[webkit-changes] [WebKit/WebKit] 1e0716: Add page-targeted quirk for Canvas2D noise injection

Fri, 28 Jul 2023 14:17:13 -0700 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 1e0716ff6245044e3a41025ffbd48a14453e849d
      
https://github.com/WebKit/WebKit/commit/1e0716ff6245044e3a41025ffbd48a14453e849d
  Author: Matthew Finkel <sys...@apple.com>
  Date:   2023-07-28 (Fri, 28 Jul 2023)

  Changed paths:
    M Source/WebCore/html/CanvasBase.cpp
    M Source/WebCore/html/CanvasBase.h
    M Source/WebCore/html/HTMLCanvasElement.cpp
    M Source/WebCore/html/canvas/CanvasRenderingContext2D.cpp
    M Source/WebCore/page/Quirks.cpp
    M Source/WebCore/page/Quirks.h
    M Tools/TestWebKitAPI/Tests/WebKit/AdvancedPrivacyProtections.mm

  Log Message:
  -----------
  Add page-targeted quirk for Canvas2D noise injection
https://bugs.webkit.org/show_bug.cgi?id=259480
rdar://107564162

Reviewed by Wenson Hsieh.

fedex.com and walgreens.com rely on canvas2d fingerprinting on some sensitive
pages. Sometimes the noise injection protection we introduced that protects
against fingerprinting causes a login failure. In this change now we return a
fixed value for the image data: URL on the relevant pages instead of returning
the actual encoded image with noise.

Simon is rightfully concerned that this fix is too narrow, and there are many
other sites that are broken in a similar way. We'll address that further in
https://bugs.webkit.org/show_bug.cgi?id=259601.

* Source/WebCore/html/CanvasBase.cpp:
(WebCore::CanvasBase::recordLastFillText):
* Source/WebCore/html/CanvasBase.h:
(WebCore::CanvasBase::lastFillText const):
* Source/WebCore/html/HTMLCanvasElement.cpp:
(WebCore::HTMLCanvasElement::toDataURL):
* Source/WebCore/html/canvas/CanvasRenderingContext2D.cpp:
(WebCore::CanvasRenderingContext2D::fillText):
* Source/WebCore/page/Quirks.cpp:
(WebCore::Quirks::shouldEnableCanvas2DAdvancedPrivacyProtectionQuirk const):
(WebCore::Quirks::advancedPrivacyProtectionSubstituteDataURLForText const):
* Source/WebCore/page/Quirks.h:
* Tools/TestWebKitAPI/Tests/WebKit/AdvancedPrivacyProtections.mm:
(TestWebKitAPI::TEST):

Canonical link: https://commits.webkit.org/266400@main


_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to