Sanitize PointerEvent

Simon alerted me to the fact that PointerEvents have been enabled in Firefox 59 (https://bugzilla.mozilla.org/show_bug.cgi?id=1411467). We should sanitize events these under privacy.resistFingerprinting = true.

https://developer.mozilla.org/en-US/docs/Web/API/Pointer_events

added TorBrowserTeam201812R component::applications/tor browser owner::tbb-team priority::medium resolution::fixed severity::normal status::closed tbb-8.0-issues tbb-fingerprinting tbb-regression type::defect labels

Trac:
Description: Simon alerted me to the fact that PointerEvents have been enabled in Firefox 59 (ttps://bugzilla.mozilla.org/show_bug.cgi?id=1411467). We should sanitize events these under privacy.resistFingerprinting = true.

https://developer.mozilla.org/en-US/docs/Web/API/Pointer_events

to

Simon alerted me to the fact that PointerEvents have been enabled in Firefox 59 (ttps://bugzilla.mozilla.org/show_bug.cgi?id=1411467). We should sanitize events these under privacy.resistFingerprinting = true.

https://developer.mozilla.org/en-US/docs/Web/API/Pointer_events

Keywords: N/A deleted, tbb-fingerprinting added

Bugzilla bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1363508

Trac:
Description: Simon alerted me to the fact that PointerEvents have been enabled in Firefox 59 (ttps://bugzilla.mozilla.org/show_bug.cgi?id=1411467). We should sanitize events these under privacy.resistFingerprinting = true.

https://developer.mozilla.org/en-US/docs/Web/API/Pointer_events

to

Simon alerted me to the fact that PointerEvents have been enabled in Firefox 59 (https://bugzilla.mozilla.org/show_bug.cgi?id=1411467). We should sanitize events these under privacy.resistFingerprinting = true.

https://developer.mozilla.org/en-US/docs/Web/API/Pointer_events

I guess we should disable that for now and enable it again when switching to esr68. I am amenable testing it in 8.5aX as well and shipping it in 8.5.

Trac:
Keywords: ff60-esr deleted, tbb-regression, tbb-8.0-issues, TorBrowserTeam201809 added

Moving tickets to October

Trac:
Keywords: TorBrowserTeam201809 deleted, TorBrowserTeam201810 added

Moving our tickets to November.

Trac:
Keywords: TorBrowserTeam201810 deleted, TorBrowserTeam201811 added

Replying to gk:

I guess we should disable that for now and enable it again when switching to esr68. I am amenable testing it in 8.5aX as well and shipping it in 8.5.

https://bugzilla.mozilla.org/show_bug.cgi?id=1492766 landed, but all in all that looks like a ton to backport. Let's disable it for now.

bug_25794_v2 (https://gitweb.torproject.org/user/gk/tor-browser.git/commit/?h=bug_25794_v2&id=53880c99aef73b446796e1261149e7635c2913da) has a fix for review. Pointer events are disabled on mobile, so we are good from that perspective already.

Trac:
Keywords: TorBrowserTeam201811 deleted, TorBrowserTeam201811R added
Status: new to needs_review

Move review tickets to Decemeber.

Trac:
Keywords: TorBrowserTeam201811R deleted, TorBrowserTeam201812R added

r=brade, r=mcs The patch looks good.

Thanks. Cherry-picked to tor-browser-60.3.0esr-8.5-1 (commit c20210b1a017c4e94157c1acfbef18e878202ff4) and tor-browser-60.3.0es-8.0-1 (commit 3c03aad30d2b2b0e92359f15a1a95cfb2354544e). I opened #28729 (moved) for thinking about how we should deal with that for Firefox 68 ESR.

Trac:
Resolution: N/A to fixed
Status: needs_review to closed

closed

mentioned in issue #27867 (moved)

mentioned in issue #28729 (moved)

moved to tpo/applications/tor-browser#25794 (closed)

mentioned in issue tpo/applications/tor-browser#28729 (closed)