Open Bug 1961850 Opened 20 days ago Updated 20 days ago

Exempt system callers from canvas randomization for toDataURL

Categories

(Core :: Privacy: Anti-Tracking, defect, P5)

Product:
Core
Component:
Privacy: Anti-Tracking
Type:
defect

Tracking

()

People

(Reporter: fkilic, Unassigned)

References

Details

In CanvasUtils::ImageExtractionResult we check for principal, but we don't do it in toDataURL. To allow system callers avoid getting randomized data, we should check for principal in toDataURL calls.

Oh I see why we didn't do this. We do provide subject principal to toDataURL but randomize it deep in the callstack, where we don't have the subject principal.

We don't need this for now though. GetImageData can be used to get non-randomized data when bug 1961809 lands.

Assignee: fkilic → nobody
Severity: -- → S3
Status: ASSIGNED → NEW
Type: task → defect
Priority: -- → P5
You need to log in before you can comment on or make changes to this bug.