[tor-bugs] #17446 [Tor Browser]: Canvas image extraction prompt logic

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Nov 13 19:25:41 UTC 2015


#17446: Canvas image extraction prompt logic
-------------------------------------------------+-------------------------
 Reporter:  arthuredelstein                      |          Owner:  tbb-
     Type:  defect                               |  team
 Priority:  Medium                               |         Status:
Component:  Tor Browser                          |  needs_revision
 Severity:  Normal                               |      Milestone:
 Keywords:  tbb-fingerprinting,                  |        Version:
  PearlCrescent201511R, TorBrowserTeam201511R    |     Resolution:
Parent ID:                                       |  Actual Points:
  Sponsor:                                       |         Points:
-------------------------------------------------+-------------------------

Comment (by arthuredelstein):

 Replying to [comment:9 mcs]:
 > This mostly looks good, but I think Kathy and I missed a problem during
 our previous review. In the following code block, the test should be
 permission != nsIPermissionManager::DENY_ACTION. We want to log when the
 user has not yet made a decision (i.e., they have not responded to the
 prompt). After they choose "Never for this site" (aka DENY_ACTION) there
 is no need to log.
 > {{{
 >     } else if (permission == nsIPermissionManager::DENY_ACTION) {
 >       nsAutoCString message;
 >       message.AppendPrintf("Blocked page %s from extracting canvas
 data.",
 >                            firstPartySpec.get());
 >       if (isScriptKnown) {
 >         message.AppendPrintf(" %s:%u.",
 >                              scriptFile.get(), scriptLine);
 >       }
 >       nsContentUtils::LogMessageToConsole(message.get());
 >       return false;
 >     }
 > }}}

 Argh, sorry for screwing that up. I have fixed it now.

 > And shouldn't we log the docURI in this case also?

 Yes, I added it back in.

 > It would be good if your commit message briefly explained the purpose of
 this fixup.

 Good idea. Here's the new patch:

 https://github.com/arthuredelstein/tor-browser/commit/17446+2

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17446#comment:12>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list