Just found out there is a bug within the extension that hinders FPD precision. I think it's NSCL related because it was introduced during transition between versions 0.6.2 and 0.6.3. Specifically: * Make sure that dynamically created iframes are not vulnerable to leaking unwrapped APIs (Update NSCL)
Description: - The bug doubles the total number of calls for every wrapped endpoint accessed through the iframe element. - The bug somehow causing to call other endpoints when wrapped endpoint is accessed through the iframe element.
Steps to reproduce: - Visit: https://www.fit.vutbr.cz/~polcak/jsr/fpd/count.html with FPD turned on - The page access "navigator.vendorSub" three times through the iframe element - FPD logged the total of 6 accesses to "navigator.vendorSub" in addition to other endpoints (see fpDb object using background console of the extension)
Expected (pre 0.6.3): <img alt="062.jpg" src="/JShelter/webextension/issue/raw/files/4347f873d453a7cfb9504aad492722e7a1411922a2d236d66832448b788ccded-062.jpg" />
Actual (post 0.6.3): <img alt="063.jpg" src="/JShelter/webextension/issue/raw/files/cf967c8a3a9cb6f786380c62aabc4ed5c0355cb305dd35feba9b262b502339eb-063.jpg" />
Log in to comment on this ticket.