[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #26670 [Applications/Tor Browser]: Cannot allow Canvas Image Extract in tbb 8.0a9
#26670: Cannot allow Canvas Image Extract in tbb 8.0a9
---------------------------------------------+-----------------------------
Reporter: Ephraim | Owner: tbb-team
Type: defect | Status:
| needs_review
Priority: High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: ff60-esr, TorBrowserTeam201808R | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
---------------------------------------------+-----------------------------
Changes (by arthuredelstein):
* keywords: ff60-esr, TorBrowserTeam201808 => ff60-esr,
TorBrowserTeam201808R
* status: needs_revision => needs_review
Comment:
Replying to [comment:12 mcs]:
> Kathy and I reviewed the patch and did some testing. The only problem we
see is that by changing the "Must belong to some other window" check in
browser.js to be based on host, canvas prompts are opened in tabs that
happen to match the host even if no canvas activity takes place there. We
tested this by opening these pages in two browser windows:
> https://people.torproject.org/~brade/tests/canvasTest.html
> https://people.torproject.org/~brade/tests/
> It would be good to fix this.
Good point -- you're right. Here's a new patch that doesn't touch the
"correct browser" check in browser.js. So I believe this version fixes the
problem.
https://github.com/arthuredelstein/tor-browser/commit/26670+1
> We also noticed that in Tor Browser the canvas permission status is not
displayed within the control center (page identity popup) like it is in
Firefox ESR60. That may be a separate issue though.
Yes, this is a bigger issue for FPI of permissions that we didn't address
in our Tor Browser patch. I think we should keep the issue separate,
because it's going to be substantial work. I hope to address it in
https://bugzilla.mozilla.org/show_bug.cgi?id=1330467.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26670#comment:13>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs