[tbb-bugs] #17446 [Tor Browser]: Canvas image extraction prompt logic
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Nov 13 19:25:41 UTC 2015
#17446: Canvas image extraction prompt logic
-------------------------------------------------+-------------------------
Reporter: arthuredelstein | Owner: tbb-
Type: defect | team
Priority: Medium | Status:
Component: Tor Browser | needs_revision
Severity: Normal | Milestone:
Keywords: tbb-fingerprinting, | Version:
PearlCrescent201511R, TorBrowserTeam201511R | Resolution:
Parent ID: | Actual Points:
Sponsor: | Points:
-------------------------------------------------+-------------------------
Comment (by arthuredelstein):
Replying to [comment:9 mcs]:
> This mostly looks good, but I think Kathy and I missed a problem during
our previous review. In the following code block, the test should be
permission != nsIPermissionManager::DENY_ACTION. We want to log when the
user has not yet made a decision (i.e., they have not responded to the
prompt). After they choose "Never for this site" (aka DENY_ACTION) there
is no need to log.
> {{{
> } else if (permission == nsIPermissionManager::DENY_ACTION) {
> nsAutoCString message;
> message.AppendPrintf("Blocked page %s from extracting canvas
data.",
> firstPartySpec.get());
> if (isScriptKnown) {
> message.AppendPrintf(" %s:%u.",
> scriptFile.get(), scriptLine);
> }
> nsContentUtils::LogMessageToConsole(message.get());
> return false;
> }
> }}}
Argh, sorry for screwing that up. I have fixed it now.
> And shouldn't we log the docURI in this case also?
Yes, I added it back in.
> It would be good if your commit message briefly explained the purpose of
this fixup.
Good idea. Here's the new patch:
https://github.com/arthuredelstein/tor-browser/commit/17446+2
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17446#comment:12>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list