[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #17446 [Tor Browser]: Canvas image extraction prompt logic
#17446: Canvas image extraction prompt logic
-------------------------------------------------+-------------------------
Reporter: arthuredelstein | Owner: tbb-
Type: defect | team
Priority: Medium | Status:
Component: Tor Browser | needs_revision
Severity: Normal | Milestone:
Keywords: tbb-fingerprinting, | Version:
PearlCrescent201511R, TorBrowserTeam201511R | Resolution:
Parent ID: | Actual Points:
Sponsor: | Points:
-------------------------------------------------+-------------------------
Changes (by mcs):
* status: needs_review => needs_revision
Comment:
This mostly looks good, but I think Kathy and I missed a problem during
our previous review. In the following code block, the test should be
permission != nsIPermissionManager::DENY_ACTION. We want to log when the
user has not yet made a decision (i.e., they have not responded to the
prompt). After they choose "Never for this site" (aka DENY_ACTION) there
is no need to log.
{{{
} else if (permission == nsIPermissionManager::DENY_ACTION) {
nsAutoCString message;
message.AppendPrintf("Blocked page %s from extracting canvas data.",
firstPartySpec.get());
if (isScriptKnown) {
message.AppendPrintf(" %s:%u.",
scriptFile.get(), scriptLine);
}
nsContentUtils::LogMessageToConsole(message.get());
return false;
}
}}}
And shouldn't we log the docURI in this case also?
It would be good if your commit message briefly explained the purpose of
this fixup.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17446#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs