security-and-privacy/CanvasBlocker
security-and-privacy
/
CanvasBlocker
mirror of https://github.com/kkapsner/CanvasBlocker
1
0
Fork 0
Code Releases Activity

Decoupled block mode from protected part 

Fixes #287
This commit is contained in:
kkapsner 2018-10-23 08:26:23 +02:00
parent 5932ac2292
commit 8b9197a68a
17 changed files with 356 additions and 211 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
.documentation/addon description/de/description.txt
View File

@ -1,19 +1,32 @@
Dieses Add-on ermöglicht es Nutzern, Webseiten davon abzuhalten, sie über die Javascript canvas-API zu identifizieren. Nutzer können auswählen, ob die canvas-API komplett auf bestimmten oder allen Seiten blockiert wird (dies wird die Funktionalität einiger Seiten beeinträchtigen) oder nur die identifikationsfreundliche Auslese-API zu blockieren oder dort falsche Werte vorzutäuschen. Nähere Informationen zum canvas-fingerprinting können Sie auf http://www.browserleaks.com/canvas finden.
Dieses Add-on ermöglicht es Nutzern, Webseiten davon abzuhalten, sie über Javascript APIs zu identifizieren. Nutzer können auswählen, ob die APIs komplett auf bestimmten oder allen Seiten blockiert werden (dies wird die Funktionalität einiger Seiten beeinträchtigen) oder bei den identifikationsfreundlichen Auslese-Funktionen falsche Werte vorzutäuschen.
Nähere Informationen zum Fingerprinting können Sie finden auf:
<ul>
<li>&lt;canvas&gt;: http://www.browserleaks.com/canvas</li>
<li>audio:
<ul>
<li>https://audiofingerprint.openwpm.com/ (sehr schlecht geschrieben = langsam)</li>
<li>https://webtransparency.cs.princeton.edu/webcensus/#audio-fp</li>
</ul>
</li>
<li>DOMRect:
<ul>
<li>http://jcarlosnorte.com/security/2016/03/06/advanced-tor-browser-fingerprinting.html</li>
<li>https://browserleaks.com/rects</li>
</ul>
</li>
</ul>
Die verschiedenen Blockiermodi sind:
<ul>
<li>Auslese-API blockieren: Alle Webseiten, die nicht auf der Whitelist oder Blacklist gelistet sind, können die canvas-API zur Darstellung verwenden, aber die Auslese-API darf nicht verwendet werden. Dies kann das korrekte Funktionieren von Webseiten wie z.B. Google Maps verhindern.</li>
<li>Auslese-API vortäuschen: Standardeinstellung und mein Favorit! Alle Webseiten, die nicht auf der Whitelist oder Blacklist gelistet sind, können die canvas-API zur Darstellung verwenden, aber die Auslese-API gibt zufällige Werte zurück, sodass das Fingerprinting immer einen anderen Wert liefert.</li>
<li>Bei Ausgabe vortäuschen: Bei der Darstellung von Text werden die beschriebenen Pixel leicht verändert. Dies erschwert die Detektion des Add-ons, aber ist weniger sicher. Bei WebGL-Canvas ist das Verhalten identisch zu "Auslese-API vortäuschen".</li>
<li>bei Auslese-API um Erlaubnis fragen: Alle Webseiten, die nicht auf der Whitelist oder Blacklist gelistet sind, können die canvas-API zur Darstellung verwenden, aber der Nutzer wird jedes Mal um Erlaubnis gefragt, wenn die Webseite die Readout-API verwenden möchte.</li>
<li>alles blockieren: Ignoriert alle Listen und blockiert die canvas-API auf allen Webseiten.</li>
<li>nur Einträge der Whitelist erlauben: Nur Seiten, die in der Whitelist gelistet sind, dürfen die canvas-API verwenden.</li>
<li>um Erlaubnis fragen: Wenn eine Seite weder auf der Whitelist noch auf der Blacklist gelistet ist, wird der Nutzer gefragt, ob die Webseite die canvas-API verwenden darf, wenn sie benutzt wird.</li>
<li>nur Einträge der Blacklist blockieren: Blockiere die canvas-API nur auf den Seiten der Blacklist.</li>
<li>alles erlauben: Ignoriere alle Listen und erlaube die canvas-API auf allen Webseiten.</li>
</ul>
<ul>
<li>Auslese-API vortäuschen: Standardeinstellung und mein Favorit! Alle Webseiten, die nicht auf der Whitelist oder Blacklist gelistet sind, können die beschützten APIs zur Darstellung verwenden. Werte, die über die APIs zurückgegeben werden, werde so verändert, dass kein konsistenter Fingerprinting erstellt werden kann.</li>
<li>um Erlaubnis fragen: Wenn eine Seite weder auf der Whitelist noch auf der Blacklist gelistet ist, wird der Nutzer gefragt, ob die Webseite die beschützten APIs verwenden darf, wenn sie benutzt wird.</li>
<li>alles blockieren: Ignoriert alle Listen und blockiert die beschützten APIs auf allen Webseiten.</li>
<li>nur Einträge der Whitelist erlauben: Nur Seiten, die in der Whitelist gelistet sind, dürfen die beschützten APIs verwenden.</li>
<li>nur Einträge der Blacklist blockieren: Blockiere die beschützten APIs nur auf den Seiten der Blacklist.</li>
<li>alles erlauben: Ignoriere alle Listen und erlaube die beschützten APIs auf allen Webseiten.</li>
</ul>
Geschützte "Fingerprinting"-APIs:
Beschützte "Fingerprinting"-APIs:
<ul>
<li>canvas 2d</li>
<li>webGL</li>

38
.documentation/addon description/en/description.txt
View File

@ -1,17 +1,31 @@
This add-on allows users to prevent websites from using the Javascript canvas API to fingerprint them. Users can choose to block the canvas API entirely on some or all websites (which may break some websites) or just block or fake its fingerprinting-friendly readout API. More information on canvas fingerprinting can be found at http://www.browserleaks.com/canvas.
This add-on allows users to prevent websites from using the some Javascript APIs to fingerprint them. Users can choose to block the APIs entirely on some or all websites (which may break some websites) or fake its fingerprinting-friendly readout API.
More information on fingerprinting can be found at:
<ul>
<li> &lt;canvas&gt;: http://www.browserleaks.com/canvas</li>
<li> audio:
<ul>
<li>https://audiofingerprint.openwpm.com/ (very poorly written = slow)</li>
<li>https://webtransparency.cs.princeton.edu/webcensus/#audio-fp</li>
</ul>
</li>
<li> DOMRect:
<ul>
<li>http://jcarlosnorte.com/security/2016/03/06/advanced-tor-browser-fingerprinting.html</li>
<li>https://browserleaks.com/rects</li>
</ul>
</li>
</ul>
The different block modes are:
<ul>
<li>block readout API: All websites not on the white list or black list can use the canvas API to display something on the page, but the readout API is not allowed to return values to the website. This may break websites like Google Maps.</li>
<li>fake readout API: Canvas Blocker's default setting, and my favorite! All websites not on the white list or black list can use the canvas API to display something on the page, but the readout API is forced to return a new random value each time it is called.</li>
<li>fake at input: on display of text the drawn pixels get modified slightly. This makes the detection of the add-on harder but is less secure. On WebGL-canvas the behaviour is identical to "fake readout API".</li>
<li>ask for readout API permission: All websites not on the white list or black list can use the canvas API to display something on the page, but the user will be asked if the website should be allowed to use the readout API each time it is called.</li>
<li>block everything: Ignore all lists and block the canvas API on all websites.</li>
<li>allow only white list: Only websites in the white list are allowed to use the canvas API.</li>
<li>ask for permission: If a website is not listed on the white list or black list, the user will be asked if the website should be allowed to use the canvas API each time it is called.</li>
<li>block only black list: Block the canvas API only for websites on the black list.</li>
<li>allow everything: Ignore all lists and allow the canvas API on all websites.</li>
</ul>
<ul>
<li> fake: Canvas Blocker's default setting, and my favorite! All websites not on the white list or black list can use the protected APIs. But values obtained by the APIs are altered so that a consistent fingerprinting is not possible</li>
<li> ask for permission: If a website is not listed on the white list or black list, the user will be asked if the website should be allowed to use the protected APIs each time they are called.</li>
<li> block everything: Ignore all lists and block the protected APIs on all websites.</li>
<li> allow only white list: Only websites in the white list are allowed to use the protected APIs.</li>
<li> block only black list: Block the protected APIs only for websites on the black list.</li>
<li> allow everything: Ignore all lists and allow the protected APIs on all websites.</li>
</ul>
Protected "fingerprinting" APIs:
<ul>

28
README.md
View File

@ -1,17 +1,21 @@
This add-on allows users to prevent websites from using the Javascript &lt;canvas&gt; API to fingerprint them. Users can choose to block the &lt;canvas&gt; API entirely on some or all websites (which may break some websites) or just block or fake its fingerprinting-friendly readout API. More information on &lt;canvas&gt; fingerprinting can be found at http://www.browserleaks.com/canvas.
This add-on allows users to prevent websites from using the some Javascript APIs to fingerprint them. Users can choose to block the APIs entirely on some or all websites (which may break some websites) or just block or fake its fingerprinting-friendly readout API.
More information on fingerprinting can be found at:
* &lt;canvas&gt;: http://www.browserleaks.com/canvas
* audio:
* https://audiofingerprint.openwpm.com/ (very poorly written = slow)
* https://webtransparency.cs.princeton.edu/webcensus/#audio-fp
* DOMRect:
* http://jcarlosnorte.com/security/2016/03/06/advanced-tor-browser-fingerprinting.html
* https://browserleaks.com/rects
The different block modes are:
<ul>
<li>block readout API: All websites not on the white list or black list can use the &lt;canvas&gt; API to display something on the page, but the readout API is not allowed to return values to the website.</li>
<li>fake readout API: Canvas Blocker's default setting, and my favorite! All websites not on the white list or black list can use the &lt;canvas&gt; API to display something on the page, but the readout API is forced to return a new random value each time it is called.</li>
<li>fake at input: on display of text the drawn pixels get modified slightly. This makes the detection of the add-on harder but is less secure. On WebGL-canvas the behaviour is identical to "fake readout API".</li>
<li>ask for readout API permission: All websites not on the white list or black list can use the &lt;canvas&gt; API to display something on the page, but the user will be asked if the website should be allowed to use the readout API each time it is called.</li>
<li>block everything: Ignore all lists and block the &lt;canvas&gt; API on all websites.</li>
<li>allow only white list: Only websites in the white list are allowed to use the &lt;canvas&gt; API.</li>
<li>ask for permission: If a website is not listed on the white list or black list, the user will be asked if the website should be allowed to use the &lt;canvas&gt; API each time it is called.</li>
<li>block only black list: Block the &lt;canvas&gt; API only for websites on the black list.</li>
<li>allow everything: Ignore all lists and allow the &lt;canvas&gt; API on all websites.</li>
</ul>
* fake: Canvas Blocker's default setting, and my favorite! All websites not on the white list or black list can use the protected APIs. But values obtained by the APIs are altered so that a consistent fingerprinting is not possible
* ask for permission: If a website is not listed on the white list or black list, the user will be asked if the website should be allowed to use the protected APIs each time they are called.
* block everything: Ignore all lists and block the protected APIs on all websites.
* allow only white list: Only websites in the white list are allowed to use the protected APIs.
* block only black list: Block the protected APIs only for websites on the black list.
* allow everything: Ignore all lists and allow the protected APIs on all websites.
Protected "fingerprinting" APIs:
* canvas 2d

54
_locales/de/messages.json
View File

@ -303,10 +303,6 @@
"message": "um Erlaubnis fragen",
"description": ""
},
"blockMode_options.askReadout": {
"message": "bei Auslese-API um Erlaubnis fragen",
"description": ""
},
"blockMode_options.blockEverything": {
"message": "alles blockieren",
"description": ""
@ -315,22 +311,34 @@
"message": "nur Einträge der Blacklist blockieren",
"description": ""
},
"blockMode_options.blockReadout": {
"message": "Auslese-API blockieren",
"description": ""
},
"blockMode_options.fakeReadout": {
"message": "Auslese-API vortäuschen",
"description": ""
},
"blockMode_options.fakeInput": {
"message": "Bei Ausgabe vortäuschen",
"blockMode_options.fake": {
"message": "vortäuschen",
"description": ""
},
"blockMode_title": {
"message": "Blockiermodus",
"description": ""
},
"protectedCanvasPart_title": {
"message": "Beschützer Teil der Canvas-API",
"description": ""
},
"protectedCanvasPart_description": {
"message": "Auslese: die Auslese-Funktionen der Canvas-API werden beschützt.\n\nEingabe: die Ausgabe-Funktionen der Canvas-API werden beschützt. Mit dem Blockiermodus \"vortäuschen\" wird bei der Darstellung von Text die beschriebenen Pixel leicht verändert. Dies erschwert die Detektion des Add-ons, ist aber weniger sicher. Bei WebGL-Canvas ist das Verhalten identisch zu \"Auslese\".\n\nAlles: sowohl Auslese- als auch Eingabe-Funktionen werden beschützt. Es wird empfohlen diese nicht mit dem Blockiermodus \"vortäuschen\" zu verwenden, da es die Wahrscheinlichkeit erhöht detektiert zu werden.",
"description": ""
},
"protectedCanvasPart_options.input": {
"message": "Eingabe",
"description": ""
},
"protectedCanvasPart_options.readout": {
"message": "Auslese",
"description": ""
},
"protectedCanvasPart_options.everything": {
"message": "Alles",
"description": ""
},
"urlSettings_title": {
"message": "Seitenspezifische Werte",
"description": ""
@ -1123,8 +1131,8 @@
"message": "Es werden die \"vortäuschen\" und \"fragen\" Blockiermodi empfohlen.",
"description": ""
},
"sanitation_resolution.switchToFakeReadout": {
"message": "zu \"Auslese vortäuschen\" wechseln",
"sanitation_resolution.switchToFake": {
"message": "zu \"vortäuschen\" wechseln",
"description": ""
},
"sanitation_error.blockModeVsProtection": {
@ -1136,13 +1144,25 @@
"description": ""
},
"sanitation_error.fakeInputWithWhiteRng": {
"message": "Der weiße Zufallszahlengenerator soll nicht mit \"{blockMode}\" verwendet werden.",
"message": "Der weiße Zufallszahlengenerator soll nicht mit \"{blockMode}\" verwendet werden, wenn \"{protectedCanvasPart}\" beschützt wird.",
"description": ""
},
"sanitation_resolution.switchToProtectReadout": {
"message": "\"Auslese\" beschützen",
"description": ""
},
"sanitation_resolution.switchToNonPersistentRng": {
"message": "wechsle zu \"nicht persistent\"",
"description": ""
},
"sanitation_error.fakeEverythingInCanvas": {
"message": "Beschützen Sie nicht \"{protectedCanvasPart}\" im Blockiermodus \"{blockMode}\".",
"description": ""
},
"sanitation_resolution.switchToProtectInput": {
"message": "\"Eingabe\" beschützen",
"description": ""
},
"sanitation_error.valueTooLow": {
"message": "\"{setting}\" soll nicht niedriger als {value} sein.",
"description": ""

55
_locales/en/messages.json
View File

@ -317,10 +317,6 @@
"message": "ask for permission",
"description": ""
},
"blockMode_options.askReadout": {
"message": "ask for readout API permission",
"description": ""
},
"blockMode_options.blockEverything": {
"message": "block everything",
"description": ""
@ -329,16 +325,8 @@
"message": "block only blacklist",
"description": ""
},
"blockMode_options.blockReadout": {
"message": "block readout API",
"description": ""
},
"blockMode_options.fakeReadout": {
"message": "fake readout API",
"description": ""
},
"blockMode_options.fakeInput": {
"message": "fake at input",
"blockMode_options.fake": {
"message": "fake",
"description": ""
},
"blockMode_title": {
@ -346,6 +334,27 @@
"description": ""
},
"protectedCanvasPart_title": {
"message": "Protected part of the canvas API",
"description": ""
},
"protectedCanvasPart_description": {
"message": "readout: the readout features of the canvas API are protected.\n\ninput: the input features of the canvas API are protected. With fake blocking mode on display of text the drawn pixels get modified slightly. This makes the detection of the add-on harder but is less secure. On WebGL-canvas the behaviour is identical to \"readout\".\n\neverything: both the readout and input features are protected. It's not recommended to use this with \"fake\" block mode as it increases the probability to be detected.",
"description": ""
},
"protectedCanvasPart_options.input": {
"message": "input",
"description": ""
},
"protectedCanvasPart_options.readout": {
"message": "readout",
"description": ""
},
"protectedCanvasPart_options.everything": {
"message": "everything",
"description": ""
},
"urlSettings_title": {
"message": "Site specific values",
"description": ""
@ -1174,8 +1183,8 @@
"message": "It is recommended to use the \"fake\" or \"ask\" blocking modes.",
"description": ""
},
"sanitation_resolution.switchToFakeReadout": {
"message": "switch to \"fake readout\"",
"sanitation_resolution.switchToFake": {
"message": "switch to \"fake\"",
"description": ""
},
"sanitation_error.blockModeVsProtection": {
@ -1187,13 +1196,25 @@
"description": ""
},
"sanitation_error.fakeInputWithWhiteRng": {
"message": "Do not use white random number generator with \"{blockMode}\".",
"message": "Do not use white random number generator with \"{blockMode}\" and protecting \"{protectedCanvasPart}\".",
"description": ""
},
"sanitation_resolution.switchToProtectReadout": {
"message": "switch to protect readout",
"description": ""
},
"sanitation_resolution.switchToNonPersistentRng": {
"message": "switch to \"non persistent\" rng",
"description": ""
},
"sanitation_error.fakeEverythingInCanvas": {
"message": "Do not use protect \"{protectedCanvasPart}\" in blocking mode \"{blockMode}\".",
"description": ""
},
"sanitation_resolution.switchToProtectInput": {
"message": "switch to protect input",
"description": ""
},
"sanitation_error.valueTooLow": {
"message": "\"{setting}\" should not be lower than {value}.",
"description": ""

20
lib/check.js
View File

@ -21,21 +21,19 @@
scope.check = function check({url, errorStack}){
url = new URL(url || "about:blank");
var match = checkBoth(errorStack, url, settings.get("blockMode", url)).match(
/^(block|allow|fake|ask)(|Readout|Everything|Context|Input|Internal)$/
/^(block|allow|fake|ask)(|Everything|Internal)$/
);
if (match){
return {
url: url,
type: (match[2] === "Everything" || match[2] === "")?
["context", "readout", "input"]:
[match[2].toLowerCase()],
internal: match[2] === "Internal",
mode: match[1]
};
}
else {
return {
url: url,
type: ["context", "readout", "input"],
internal: false,
mode: "block"
};
}
@ -72,21 +70,9 @@
mode = "block";
break;
case "block":
case "blockContext":
case "blockReadout":
case "blockInput":
case "ask":
case "askContext":
case "askReadout":
case "askInput":
case "fake":
case "fakeContext":
case "fakeReadout":
case "fakeInput":
case "allow":
case "allowContext":
case "allowReadout":
case "allowInput":
if (url && lists.get("white").match(url)){
mode = "allow";
}

80
lib/modifiedAPI.js
View File

@ -17,7 +17,7 @@
const logging = require("./logging");
const {copyCanvasToWebgl} = require("./webgl");
const getWrapped = require("sdk/getWrapped");
const {hasType, checkerWrapper} = require("./modifiedAPIFunctions");
const {checkerWrapper} = require("./modifiedAPIFunctions");
const modifiedAudioAPI = require("./modifiedAudioAPI");
const modifiedDOMRectAPI = require("./modifiedDOMRectAPI");
@ -153,6 +153,27 @@
}
}
function getProtectedPartChecker(pref, url){
const protectedPart = pref("protectedCanvasPart", url);
if (protectedPart === "everything"){
return function(){
return true;
};
}
else {
return function(parts){
if (Array.isArray(parts)){
return parts.some(function(part){
return part === protectedPart;
});
}
else {
return parts === protectedPart;
}
};
}
}
scope.setRandomSupply = function(supply){
randomSupply = supply;
modifiedAudioAPI.setRandomSupply(supply);
@ -163,15 +184,15 @@
scope.changedFunctions = {
getContext: {
type: "context",
getStatus: function(obj, status){
if (hasType(status, "internal")){
getStatus: function(obj, status, prefs){
if (status.internal){
return {
mode: "allow",
type: status.type,
active: false
};
}
else if (hasType(status, "context") || hasType(status, "input")){
else if (getProtectedPartChecker(prefs, status.url)("input")){
return {
mode: status.mode,
type: status.type,
@ -197,10 +218,11 @@
},
toDataURL: {
type: "readout",
getStatus: function(obj, status){
getStatus: function(obj, status, prefs){
const protectedPartChecker = getProtectedPartChecker(prefs, status.url);
status = Object.create(status);
status.active = hasType(status, "readout");
if (!status.active && hasType(status, "input")){
status.active = protectedPartChecker("readout");
if (!status.active && protectedPartChecker("input")){
var contextType = canvasContextType.get(obj);
status.active = contextType !== "2d";
}
@ -227,10 +249,11 @@
},
toBlob: {
type: "readout",
getStatus: function(obj, status){
getStatus: function(obj, status, prefs){
const protectedPartChecker = getProtectedPartChecker(prefs, status.url);
status = Object.create(status);
status.active = hasType(status, "readout");
if (!status.active && hasType(status, "input")){
status.active = protectedPartChecker("readout");
if (!status.active && protectedPartChecker("input")){
var contextType = canvasContextType.get(obj);
status.active = contextType !== "2d";
}
@ -258,10 +281,11 @@
},
mozGetAsFile: {
type: "readout",
getStatus: function(obj, status){
getStatus: function(obj, status, prefs){
const protectedPartChecker = getProtectedPartChecker(prefs, status.url);
status = Object.create(status);
status.active = hasType(status, "readout");
if (!status.active && hasType(status, "input")){
status.active = protectedPartChecker("readout");
if (!status.active && protectedPartChecker("input")){
var contextType = canvasContextType.get(obj);
status.active = contextType !== "2d";
}
@ -288,9 +312,10 @@
},
getImageData: {
type: "readout",
getStatus: function(obj, status){
getStatus: function(obj, status, prefs){
const protectedPartChecker = getProtectedPartChecker(prefs, status.url);
status = Object.create(status);
status.active = hasType(status, "readout");
status.active = protectedPartChecker("readout");
return status;
},
object: "CanvasRenderingContext2D",
@ -322,9 +347,10 @@
},
isPointInPath: {
type: "readout",
getStatus: function(obj, status){
getStatus: function(obj, status, prefs){
const protectedPartChecker = getProtectedPartChecker(prefs, status.url);
status = Object.create(status);
status.active = hasType(status, "readout");
status.active = protectedPartChecker("readout");
return status;
},
object: "CanvasRenderingContext2D",
@ -348,9 +374,10 @@
},
isPointInStroke: {
type: "readout",
getStatus: function(obj, status){
getStatus: function(obj, status, prefs){
const protectedPartChecker = getProtectedPartChecker(prefs, status.url);
status = Object.create(status);
status.active = hasType(status, "readout");
status.active = protectedPartChecker("readout");
return status;
},
object: "CanvasRenderingContext2D",
@ -374,9 +401,10 @@
},
fillText: {
type: "input",
getStatus: function(obj, status){
getStatus: function(obj, status, prefs){
const protectedPartChecker = getProtectedPartChecker(prefs, status.url);
status = Object.create(status);
status.active = hasType(status, "input");
status.active = protectedPartChecker("input");
return status;
},
object: "CanvasRenderingContext2D",
@ -409,9 +437,10 @@
},
strokeText: {
type: "input",
getStatus: function(obj, status){
getStatus: function(obj, status, prefs){
const protectedPartChecker = getProtectedPartChecker(prefs, status.url);
status = Object.create(status);
status.active = hasType(status, "input");
status.active = protectedPartChecker("input");
return status;
},
object: "CanvasRenderingContext2D",
@ -444,9 +473,10 @@
},
readPixels: {
type: "readout",
getStatus: function(obj, status){
getStatus: function(obj, status, prefs){
const protectedPartChecker = getProtectedPartChecker(prefs, status.url);
status = Object.create(status);
status.active = hasType(status, "readout") || hasType(status, "input");
status.active = protectedPartChecker(["readout", "input"]);
return status;
},
object: ["WebGLRenderingContext", "WebGL2RenderingContext"],

6
lib/modifiedAPIFunctions.js
View File

@ -13,12 +13,6 @@
scope = window.scope.modifiedAPIFunctions;
}
scope.hasType = function hasType(status, type){
return status.type.indexOf(type) !== -1;
};
scope.checkerWrapper = function checkerWrapper(checker, object, args, callback){
const check = checker.call(object);
if (check.allow){

4
lib/modifiedAudioAPI.js
View File

@ -16,7 +16,7 @@
const logging = require("./logging");
const {sha256String: hashing} = require("./hash");
const getWrapped = require("sdk/getWrapped");
const {hasType, checkerWrapper} = require("./modifiedAPIFunctions");
const {checkerWrapper} = require("./modifiedAPIFunctions");
var randomSupply = null;
@ -150,7 +150,7 @@
function getStatus(obj, status, prefs){
status = Object.create(status);
status.active = prefs("protectAudio", status.url) && hasType(status, "readout");
status.active = prefs("protectAudio", status.url);
return status;
}

4
lib/modifiedDOMRectAPI.js
View File

@ -13,7 +13,7 @@
scope = window.scope.modifiedDOMRectAPI;
}
const {hasType, checkerWrapper} = require("./modifiedAPIFunctions");
const {checkerWrapper} = require("./modifiedAPIFunctions");
const {byteArrayToString: hash} = require("./hash");
const getWrapped = require("sdk/getWrapped");
@ -424,7 +424,7 @@
function getStatus(obj, status, prefs){
status = Object.create(status);
status.active = prefs("protectDOMRect", status.url) && hasType(status, "readout");
status.active = prefs("protectDOMRect", status.url);
return status;
}

6
lib/modifiedHistoryAPI.js
View File

@ -13,7 +13,7 @@
scope = window.scope.modifiedHistoryAPI;
}
const {hasType, checkerWrapper} = require("./modifiedAPIFunctions");
const {checkerWrapper} = require("./modifiedAPIFunctions");
scope.changedGetters = [
{
@ -43,9 +43,7 @@
function getStatus(obj, status){
status = Object.create(status);
status.active = hasType(status, "readout");
return status;
return Object.create(status);
}
scope.changedGetters.forEach(function(changedGetter){

4
lib/modifiedWindowAPI.js
View File

@ -13,7 +13,7 @@
scope = window.scope.modifiedWindowAPI;
}
const {hasType, checkerWrapper} = require("./modifiedAPIFunctions");
const {checkerWrapper} = require("./modifiedAPIFunctions");
const windowNames = new WeakMap();
scope.changedGetters = [
@ -75,7 +75,7 @@
function getStatus(obj, status, prefs){
status = Object.create(status);
status.active = prefs("protectWindow", status.url) && hasType(status, "readout");
status.active = prefs("protectWindow", status.url);
return status;
}

14
lib/settingDefinitions.js
View File

@ -58,11 +58,19 @@
},
{
name: "blockMode",
defaultValue: "fakeReadout",
defaultValue: "fake",
urlSpecific: true,
options: [
"blockReadout", "fakeReadout", "fakeInput", "askReadout", null,
"blockEverything", "block", "ask", "allow", "allowEverything"
"fake", "ask", null,
"blockEverything", "block", "allow", "allowEverything"
]
},
{
name: "protectedCanvasPart",
defaultValue: "readout",
urlSpecific: true,
options: [
"readout", "input", "everything"
]
},
{

36
lib/settingsMigration.js
View File

@ -17,7 +17,7 @@
scope.transitions = {
"": function(oldStorage){
return {
storageVersion: 0.4
storageVersion: 0.5
};
},
0.1: function(oldStorage){
@ -97,6 +97,40 @@
}
return newStorage;
},
0.4: function(oldStorage){
var newStorage = {
storageVersion: 0.5
};
if (oldStorage.hasOwnProperty("blockMode")){
switch (oldStorage.blockMode){
case "blockReadout":
newStorage.blockMode = "block";
newStorage.protectedCanvasPart = "readout";
break;
case "fakeReadout":
newStorage.blockMode = "fake";
newStorage.protectedCanvasPart = "readout";
break;
case "fakeInput":
newStorage.blockMode = "fake";
newStorage.protectedCanvasPart = "input";
break;
case "askReadout":
newStorage.blockMode = "ask";
newStorage.protectedCanvasPart = "readout";
break;
case "blockEverything":
case "block":
case "ask":
case "allow":
case "allowEverything":
newStorage.protectedCanvasPart = "everything";
break;
}
}
return newStorage;
}
};
scope.check = function(storage, {settings, logging, changeValue, urlContainer}){

93
options/sanitationRules.js
View File

@ -117,55 +117,70 @@
{
name: "blockMode",
check: function(errorCallback){
const switchMode = {
label: browser.i18n.getMessage("sanitation_resolution.switchToFakeReadout"),
callback: function(){
settings.blockMode = "fakeReadout";
}
};
const blockMode = settings.blockMode;
const blockModeName = browser.i18n.getMessage("blockMode_options." + blockMode);
const protectedCanvasPart = settings.protectedCanvasPart;
if (!blockMode.match("^fake|^ask")){
errorCallback({
message: browser.i18n.getMessage("sanitation_error.badBlockMode"),
severity: "medium",
resolutions: [switchMode]
});
}
["Audio", "Window", "DOMRect"].forEach(function(api){
const mainFlag = "protect" + api;
if (settings[mainFlag]){
if (["fakeInput"].indexOf(blockMode) !== -1){
const blockModeName = browser.i18n.getMessage("blockMode_options." + blockMode);
errorCallback({
message: browser.i18n.getMessage("sanitation_error.blockModeVsProtection")
.replace(/{blockMode}/g, blockModeName)
.replace(/{api}/g, browser.i18n.getMessage("section_" + api + "-api")),
severity: "high",
resolutions: [switchMode, {
label: browser.i18n.getMessage("sanitation_resolution.disableFlag")
.replace(/{flag}/g, browser.i18n.getMessage(mainFlag + "_title")),
callback: function(){
settings[mainFlag] = false;
}
}]
});
}
}
});
if (blockMode === "fakeInput" && settings.rng === "white"){
errorCallback({
message: browser.i18n.getMessage("sanitation_error.fakeInputWithWhiteRng")
.replace(/{blockMode}/g, blockModeName),
severity: "low",
resolutions: [switchMode, {
label: browser.i18n.getMessage("sanitation_resolution.switchToNonPersistentRng"),
resolutions: [{
label: browser.i18n.getMessage("sanitation_resolution.switchToFake"),
callback: function(){
settings.rng = "nonPersistent";
settings.blockMode = "fake";
}
}]
});
}
if (blockMode === "fake" && protectedCanvasPart === "input" && settings.rng === "white"){
errorCallback({
message: browser.i18n.getMessage("sanitation_error.fakeInputWithWhiteRng")
.replace(/{blockMode}/g, browser.i18n.getMessage("blockMode_options." + blockMode))
.replace(
/{protectedCanvasPart}/g,
browser.i18n.getMessage("protectedCanvasPart_options." + settings.protectedCanvasPart)
),
severity: "low",
resolutions: [
{
label: browser.i18n.getMessage("sanitation_resolution.switchToProtectReadout"),
callback: function(){
settings.protectedCanvasPart = "readout";
}
},
{
label: browser.i18n.getMessage("sanitation_resolution.switchToNonPersistentRng"),
callback: function(){
settings.rng = "nonPersistent";
}
}
]
});
}
if (blockMode === "fake" && protectedCanvasPart === "everything"){
errorCallback({
message: browser.i18n.getMessage("sanitation_error.fakeEverythingInCanvas")
.replace(/{blockMode}/g, browser.i18n.getMessage("blockMode_options." + blockMode))
.replace(
/{protectedCanvasPart}/g,
browser.i18n.getMessage("protectedCanvasPart_options." + settings.protectedCanvasPart)
),
severity: "low",
resolutions: [
{
label: browser.i18n.getMessage("sanitation_resolution.switchToProtectReadout"),
callback: function(){
settings.protectedCanvasPart = "readout";
}
},
{
label: browser.i18n.getMessage("sanitation_resolution.switchToProtectInput"),
callback: function(){
settings.protectedCanvasPart = "input";
}
}
]
});
}
}
},
{

83
options/settingsDisplay.js
View File

@ -18,20 +18,20 @@
{
"name": "askOnlyOnce",
"displayDependencies": {
"blockMode": ["askReadout", "ask"]
"blockMode": ["ask"]
}
},
{
"name": "askDenyMode",
"displayDependencies": {
"blockMode": ["askReadout", "ask"],
"blockMode": ["ask"],
"displayAdvancedSettings": [true]
}
},
{
"name": "showCanvasWhileAsking",
"displayDependencies": {
"blockMode": ["askReadout", "ask"],
"blockMode": ["ask"],
"displayAdvancedSettings": [true]
}
},
@ -40,11 +40,11 @@
"name": "rng",
"displayDependencies": [
{
"blockMode": ["fakeReadout", "fakeInput"],
"blockMode": ["fake"],
"displayAdvancedSettings": [true]
},
{
"blockMode": ["askReadout", "ask"],
"blockMode": ["ask"],
"askDenyMode": ["fake"],
"displayAdvancedSettings": [true]
}
@ -54,12 +54,12 @@
"name": "storePersistentRnd",
"displayDependencies": [
{
"blockMode": ["fakeReadout", "fakeInput"],
"blockMode": ["fake"],
"rng": ["persistent"],
"displayAdvancedSettings": [true]
},
{
"blockMode": ["askReadout", "ask"],
"blockMode": ["ask"],
"askDenyMode": ["fake"],
"rng": ["persistent"],
"displayAdvancedSettings": [true]
@ -71,12 +71,12 @@
"inputs": ["persistentRndClearIntervalValue", "persistentRndClearIntervalUnit"],
"displayDependencies": [
{
"blockMode": ["fakeReadout", "fakeInput"],
"blockMode": ["fake"],
"rng": ["persistent"],
"displayAdvancedSettings": [true]
},
{
"blockMode": ["askReadout", "ask"],
"blockMode": ["ask"],
"askDenyMode": ["fake"],
"rng": ["persistent"],
"displayAdvancedSettings": [true]
@ -87,12 +87,12 @@
"name": "clearPersistentRnd",
"displayDependencies": [
{
"blockMode": ["fakeReadout", "fakeInput"],
"blockMode": ["fake"],
"rng": ["persistent"],
"displayAdvancedSettings": [true]
},
{
"blockMode": ["askReadout", "ask"],
"blockMode": ["ask"],
"askDenyMode": ["fake"],
"rng": ["persistent"],
"displayAdvancedSettings": [true]
@ -163,7 +163,7 @@
{
"name": "showCallingFile",
"displayDependencies": {
"blockMode": ["askReadout", "ask"],
"blockMode": ["ask"],
"displayAdvancedSettings": [true]
}
},
@ -179,7 +179,7 @@
{
"name": "enableStackList",
"displayDependencies": {
"blockMode": ["blockReadout", "fakeReadout", "fakeInput", "askReadout", "block", "ask"],
"blockMode": ["fake", "block", "ask"],
"displayAdvancedSettings": [true]
}
},
@ -194,25 +194,28 @@
{
"name": "whiteList",
"displayDependencies": {
"blockMode": ["blockReadout", "fakeReadout", "fakeInput", "askReadout", "block", "ask"],
"blockMode": ["fake", "block", "ask"],
"displayAdvancedSettings": [true]
}
},
{
"name": "sessionWhiteList",
"displayDependencies": {
"blockMode": ["blockReadout", "fakeReadout", "fakeInput", "askReadout", "block", "ask"],
"blockMode": ["fake", "block", "ask"],
"displayAdvancedSettings": [true]
}
},
{
"name": "blackList",
"displayDependencies": {
"blockMode": ["blockReadout", "fakeReadout", "fakeInput", "askReadout", "ask", "allow"],
"blockMode": ["block", "fake", "ask", "allow"],
"displayAdvancedSettings": [true]
}
},
"Canvas-API",
{
"name": "protectedCanvasPart"
},
{
"name": "protectedAPIFeatures",
"displayedSection": "Canvas-API",
@ -226,11 +229,11 @@
"name": "minFakeSize",
"displayDependencies": [
{
"blockMode": ["fakeReadout", "fakeInput"],
"blockMode": ["fake"],
"displayAdvancedSettings": [true]
},
{
"blockMode": ["askReadout", "ask"],
"blockMode": ["ask"],
"askDenyMode": ["fake"],
"displayAdvancedSettings": [true]
}
@ -240,11 +243,11 @@
"name": "maxFakeSize",
"displayDependencies": [
{
"blockMode": ["fakeReadout", "fakeInput"],
"blockMode": ["fake"],
"displayAdvancedSettings": [true]
},
{
"blockMode": ["askReadout", "ask"],
"blockMode": ["ask"],
"askDenyMode": ["fake"],
"displayAdvancedSettings": [true]
}
@ -254,11 +257,12 @@
"name": "ignoreFrequentColors",
"displayDependencies": [
{
"blockMode": ["fakeReadout"],
"blockMode": ["fake"],
"protectedCanvasPart": ["readout"],
"displayAdvancedSettings": [true]
},
{
"blockMode": ["askReadout", "ask"],
"blockMode": ["ask"],
"askDenyMode": ["fake"],
"displayAdvancedSettings": [true]
}
@ -268,11 +272,12 @@
"name": "minColors",
"displayDependencies": [
{
"blockMode": ["fakeReadout"],
"blockMode": ["fake"],
"protectedCanvasPart": ["readout"],
"displayAdvancedSettings": [true]
},
{
"blockMode": ["askReadout", "ask"],
"blockMode": ["ask"],
"askDenyMode": ["fake"],
"displayAdvancedSettings": [true]
}
@ -282,11 +287,12 @@
"name": "fakeAlphaChannel",
"displayDependencies": [
{
"blockMode": ["fakeReadout"],
"blockMode": ["fake"],
"protectedCanvasPart": ["readout"],
"displayAdvancedSettings": [true]
},
{
"blockMode": ["askReadout", "ask"],
"blockMode": ["ask"],
"askDenyMode": ["fake"],
"displayAdvancedSettings": [true]
}
@ -296,11 +302,12 @@
"name": "useCanvasCache",
"displayDependencies": [
{
"blockMode": ["fakeReadout"],
"blockMode": ["fake"],
"protectedCanvasPart": ["readout"],
"displayAdvancedSettings": [true]
},
{
"blockMode": ["askReadout", "ask"],
"blockMode": ["ask"],
"askDenyMode": ["fake"],
"displayAdvancedSettings": [true]
}
@ -334,12 +341,12 @@
"name": "audioFakeRate",
"displayDependencies": [
{
"blockMode": ["fakeReadout", "fakeInput"],
"blockMode": ["fake"],
"protectAudio": [true],
"displayAdvancedSettings": [true]
},
{
"blockMode": ["askReadout", "ask", "allow"],
"blockMode": ["ask"],
"askDenyMode": ["fake"],
"protectAudio": [true],
"displayAdvancedSettings": [true]
@ -350,12 +357,12 @@
"name": "audioNoiseLevel",
"displayDependencies": [
{
"blockMode": ["fakeReadout", "fakeInput"],
"blockMode": ["fake"],
"protectAudio": [true],
"displayAdvancedSettings": [true]
},
{
"blockMode": ["askReadout", "ask", "allow"],
"blockMode": ["ask"],
"askDenyMode": ["fake"],
"protectAudio": [true],
"displayAdvancedSettings": [true]
@ -366,12 +373,12 @@
"name": "useAudioCache",
"displayDependencies": [
{
"blockMode": ["fakeReadout", "fakeInput"],
"blockMode": ["fake"],
"protectAudio": [true],
"displayAdvancedSettings": [true]
},
{
"blockMode": ["askReadout", "ask", "allow"],
"blockMode": ["ask"],
"askDenyMode": ["fake"],
"protectAudio": [true],
"displayAdvancedSettings": [true]
@ -382,12 +389,12 @@
"name": "audioUseFixedIndices",
"displayDependencies": [
{
"blockMode": ["fakeReadout", "fakeInput"],
"blockMode": ["fake"],
"protectAudio": [true],
"displayAdvancedSettings": [true]
},
{
"blockMode": ["askReadout", "ask", "allow"],
"blockMode": ["ask"],
"askDenyMode": ["fake"],
"protectAudio": [true],
"displayAdvancedSettings": [true]
@ -399,13 +406,13 @@
"displayDependencies": [
{
"audioUseFixedIndices": [true],
"blockMode": ["fakeReadout", "fakeInput"],
"blockMode": ["fake"],
"protectAudio": [true],
"displayAdvancedSettings": [true]
},
{
"audioUseFixedIndices": [true],
"blockMode": ["askReadout", "ask", "allow"],
"blockMode": ["ask"],
"askDenyMode": ["fake"],
"protectAudio": [true],
"displayAdvancedSettings": [true]

3
releaseNotes.txt
View File

@ -1,12 +1,13 @@
Version 0.5.6:
changes:
-
- removed *Readout and *Input block modes (use protectedCanvasPart instead)
new features:
- options gui improvements
- url specific values can be added by hitting enter in the input
- highlight "hide" icon when "tabing" to it
- made url specific values manageable with "tabing"
- added setting "protected canvas part" to decouple block mode from part
fixes:
-