Hi All,
I'm developing a patch for https://trac.torproject.org/5926, to stop the JavaScript Date object from leaking locale information. I was patching tor-browser.git C++ code, but then I noticed two files in torbutton, jshooks.js and jshooks4.js: https://gitweb.torproject.org/torbutton.git/blob/HEAD:/src/chrome/content/js... https://gitweb.torproject.org/torbutton.git/blob/HEAD:/src/chrome/content/js...
These files seem to be relevant to the patch, and I have some questions about them:
1. In jshooks.js, the series of lines that re-define the window.Date prototype, as controlled by line 72, `if(window.__tb_hook_date == true)`, is never called, as far as I can tell, because __tb_hook_date is never defined. Indeed, if that code were called, then the bug I'm working on would already be mostly fixed. Is there a reason this section of jshooks.js is being retained? Should it be re-activated or is it better for me to continue with a C++ patch?
2. jshooks4.js doesn't seem to be in use at all. Is that correct? Would it make sense to remove this file from the master branch?
3. In general, what's the approach for deciding whether to patch Mozilla C++ code vs torbutton JS code for anti-fingerprinting and similar bugs? I understand there is a desire to move more toward C++, but I'm not sure what the overall plan is.
Thanks for any insight!
Arthur