5cab4395595e184a860a.zip |
Strip NoScript XSS warning, because the Tor Browser bug it addressed has been fixed
Diffstat (limited to 'share')
-rw-r--r-- | share/static/img/warning.png | bin | 804 -> 0 bytes | |||
-rw-r--r-- | share/static/js/receive-noscript.js | 2 | ||||
-rw-r--r-- | share/templates/receive.html | 14 | ||||
-rw-r--r-- | share/templates/receive_noscript_xss.html | 35 |
4 files changed, 0 insertions, 51 deletions
diff --git a/share/static/img/warning.png b/share/static/img/warning.png Binary files differdeleted file mode 100644 index 9be8cbaf..00000000 --- a/share/static/img/warning.png +++ /dev/null diff --git a/share/static/js/receive-noscript.js b/share/static/js/receive-noscript.js deleted file mode 100644 index 0f4ac1bc..00000000 --- a/share/static/js/receive-noscript.js +++ /dev/null @@ -1,2 +0,0 @@ -// Hide the noscript div, because our javascript is executing -document.getElementById('noscript').style.display = 'none'; diff --git a/share/templates/receive.html b/share/templates/receive.html index 23242501..59a3ebe4 100644 --- a/share/templates/receive.html +++ b/share/templates/receive.html @@ -13,19 +13,6 @@ </header> <div class="upload-wrapper"> - <!-- - We are not using a <noscript> tag because it only works when the security slider is set to - Safest, not Safer: https://trac.torproject.org/projects/tor/ticket/29506 - --> - <div id="noscript"> - <p> - <img src="{{ static_url_path }}/img/warning.png" title="Warning" /><strong>Warning:</strong> Due to a bug in Tor Browser and Firefox, uploads - sometimes never finish. To upload reliably, either set your Tor Browser - <a rel="noreferrer" target="_blank" href="https://tb-manual.torproject.org/en-US/security-slider/">security slider</a> - to Standard or - <a target="_blank" href="/noscript-xss-instructions">turn off your Tor Browser's NoScript XSS setting</a>.</p> - </div> - <p><img class="logo" src="{{ static_url_path }}/img/logo_large.png" title="OnionShare"></p> <p class="upload-header">Send Files</p> @@ -51,7 +38,6 @@ </form> </div> - <script src="{{ static_url_path }}/js/receive-noscript.js"></script> <script src="{{ static_url_path }}/js/jquery-3.4.0.min.js"></script> <script async src="{{ static_url_path }}/js/receive.js"></script> </body> diff --git a/share/templates/receive_noscript_xss.html b/share/templates/receive_noscript_xss.html deleted file mode 100644 index 84d35ba1..00000000 --- a/share/templates/receive_noscript_xss.html +++ /dev/null @@ -1,35 +0,0 @@ -<!DOCTYPE html> -<html> - <head> - <title>OnionShare</title> - <link href="{{ static_url_path }}/img/favicon.ico" rel="icon" type="image/x-icon"> - <link rel="stylesheet" rel="subresource" type="text/css" href="{{ static_url_path }}/css/style.css" media="all"> - </head> - <body> - - <header class="clearfix"> - <img class="logo" src="{{ static_url_path }}/img/logo.png" title="OnionShare"> - <h1>OnionShare</h1> - </header> - - <div class="disable-noscript-xss-wrapper"> - <h3>Disable your Tor Browser's NoScript XSS setting</h3> - - <p>If your security slider is set to Safest, JavaScript is disabled so XSS vulnerabilities won't affect you, - which makes it safe to disable NoScript's XSS protections.</p> - - <p>Here is how to disable this setting:</p> - - <ol> - <li>Click the menu icon in the top-right of Tor Browser and open "Add-ons"</li> - <li>Next to the NoScript add-on, click the "Preferences" button</li> - <li>Switch to the "Advanced" tab</li> - <li>Uncheck "Sanitize cross-site suspicious requests"</li> - </ol> - - <p>If you'd like to learn technical details about this issue, check - <a rel="noreferrer" href="https://github.com/micahflee/onionshare/issues/899">this issue</a> - on GitHub.</p> - </div> - </body> -</html> |