Opened 3 years ago

Closed 2 years ago

#21784 closed task (fixed)

Check `toLocaleString()` methods for locale leaks

Reported by: gk Owned by: tbb-team
Priority: High Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: ff52-esr, tbb-fingerprinting, tbb-7.0-must-alpha TorBrowserTeam201705R
Cc: boklm Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

There are some new objects with toLocaleString() (TypedArray (https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/TypedArray/toLocaleString), Array (https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/toLocaleString)) which should according to the docs use all the same algorithm as the one in Number.

We should make sure that no locale is leaked and probably write a test for that.

Child Tickets

Change History (7)

comment:1 Changed 3 years ago by gk

Keywords: tbb-fingerprinting added

comment:2 Changed 2 years ago by gk

Keywords: tbb-7.0-must added

More tickets for 7.0.

comment:3 Changed 2 years ago by gk

Keywords: tbb-7.0-must-alpha added; tbb-7.0-must removed

Getting more tickets on our alpha radar.

comment:4 Changed 2 years ago by gk

Priority: MediumHigh

Moving the investigation tickets to higher priority.

comment:5 Changed 2 years ago by arthuredelstein

Cc: boklm added
Status: newneeds_information

I have manually tested toLocaleString on Array with numbers and Dates, and TypedArray with large integers. In both cases, I found that setting "javascript.use_us_english_locale" to true (as we already do in Tor Browser) was necessary and sufficient to hide the system locale.

In order to test this, we could write a simple xpcshell test, but we need to set the environment variable LANG before running it. I couldn't find anyway to do this in the standard Mozilla testing framework. Nicolas, is this something we could do in your tor-browser-bundle-testsuite?

comment:6 in reply to:  5 Changed 2 years ago by arthuredelstein

Keywords: TorBrowserTeam201705R added
Status: needs_informationneeds_review

Replying to arthuredelstein:

In order to test this, we could write a simple xpcshell test, but we need to set the environment variable LANG before running it. I couldn't find any way to do this in the standard Mozilla testing framework. Nicolas, is this something we could do in your tor-browser-bundle-testsuite?

I opened #22125 to handle such a test. Requesting a review here to confirm the results of the manual test.

Last edited 2 years ago by arthuredelstein (previous) (diff)

comment:7 Changed 2 years ago by gk

Resolution: fixed
Status: needs_reviewclosed

Looks good to me.

Note: See TracTickets for help on using tickets.