Opened 4 years ago

Last modified 21 months ago

#16757 assigned defect

Verify that new DOM properties are really disabled

Reported by: mikeperry Owned by: boklm
Priority: Medium Milestone:
Component: Applications/Quality Assurance and Testing Version:
Severity: Normal Keywords: tbb-fingerprinting, tbb-5.0-regression, TorBrowserTeam201609
Cc: gk, brade, mcs Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

In https://lists.torproject.org/pipermail/tor-qa/2015-August/000667.html, boklm notes:

We have the following DOM objects that were not present in esr31:

onlanguagechange, mozRequestOverfill, back, forward, home, openDialog,
controllers, realFrameElement, MozSelfSupport, _content, Symbol,
WeakSet, HTMLPictureElement, AnimationEffect, PerformanceMeasure,
PluginCrashedEvent, MenuBoxObject, ScrollViewChangeEvent,
SelectionStateChangedEvent, DOMMatrixReadOnly, DOMMatrix,
PopupBoxObject, AnimationTimeline, PerformanceMark, DOMApplication,
IDBMutableFile, StereoPannerNode, CameraDetectedFace,
CameraStateChangeEvent, CSSCounterStyleRule, CameraRecorderVideoProfile,
CameraRecorderProfile, CameraRecorderProfiles, AnonymousContent,
NamedNodeMap, DOMApplicationsManager, ContentProcessMessageManager,
CameraConfigurationEvent, HTMLAllCollection, PromiseDebugging,
SubtleCrypto, Animation, CameraRecorderAudioProfile, RadioNodeList,
WindowRoot, CameraClosedEvent, CryptoKey, CameraFacesDetectedEvent,
MozSettingsTransactionEvent, IDBFileRequest, BroadcastChannel,
MessageChannel, AnimationPlayer

Some of those should have been disabled by various prefs we have set (in particular PerformanceMeasure, PerformanceMark, and the IDB objects). We should look into that. Hopefully they are just empty placeholders. Also, the camera stuff should have been compiled out and also disabled via the peerconnection prefs, I thought.

Child Tickets

Change History (18)

comment:1 Changed 4 years ago by gk

Cc: gk added

comment:2 Changed 4 years ago by mcs

Cc: brade mcs added

comment:3 Changed 4 years ago by mikeperry

And for Workers (#16758):

> BroadcastChannel
> DOMError
6a8
> DOMStringList
18a21,30
> IDBCursor
> IDBDatabase
> IDBFactory
> IDBIndex
> IDBKeyRange
> IDBObjectStore
> IDBOpenDBRequest
> IDBRequest
> IDBTransaction
> IDBVersionChangeEvent
34a47
> Performance
42a56
> Symbol
54a69,70
> WeakSet
> WebSocket
59a76
> XMLHttpRequestEventTarget
83a101
> indexedDB
95a114
> performance

Hrmm. More indexedDB stuff..

Boklm is still working on SharedWorkers.

comment:4 Changed 3 years ago by mikeperry

Keywords: TorBrowserTeam201509 added

comment:5 Changed 3 years ago by arthuredelstein

I suppose the list in comment:description was generated in a chrome-privileged document. I tried running the following code in the web console of about:blank:

var data = "onlanguagechange, mozRequestOverfill, back, forward, home, openDialog, controllers, realFrameElement, MozSelfSupport, _content, Symbol, WeakSet, HTMLPictureElement, AnimationEffect, PerformanceMeasure, PluginCrashedEvent, MenuBoxObject, ScrollViewChangeEvent, SelectionStateChangedEvent, DOMMatrixReadOnly, DOMMatrix, PopupBoxObject, AnimationTimeline, PerformanceMark, DOMApplication, IDBMutableFile, StereoPannerNode, CameraDetectedFace, CameraStateChangeEvent, CSSCounterStyleRule, CameraRecorderVideoProfile, CameraRecorderProfile, CameraRecorderProfiles, AnonymousContent, NamedNodeMap, DOMApplicationsManager, ContentProcessMessageManager, CameraConfigurationEvent, HTMLAllCollection, PromiseDebugging, SubtleCrypto, Animation, CameraRecorderAudioProfile, RadioNodeList, WindowRoot, CameraClosedEvent, CryptoKey, CameraFacesDetectedEvent, MozSettingsTransactionEvent, IDBFileRequest, BroadcastChannel, MessageChannel, AnimationPlayer";
var names = data.split(",").map(x => x.trim());
for (var name of names) console.log(name, window[name]);

And the result was:

"onlanguagechange" null
"mozRequestOverfill" undefined
"back" undefined
"forward" undefined
"home" undefined
"openDialog" undefined
"controllers" XULControllers {  }
"realFrameElement" undefined
"MozSelfSupport" undefined
"_content" undefined
"Symbol" function Symbol()
"WeakSet" function WeakSet()
"HTMLPictureElement" function ()
"AnimationEffect" undefined
"PerformanceMeasure" function ()
"PluginCrashedEvent" undefined
"MenuBoxObject" undefined
"ScrollViewChangeEvent" undefined
"SelectionStateChangedEvent" undefined
"DOMMatrixReadOnly" function ()
"DOMMatrix" function ()
"PopupBoxObject" undefined
"AnimationTimeline" undefined
"PerformanceMark" function ()
"DOMApplication" undefined
"IDBMutableFile" function ()
"StereoPannerNode" function ()
"CameraDetectedFace" undefined
"CameraStateChangeEvent" undefined
"CSSCounterStyleRule" DOMPrototype { , 1 more… }
"CameraRecorderVideoProfile" undefined
"CameraRecorderProfile" undefined
"CameraRecorderProfiles" undefined
"AnonymousContent" undefined
"NamedNodeMap" function ()
"DOMApplicationsManager" undefined
"ContentProcessMessageManager" undefined
"CameraConfigurationEvent" undefined
"HTMLAllCollection" function ()
"PromiseDebugging" undefined
"SubtleCrypto" function ()
"Animation" undefined
"CameraRecorderAudioProfile" undefined
"RadioNodeList" function ()
"WindowRoot" undefined
"CameraClosedEvent" undefined
"CryptoKey" function ()
"CameraFacesDetectedEvent" undefined
"MozSettingsTransactionEvent" undefined
"IDBFileRequest" function ()
"BroadcastChannel" function ()
"MessageChannel" undefined
"AnimationPlayer" undefined

The non-undefined properties were:

> for (var name of names) if (window[name]) console.log(name, window[name]);

"controllers" XULControllers {  }
"Symbol" function Symbol()
"WeakSet" function WeakSet()
"HTMLPictureElement" function ()
"PerformanceMeasure" function ()
"DOMMatrixReadOnly" function ()
"DOMMatrix" function ()
"PerformanceMark" function ()
"IDBMutableFile" function ()
"StereoPannerNode" function ()
"CSSCounterStyleRule" DOMPrototype { , 1 more… }
"NamedNodeMap" function ()
"HTMLAllCollection" function ()
"SubtleCrypto" function ()
"RadioNodeList" function ()
"CryptoKey" function ()
"IDBFileRequest" function ()
"BroadcastChannel" function ()

comment:6 Changed 3 years ago by gk

Keywords: TorBrowserTeam201510 added; TorBrowserTeam201509 removed

Moving Tor Browser tickets to October 2015.

comment:7 Changed 3 years ago by gk

Keywords: TorBrowserTeam201511 added; TorBrowserTeam201510 removed

comment:8 Changed 3 years ago by mikeperry

Keywords: TorBrowserTeam201512 added; TorBrowserTeam201511 removed

comment:9 Changed 3 years ago by gk

Keywords: TorBrowserTeam201601 added; TorBrowserTeam201512 removed

Tickets for Jan 2016.

comment:10 Changed 3 years ago by gk

Keywords: TorBrowserTeam201602 added; TorBrowserTeam201601 removed

Putting stuff on the radar for February.

comment:11 Changed 3 years ago by gk

Keywords: TorBrowserTeam201603 added; TorBrowserTeam201602 removed

comment:12 Changed 3 years ago by gk

Keywords: TorBrowserTeam201604 added; TorBrowserTeam201603 removed

comment:13 Changed 3 years ago by gk

Keywords: TorBrowserTeam201605 added; TorBrowserTeam201604 removed

Moving tickets

comment:14 Changed 3 years ago by gk

Keywords: TorBrowserTeam201606 added; TorBrowserTeam201605 removed

comment:15 Changed 3 years ago by gk

Component: Applications/Tor BrowserApplications/Quality Assurance and Testing
Keywords: TorBrowserTeam201607 added; TorBrowserTeam201606 removed
Owner: changed from tbb-team to boklm
Severity: Normal
Status: newassigned

boklm: Could you look at that one taking the ESR45 things into account as well?

comment:16 Changed 3 years ago by gk

Keywords: TorBrowserTeam201608 added; TorBrowserTeam201607 removed

Moving items to August 2016.

comment:17 Changed 2 years ago by gk

Keywords: TorBrowserTeam201609 added; TorBrowserTeam201608 removed

Tickets for September.

comment:18 Changed 21 months ago by cypherpunks

boklm: Could you look at that one taking the ESR52 things into account as well?

Note: See TracTickets for help on using tickets.