Operating System: Debian GNU/Linux 10 (buster)
Tor Browser version: 11.0.6
Tor Browser Security Level: Safer
My second pet peeve with the TOR Browser Bundle (TBB) is repetitive NoScript Cross-Site Scripting (XSS) alerts. Here is a site that generates one for me:
In my experience a lot of the sites that are heavily in to Ad Revenue generate these XSS popups. This site invokes the following:
Always block document requests from https://www.hackingsalt.com to https://googleads.g.doubleclick.net
Some sites generate a series of such popups. Some generate a seemingly never-ending series. This is a long-standing problem with the NoScript that is bundled with the desktop TOR browser. Very few users complain about it, though, judging from the lack of bug reports that I can find through search engines. I don’t know why this is because the popups are extremely irksome to me. Perhaps I have a peculiar NoScript or TBB configuration.
I think every open tab has its own memory of what XSS popups have been displayed. Sites that open multiple tabs call down cascades of popups. It’s silly. And, every time I restart TOR, it loses its mind by design so there’s no persistence to the NoScript experience for anyone (else) to see.
I wish there were a straightforward way to once-and-for-all disallow such popups. Failing that, a once-and-for-the-rest-of-a-session block would be nice rather than scrolling to the OK button for each and every one.