Skip to content
Commit 65a1a301 authored by Kathleen Brade's avatar Kathleen Brade Committed by Georg Koppen
Browse files

Bug #6253: Add canvas image extraction prompt. 

(See also Bug #12684, Make "Not now" default for HTML5 canvas permission dialogue,
patched by Isis Lovecruft.)

This implements a `PopupNotification` [0] which notifies users that a
website has attempted to access an HTML5 canvas. The default
ordering for buttons is:

    Not Now
    Never for this site (recommended)
    Allow in the future

 * FIXES #12684 [1] by making "Not Now" the default in the HTML5 canvas
   fingerprinting permissions dialogue.

 * Palette icons included in HTML5 canvas permissions PopupNotification UI.
   The image is freely licensed and obtainable from:
   https://openclipart.org/image/300px/svg_to_png/21620/ben_palette.png

 * Includes a CSS whitespace hack from Pearl Crescent to the
   `CanvasPermissionPromptHelper_init()` function in
   `browser/base/content/browser.js` for causing the newlines in the
   `canvas.siteprompt` string (in torbutton.git, in
   `chrome/locale/en/torbutton.properties`) to render correctly in
   PopupNotification XUL <description> elements. [2]

NOTE: Applying this patch requires an additional patch to TorButton, to
store the additional UI strings before localisation. [3]

[0]: https://mxr.mozilla.org/mozilla-esr24/source/toolkit/modules/PopupNotifications.jsm
[1]: https://bugs.torproject.org/12684
[2]: https://trac.torproject.org/projects/tor/ticket/12684#comment:21
[3]: https://github.com/isislovecruft/torbutton/commit/368e74d62df349b27cf578525c3fa15da19ccdc2

Also includes:

Bug 13021: Prompt before allowing Canvas isPointIn*() calls.

Display our data extraction prompt and implement site-specific
preferences for access to the isPointInPath() and isPointInStroke()
methods.

Bug 13439: No canvas prompt for content-callers.

Both the Inspector and PDF.js raise canvas prompts although they are no
danger as they are delivered with the browser itself and are no
untrusted content. This patch exempts both of them from canvas prompts,
too.

If calling `DescribeScriptedCaller` fails neither `scriptFile` nor
`scriptLine` are logged.
parent 47efb223
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment