[webkit-changes] [WebKit/WebKit] 1e0716: Add page-targeted quirk for Canvas2D noise injection

Matthew Finkel noreply at github.com
Fri Jul 28 14:16:53 PDT 2023 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 1e0716ff6245044e3a41025ffbd48a14453e849d
      https://github.com/WebKit/WebKit/commit/1e0716ff6245044e3a41025ffbd48a14453e849d
  Author: Matthew Finkel <sysrqb at apple.com>
  Date:   2023-07-28 (Fri, 28 Jul 2023)

  Changed paths:
    M Source/WebCore/html/CanvasBase.cpp
    M Source/WebCore/html/CanvasBase.h
    M Source/WebCore/html/HTMLCanvasElement.cpp
    M Source/WebCore/html/canvas/CanvasRenderingContext2D.cpp
    M Source/WebCore/page/Quirks.cpp
    M Source/WebCore/page/Quirks.h
    M Tools/TestWebKitAPI/Tests/WebKit/AdvancedPrivacyProtections.mm

  Log Message:
  -----------
  Add page-targeted quirk for Canvas2D noise injection
https://bugs.webkit.org/show_bug.cgi?id=259480
rdar://107564162

Reviewed by Wenson Hsieh.

fedex.com and walgreens.com rely on canvas2d fingerprinting on some sensitive
pages. Sometimes the noise injection protection we introduced that protects
against fingerprinting causes a login failure. In this change now we return a
fixed value for the image data: URL on the relevant pages instead of returning
the actual encoded image with noise.

Simon is rightfully concerned that this fix is too narrow, and there are many
other sites that are broken in a similar way. We'll address that further in
https://bugs.webkit.org/show_bug.cgi?id=259601.

* Source/WebCore/html/CanvasBase.cpp:
(WebCore::CanvasBase::recordLastFillText):
* Source/WebCore/html/CanvasBase.h:
(WebCore::CanvasBase::lastFillText const):
* Source/WebCore/html/HTMLCanvasElement.cpp:
(WebCore::HTMLCanvasElement::toDataURL):
* Source/WebCore/html/canvas/CanvasRenderingContext2D.cpp:
(WebCore::CanvasRenderingContext2D::fillText):
* Source/WebCore/page/Quirks.cpp:
(WebCore::Quirks::shouldEnableCanvas2DAdvancedPrivacyProtectionQuirk const):
(WebCore::Quirks::advancedPrivacyProtectionSubstituteDataURLForText const):
* Source/WebCore/page/Quirks.h:
* Tools/TestWebKitAPI/Tests/WebKit/AdvancedPrivacyProtections.mm:
(TestWebKitAPI::TEST):

Canonical link: https://commits.webkit.org/266400@main

More information about the webkit-changes mailing list