I tested latest Nightly with resistFingerprinting enabled on Ubuntu 17.10, switched keyboard layout in the OS and got the following results: > keydown/keyup: > QWERTY key: " code: Quote which: 222 > AZERTY key: " code: Quote which: 51 > > keypress: > QWERTY key: " code: Quote which: 34 > AZERTY key: " code: Quote which: 34 From these results the keyboard layout still appears to be leaked through the keydown/keyup event "which" value.
Assignee: nobody → arthuredelstein
Here's a bug to fix this missing piece from 1222285. I want to add some new tests for KeyboardEvent.which, but the existing test design won't work because synthesizeKey does not synthesize the .which property and fixing the tests is going to be somewhat complex. I manually tested this patch and the .which property is correctly spoofed. try results: https://treeherder.mozilla.org/#/jobs?repo=try&revision=3c973472eecc (I have opened bug 1439784 to deal with rewriting the KeyboardEvent spoofing tests, but I would suggest we land this patch when it is ready so that it lands in time for Firefox 60.)
Attachment #8952583 - Flags: review?(masayuki)
2 years ago
Attachment #8952583 - Flags: review?(masayuki) → review+
Thanks for quick the review!
This patch needs a DOM reviewer.
The DOM reviewer is needed for the webidl change.
Attachment #8952583 - Flags: review?(bugs)
Pushed by firstname.lastname@example.org: https://hg.mozilla.org/integration/mozilla-inbound/rev/69a621b7ba50 Spoof KeyboardEvent.which for privacy.resistFingerprinting. r=masayuki, r=smaug
Component: Event Handling → User events and focus handling
You need to log in before you can comment on or make changes to this bug.