[tbb-bugs] #13439 [Tor Browser]: Inspector raises the canvas prompt when hovering over images

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Nov 18 08:27:27 UTC 2014

#13439: Inspector raises the canvas prompt when hovering over images
     Reporter:  dcf          |      Owner:  tbb-team
         Type:  defect       |     Status:  new
     Priority:  minor        |  Milestone:
    Component:  Tor Browser  |    Version:
   Resolution:               |   Keywords:  tbb-easy, tbb-usability
Actual Points:               |  Parent ID:
       Points:               |

Comment (by gk):

 Replying to [comment:5 gacar]:
 > There was already a check for exempting `file://` URLs from canvas
 prompt in  [https://gitweb.torproject.org/tor-browser.git/blob/refs/heads
 `IsImageExtractionAllowed()`]. The above patch adds `resource://` URLs to
 this exemption.
 > The patch should prevent prompts due to the Inspector and PDF.js, but I
 haven't had the chance to test it.

 gacar: No, that does not fix the bug. The problem is not the scheme of the
 document but rather whether the script that uses the canvas is a content
 or a chrome script. The patch we have assumes there are only content
 scripts doing that and thus just checks whether the document/website
 loaded is a chrome one or not. If not and if there is no permission to use
 the canvas yet you'll see the prompt. But apparently there are cases where
 we have a content document + a chrome script which should not result in
 the canvas warning. Thus, looking at the code you want to check for
 `resource://` in `scriptFile` or maybe there is even a better method than
 `DescribeScriptedCaller()` which would just give us a "yes/no" back if
 asked whether we have a chrome script or a content script in the
 respective situation.

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13439#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list