[Webkit-unassigned] [Bug 282632] New: Advanced tracking and fingerprinting treats extension content scripts as 3rd party trackers
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Nov 5 12:22:32 PST 2024
https://bugs.webkit.org/show_bug.cgi?id=282632
Bug ID: 282632
Summary: Advanced tracking and fingerprinting treats extension
content scripts as 3rd party trackers
Product: WebKit
Version: Safari 18
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: WebKit Extensions
Assignee: webkit-unassigned at lists.webkit.org
Reporter: opendarwin at lapcatsoftware.com
CC: timothy at apple.com, webkit-bug-importer at group.apple.com
Created attachment 473146
--> https://bugs.webkit.org/attachment.cgi?id=473146&action=review
Sample Xcode project
Steps to reproduce:
1) Download, build, run, and enable the attached Safari extension TrackingBug in Safari
2) Allow Tracking Bug in private browsing
3) Enable advanced tracking and fingerprinting protection in private browsing
4) Open https://lapcatsoftware.com/articles/2024/6/5.html in Safari
5) Click the link https://underpassapp.com/test/gtag.html?q=search
Expected results:
The content script shows an alert on the page identifying window.location.search as "?q=search".
Actual results:
The content script shows an alert on the page that identifying window.location.search as "".
Advanced tracking and fingerprinting protection is treating the Safari extension content script as a third-party tracker on the page, thereby restricting its access to the URL query.
This bug breaks several features of my Safari extension StopTheMadness Pro, such as copying the page URL and removing parameters from the page URL.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20241105/a0dcf376/attachment.htm>
More information about the webkit-unassigned
mailing list