[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #13439 [Tor Browser]: Inspector raises the canvas prompt when hovering over images

Subject: Re: [tor-bugs] #13439 [Tor Browser]: Inspector raises the canvas prompt when hovering over images
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Tue, 18 Nov 2014 08:27:27 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 18 Nov 2014 03:27:37 -0500
In-reply-to: <043.70c3d09dbad9e73b14c328170bbaceb5@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <043.70c3d09dbad9e73b14c328170bbaceb5@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#13439: Inspector raises the canvas prompt when hovering over images
-----------------------------+-------------------------------------
     Reporter:  dcf          |      Owner:  tbb-team
         Type:  defect       |     Status:  new
     Priority:  minor        |  Milestone:
    Component:  Tor Browser  |    Version:
   Resolution:               |   Keywords:  tbb-easy, tbb-usability
Actual Points:               |  Parent ID:
       Points:               |
-----------------------------+-------------------------------------

Comment (by gk):

 Replying to [comment:5 gacar]:
 > There was already a check for exempting `file://` URLs from canvas
 prompt in  [https://gitweb.torproject.org/tor-browser.git/blob/refs/heads
 /tor-browser-31.2.0esr-4.5-1:/content/canvas/src/CanvasUtils.cpp#l68
 `IsImageExtractionAllowed()`]. The above patch adds `resource://` URLs to
 this exemption.
 >
 > The patch should prevent prompts due to the Inspector and PDF.js, but I
 haven't had the chance to test it.

 gacar: No, that does not fix the bug. The problem is not the scheme of the
 document but rather whether the script that uses the canvas is a content
 or a chrome script. The patch we have assumes there are only content
 scripts doing that and thus just checks whether the document/website
 loaded is a chrome one or not. If not and if there is no permission to use
 the canvas yet you'll see the prompt. But apparently there are cases where
 we have a content document + a chrome script which should not result in
 the canvas warning. Thus, looking at the code you want to check for
 `resource://` in `scriptFile` or maybe there is even a better method than
 `DescribeScriptedCaller()` which would just give us a "yes/no" back if
 asked whether we have a chrome script or a content script in the
 respective situation.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13439#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #13783 [Atlas]: Remove advertised bandwidth fraction graph from Atlas
Next by Author: [tor-bugs] #13784 [Tor Browser]: HTTP authentication tokens are not removed anymore for third party requests
Previous by thread: Re: [tor-bugs] #13439 [Tor Browser]: Inspector raises the canvas prompt when hovering over images
Next by thread: Re: [tor-bugs] #13439 [Tor Browser]: Inspector raises the canvas prompt when hovering over images
Index(es):
- Author
- Thread