Closed Bug 1438795 Opened 3 years ago Closed 3 years ago

Keyboard layout still leaked by keydown/keyup event "which" value

Categories

(Core :: DOM: UI Events & Focus Handling, defect, P2)

60 Branch
defect

Tracking

()

RESOLVED FIXED
mozilla60
Tracking Status
firefox60 --- fixed

People

(Reporter: ke5trel, Assigned: arthur)

References

(Blocks 1 open bug)

Details

(Whiteboard: [fingerprinting])

Attachments

(1 file)

I tested latest Nightly with resistFingerprinting enabled on Ubuntu 17.10, switched keyboard layout in the OS and got the following results:

> keydown/keyup:
> QWERTY   key: "   code: Quote   which: 222
> AZERTY   key: "   code: Quote   which: 51
> 
> keypress:
> QWERTY   key: "   code: Quote   which: 34
> AZERTY   key: "   code: Quote   which: 34

From these results the keyboard layout still appears to be leaked through the keydown/keyup event "which" value.
Any thoughts?
Flags: needinfo?(arthuredelstein)
Nice one!
Assignee: nobody → arthuredelstein
Flags: needinfo?(arthuredelstein)
Priority: -- → P2
Blocks: 1439784
Here's a bug to fix this missing piece from 1222285. I want to add some new tests for KeyboardEvent.which, but the existing test design won't work because synthesizeKey does not synthesize the .which property and fixing the tests is going to be somewhat complex. I manually tested this patch and the .which property is correctly spoofed.

try results: https://treeherder.mozilla.org/#/jobs?repo=try&revision=3c973472eecc

(I have opened bug 1439784 to deal with rewriting the KeyboardEvent spoofing tests, but I would suggest we land this patch when it is ready so that it lands in time for Firefox 60.)
Attachment #8952583 - Flags: review?(masayuki)
Attachment #8952583 - Flags: review?(masayuki) → review+
Thanks for quick the review!
Keywords: checkin-needed
This patch needs a DOM reviewer.
Flags: needinfo?(arthuredelstein)
The DOM reviewer is needed for the webidl change.
Keywords: checkin-needed
Flags: needinfo?(arthuredelstein)
Attachment #8952583 - Flags: review?(bugs)
Attachment #8952583 - Flags: review?(bugs) → review+
Thanks!
Keywords: checkin-needed
Pushed by ryanvm@gmail.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/69a621b7ba50
Spoof KeyboardEvent.which for privacy.resistFingerprinting. r=masayuki, r=smaug
Keywords: checkin-needed
https://hg.mozilla.org/mozilla-central/rev/69a621b7ba50
Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla60
Component: Event Handling → User events and focus handling
You need to log in before you can comment on or make changes to this bug.