[webkit-changes] [WebKit/WebKit] b680f8: Add general quirk for canvas2d fingerprinting

Thu, 31 Aug 2023 12:06:29 -0700 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: b680f873f60959c6077d9a9297ab933a35d7bbf4
      
https://github.com/WebKit/WebKit/commit/b680f873f60959c6077d9a9297ab933a35d7bbf4
  Author: Matthew Finkel <[email protected]>
  Date:   2023-08-31 (Thu, 31 Aug 2023)

  Changed paths:
    M Source/WTF/Scripts/Preferences/UnifiedWebPreferences.yaml
    M Source/WebCore/html/HTMLCanvasElement.cpp
    M Source/WebCore/page/Quirks.cpp
    M Source/WebCore/page/Quirks.h
    M Source/WebCore/platform/Logging.h
    M Tools/TestWebKitAPI/Tests/WebKit/AdvancedPrivacyProtections.mm

  Log Message:
  -----------
  Add general quirk for canvas2d fingerprinting
https://bugs.webkit.org/show_bug.cgi?id=260842
rdar://113039941

Reviewed by Wenson Hsieh.

In 266400@main I added a quirk for canvas fingerprinting that targeted specific
pages on two specific domains. As a follow up to that, this patch expands the
application of that quirk broadly by comparing attributes of the script instead
of looking at the specific document URL. This step is important because we know
protections against canvas fingerprinting cause breakage on some sites, and
there is likely more greater impact than we're aware at this time.

Similar to the current behavior, this patch relies on matching the last drawn
text string. In addition, it compares the dimensions of the canvas and the size
of the script. These characteristics seem sufficiently descriptive that we can
safely use them for identifying the target script.

This patch also introduces the CanvasFingerprintingQuirkEnabled preference for
controlling whether the quirk is available. It also adapts the existing API
test.

* Source/WTF/Scripts/Preferences/UnifiedWebPreferences.yaml:
* Source/WebCore/html/HTMLCanvasElement.cpp:
(WebCore::HTMLCanvasElement::toDataURL):
* Source/WebCore/page/Quirks.cpp:
(WebCore::Quirks::advancedPrivacyProtectionSubstituteDataURLForScriptWithFeatures
 const):
(WebCore::Quirks::shouldEnableCanvas2DAdvancedPrivacyProtectionQuirk const): 
Deleted.
(WebCore::Quirks::advancedPrivacyProtectionSubstituteDataURLForText const): 
Deleted.
* Source/WebCore/page/Quirks.h:
* Source/WebCore/platform/Logging.h:
* Tools/TestWebKitAPI/Tests/WebKit/AdvancedPrivacyProtections.mm:
(TestWebKitAPI::TEST):

Canonical link: https://commits.webkit.org/267513@main


_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to