[tbb-bugs] #25214 [Applications/Tor Browser]: Canvas data extraction should be allowed when *local* pdf.js is invoked
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Feb 12 00:19:09 UTC 2018
#25214: Canvas data extraction should be allowed when *local* pdf.js is invoked
------------------------------------------+----------------------
Reporter: cypherpunks | Owner: tbb-team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
------------------------------------------+----------------------
How to reproduce the issue:
(1) Go to the following URL:
`https://web.archive.org/web/20180211235741/https://research.torproject.org/techreports
/tbb-forensic-analysis-2013-06-28.pdf`
(2) Click on the "Toggle Sidebar" button, as in here:
[[Image(https://web.archive.org/web/20180212001338if_/https://prod-
cdn.sumo.mozilla.net/uploads/images/2017-10-06-11-30-23-a9c34c.png)]]
(3) The thumbnails are empty, and in the browser console: `Blocked
https://web.archive.org/web/20180211235741if_/https://research.torproject.org/techreports
/tbb-forensic-analysis-2013-06-28.pdf in page
https://web.archive.org/web/20180211235741/https://research.torproject.org/techreports
/tbb-forensic-analysis-2013-06-28.pdf from extracting canvas data.
resource://pdf.js/web/viewer.js:3311.`
Note that it's the local `resource://pdf.js/web/viewer.js` that is invoked
and not some bundled pdf.js.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/25214>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list