Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 1e0716ff6245044e3a41025ffbd48a14453e849d https://github.com/WebKit/WebKit/commit/1e0716ff6245044e3a41025ffbd48a14453e849d Author: Matthew Finkel <sys...@apple.com> Date: 2023-07-28 (Fri, 28 Jul 2023)
Changed paths: M Source/WebCore/html/CanvasBase.cpp M Source/WebCore/html/CanvasBase.h M Source/WebCore/html/HTMLCanvasElement.cpp M Source/WebCore/html/canvas/CanvasRenderingContext2D.cpp M Source/WebCore/page/Quirks.cpp M Source/WebCore/page/Quirks.h M Tools/TestWebKitAPI/Tests/WebKit/AdvancedPrivacyProtections.mm Log Message: ----------- Add page-targeted quirk for Canvas2D noise injection https://bugs.webkit.org/show_bug.cgi?id=259480 rdar://107564162 Reviewed by Wenson Hsieh. fedex.com and walgreens.com rely on canvas2d fingerprinting on some sensitive pages. Sometimes the noise injection protection we introduced that protects against fingerprinting causes a login failure. In this change now we return a fixed value for the image data: URL on the relevant pages instead of returning the actual encoded image with noise. Simon is rightfully concerned that this fix is too narrow, and there are many other sites that are broken in a similar way. We'll address that further in https://bugs.webkit.org/show_bug.cgi?id=259601. * Source/WebCore/html/CanvasBase.cpp: (WebCore::CanvasBase::recordLastFillText): * Source/WebCore/html/CanvasBase.h: (WebCore::CanvasBase::lastFillText const): * Source/WebCore/html/HTMLCanvasElement.cpp: (WebCore::HTMLCanvasElement::toDataURL): * Source/WebCore/html/canvas/CanvasRenderingContext2D.cpp: (WebCore::CanvasRenderingContext2D::fillText): * Source/WebCore/page/Quirks.cpp: (WebCore::Quirks::shouldEnableCanvas2DAdvancedPrivacyProtectionQuirk const): (WebCore::Quirks::advancedPrivacyProtectionSubstituteDataURLForText const): * Source/WebCore/page/Quirks.h: * Tools/TestWebKitAPI/Tests/WebKit/AdvancedPrivacyProtections.mm: (TestWebKitAPI::TEST): Canonical link: https://commits.webkit.org/266400@main _______________________________________________ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes