Skip to content
Commit 196354d7 authored by Kathleen Brade's avatar Kathleen Brade Committed by Georg Koppen
Browse files

Bug 6253: Add canvas image extraction prompt. 

    (See also Bug #12684, Make "Not now" default for HTML5 canvas permission dialogue,
    patched by Isis Lovecruft.)

    This implements a `PopupNotification` [0] which notifies users that a
    website has attempted to access an HTML5 canvas. The default
    ordering for buttons is:

     Not Now
     Never for this site (recommended)
     Allow in the future

     * FIXES #12684 [1] by making "Not Now" the default in the HTML5 canvas
       fingerprinting permissions dialogue.

     * Palette icons included in HTML5 canvas permissions PopupNotification UI.
       The image is freely licensed and obtainable from:
       https://openclipart.org/image/300px/svg_to_png/21620/ben_palette.png

     * Includes a CSS whitespace hack from Pearl Crescent to the
       `CanvasPermissionPromptHelper_init()` function in
       `browser/base/content/browser.js` for causing the newlines in the
       `canvas.siteprompt` string (in torbutton.git, in
       `chrome/locale/en/torbutton.properties`) to render correctly in
       PopupNotification XUL <description> elements. [2]

    NOTE: Applying this patch requires an additional patch to TorButton, to
    store the additional UI strings before localisation. [3]

    [0]: https://mxr.mozilla.org/mozilla-esr24/source/toolkit/modules/PopupNotifications.jsm
    [1]: https://bugs.torproject.org/12684
    [2]: https://trac.torproject.org/projects/tor/ticket/12684#comment:21
    [3]: https://github.com/isislovecruft/torbutton/commit/368e74d62df349b27cf578525c3fa15da19ccdc2

    Also includes:

    Bug 13021: Prompt before allowing Canvas isPointIn*() calls.

    Display our data extraction prompt and implement site-specific
    preferences for access to the isPointInPath() and isPointInStroke()
    methods.

    Bug 13439: No canvas prompt for content-callers.

    Both the Inspector and PDF.js raise canvas prompts although they are no
    danger as they are delivered with the browser itself and are no
    untrusted content. This patch exempts both of them from canvas prompts,
    too.

    If calling `DescribeScriptedCaller` fails neither `scriptFile` nor
    `scriptLine` are logged.

    Bug 15640: Place Canvas MediaStream behind site permission prompt.

    Bug 17446: Ensure that third parties are never able to extract canvas
    image data, even if the same domain has been given permission previously
    as a first party.

    Bug 23393: When processing the ShowCanvasPermissionPrompt message in
    the main (parent) process, avoid returning an error from the IPC
    handler if the browser element cannot be obtained. Prior to this
    change, canvas prompt requests that arrived as a tab was closing would
    generate an error, which in turn caused the main process to kill the
    content process.

    Also, refactor slightly to clarify logic of IsImageExtractionAllowed.
parent 789bad5f
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment