[tor-bugs] #17446 [Tor Browser]: Canvas image extraction prompt logic

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Nov 13 15:10:26 UTC 2015


#17446: Canvas image extraction prompt logic
-------------------------------------------------+-------------------------
 Reporter:  arthuredelstein                      |          Owner:  tbb-
     Type:  defect                               |  team
 Priority:  Medium                               |         Status:
Component:  Tor Browser                          |  needs_revision
 Severity:  Normal                               |      Milestone:
 Keywords:  tbb-fingerprinting,                  |        Version:
  PearlCrescent201511R, TorBrowserTeam201511R    |     Resolution:
Parent ID:                                       |  Actual Points:
  Sponsor:                                       |         Points:
-------------------------------------------------+-------------------------
Changes (by mcs):

 * status:  needs_review => needs_revision


Comment:

 This mostly looks good, but I think Kathy and I missed a problem during
 our previous review. In the following code block, the test should be
 permission != nsIPermissionManager::DENY_ACTION. We want to log when the
 user has not yet made a decision (i.e., they have not responded to the
 prompt). After they choose "Never for this site" (aka DENY_ACTION) there
 is no need to log.
 {{{
     } else if (permission == nsIPermissionManager::DENY_ACTION) {
       nsAutoCString message;
       message.AppendPrintf("Blocked page %s from extracting canvas data.",
                            firstPartySpec.get());
       if (isScriptKnown) {
         message.AppendPrintf(" %s:%u.",
                              scriptFile.get(), scriptLine);
       }
       nsContentUtils::LogMessageToConsole(message.get());
       return false;
     }
 }}}

 And shouldn't we log the docURI in this case also?

 It would be good if your commit message briefly explained the purpose of
 this fixup.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17446#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list