Bug #9429: Liferea internal browser's Javascript should be disabled by default

Bug #9429

Liferea internal browser's Javascript should be disabled by default

Added by emmapeel 2015-05-19 09:26:40 . Updated 2018-08-18 11:03:30 .

Status:

Rejected

Priority:

Low

Assignee:

Category:

Target version:

Start date:

2015-05-19

Due date:

% Done:

Feature Branch:

Type of work:

Research

Blueprint:

Starter:

Affected tool:

Feed Reader

Deliverable for:

Description

Reported by user.

Liferea RSS reader comes with an internal browser. Javascript can be disabled on it, but comes enabled by default in Tails.

User claims that no RSS feed uses Javascript and that this can lead to a zeroday because the feeds don’t do TLS.

Can somebody have a look at this?

Subtasks

Related issues

Related to Tails - ~~Feature #5711~~: Persistence preset: Liferea	Rejected	2013-11-04
Related to Tails - ~~Bug #15776~~: Remove Liferea	Resolved	2018-08-09

History

#1 Updated by sajolida 2015-05-19 18:33:17

related to ~~Feature #5711~~: Persistence preset: Liferea added

#2 Updated by sajolida 2015-05-19 18:37:04

Type of work changed from Audit to Research

We’ve already discussed this issue when considering moving to Liferea 1.10.3. Our conclusion was that we should move out of Liferea and advertise Icedove for RSS feed reading. See ~~Feature #5711~~.

For the time being, the question you’re raising here might still apply if it’s possible to disable JavaScript in Liferea. So I’m marking this as a Research ticket.

Maybe we should create a ticket about getting rid of Liferea blocked by ~~Feature #5663~~ (Return to Icedove) to make sure we’re moving forward on this front as soon as possible.

#3 Updated by intrigeri 2015-05-22 16:22:03

Status changed from New to Confirmed

> Maybe we should create a ticket about getting rid of Liferea blocked by ~~Feature #5663~~ (Return to Icedove) to make sure we’re moving forward on this front as soon as possible.

I think that’s indeed what we should do, once ~~Feature #7626~~ is resolved.

#4 Updated by emmapeel 2015-05-29 09:54:06

A little more information:

I could not find a text file with the skel or default options in tails repo (maybe because of ~~Feature #5711~~), but I can see it on the graphic interface of Liferea, on Tools/Preferences/Browser/Internal Browser settings.

#5 Updated by sajolida 2016-02-08 18:50:55

Priority changed from Normal to Low

I think that low prio as we should instead focus on replacing Liferea ~~Bug #11082~~.

#6 Updated by sajolida 2016-05-09 11:36:58

Affected tool set to Feed Reader

#7 Updated by Anonymous 2018-08-18 11:02:39

related to ~~Bug #15776~~: Remove Liferea added

#8 Updated by Anonymous 2018-08-18 11:03:30

Status changed from Confirmed to Rejected

3.9 will have the deprecation wrapper + updated doc that recommends Thunderbird instead of Liferea (~~Bug #11082~~). Then as per ~~Bug #11082#note-17~~ we shall remove Liferea in 3.10 or 3.11. → rejecting.