[tbb-bugs] #26670 [Applications/Tor Browser]: Cannot allow Canvas Image Extract in tbb 8.0a9

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Aug 29 19:53:50 UTC 2018

#26670: Cannot allow Canvas Image Extract in tbb 8.0a9
 Reporter:  Ephraim                          |          Owner:  tbb-team
     Type:  defect                           |         Status:
                                             |  needs_review
 Priority:  High                             |      Milestone:
Component:  Applications/Tor Browser         |        Version:
 Severity:  Normal                           |     Resolution:
 Keywords:  ff60-esr, TorBrowserTeam201808R  |  Actual Points:
Parent ID:                                   |         Points:
 Reviewer:                                   |        Sponsor:
Changes (by arthuredelstein):

 * keywords:  ff60-esr, TorBrowserTeam201808 => ff60-esr,
 * status:  needs_revision => needs_review


 Replying to [comment:12 mcs]:
 > Kathy and I reviewed the patch and did some testing. The only problem we
 see is that by changing the "Must belong to some other window" check in
 browser.js to be based on host, canvas prompts are opened in tabs that
 happen to match the host even if no canvas activity takes place there. We
 tested this by opening these pages in two browser windows:
 >  https://people.torproject.org/~brade/tests/canvasTest.html
 >  https://people.torproject.org/~brade/tests/
 > It would be good to fix this.

 Good point -- you're right. Here's a new patch that doesn't touch the
 "correct browser" check in browser.js. So I believe this version fixes the


 > We also noticed that in Tor Browser the canvas permission status is not
 displayed within the control center (page identity popup) like it is in
 Firefox ESR60. That may be a separate issue though.

 Yes, this is a bigger issue for FPI of permissions that we didn't address
 in our Tor Browser patch. I think we should keep the issue separate,
 because it's going to be substantial work. I hope to address it in

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26670#comment:13>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list