Just found out there is a bug within the extension that hinders FPD precision. I think it's NSCL related because it was introduced during transition between versions 0.6.2 and 0.6.3.
* Make sure that dynamically created iframes are not vulnerable to leaking unwrapped APIs (Update NSCL)
- The bug doubles the total number of calls for every wrapped endpoint accessed through the iframe element.
- The bug somehow causing to call other endpoints when wrapped endpoint is accessed through the iframe element.
Steps to reproduce:
- Visit: https://www.fit.vutbr.cz/~polcak/jsr/fpd/count.html with FPD turned on
- The page access "navigator.vendorSub" three times through the iframe element
- FPD logged the total of 6 accesses to "navigator.vendorSub" in addition to other endpoints
(see fpDb object using background console of the extension)
Expected (pre 0.6.3):
<img alt="062.jpg" src="/JShelter/webextension/issue/raw/files/4347f873d453a7cfb9504aad492722e7a1411922a2d236d66832448b788ccded-062.jpg" />
Actual (post 0.6.3):
<img alt="063.jpg" src="/JShelter/webextension/issue/raw/files/cf967c8a3a9cb6f786380c62aabc4ed5c0355cb305dd35feba9b262b502339eb-063.jpg" />
to comment on this ticket.