What? Then whats the entire point of tor? Wtf?
I still don't see how JS is getting my IP, though. I'm using TOR, the browser is the TOR browser. I assume (i'm not an expert) that all connections through that browser have to hop through tor, right? So how is the JS opening the connection outside of TOR, in order to get the IP?
Not a problem with Tor. A problem with people using poorly configured web-browsers waiting to be exploited to reveal IP. I think if you download a respectable TOR package then it will have javascript disabled by default. A site really bent on security should run a javascript capability test and enforce it upon users.
TOR is a networking tunnel system. Your computer is still connected to the internet with an IP address. Not sure how many people turned on javascript or failed to turn it off. The javascript could also create cookies which could be queried elsewhere. I am not sure of specifics but cookies and javascript would be the downfall.
Again - research browser packages. Trying to set all the stuff up yourself is asking to have these exploits left open. (but might possibly save you from nefarious third-parties if the tor browser package has been compromised.)