Only display Canvas message for first parties; simply log third parties
In #6253 (closed), we created a prompt before allowing sites to extract image data from the HTML5 canvas. We did this for fingerprinting reasons.
However, since deploying that patch, I have noticed the warning on at least two random sites.
Unfortunately, the warning is not reproducible, and likely came from a particular 3rd party advertising network. Extra unfortunately, we display only the first party URL in the warning, for usability reasons and for first party-jailed content permissions.
We should provide some mouseover tooltip or other way of determining the full third party url in such warning boxes.
We need to be careful that such a notification does not clutter the warning box or confuse users, and we also need to be mindful of string updates, since the strings are stored in Torbutton but are used in Tor Browser (for translation expedience).