Issue #88: Think about reimplementation of `CanvasRenderingContext2D.isPointInStroke` and `CanvasRenderingContext2D.isPointInPath` - webextension

JShelter / webextension

#88 Think about reimplementation of `CanvasRenderingContext2D.isPointInStroke` and `CanvasRenderingContext2D.isPointInPath`

Opened a year ago by polcak. Modified a year ago

Summary

CanvasRenderingContext2D.isPointInStrokeandCanvasRenderingContext2D.isPointInPath` return either:

Always False
Randomly False or the correct answer

That means that if repeated calls with the same parameters return True, the correct value is 'True'. That means that the correct value can be quite precisely guessed by repeated calls. Additionally, the repeated calls reveal inconsistencies. The behaviour can possibly break innocent code that expect constant results.

An option to consider is to farble the results according to x and y coordinates, the current color (possibly farbled) and the session hash of the domain. That will make the calls pure functions as expected.

A possible downside is the risk of leaking the session hash as the attacker can control, x, y, and the color.

Setup

JShelter Version: 0.11.1

Metadata

Assignee

None

Tags

Blocking

None

Depending on

None

Priority

Normal

Milestone

None

JShelter / webextension

Source Code

#88 Think about reimplementation of `CanvasRenderingContext2D.isPointInStroke` and `CanvasRenderingContext2D.isPointInPath` Opened a year ago by polcak. Modified a year ago

Close issue as:

Summary

Setup

Metadata

enhancement

#88 Think about reimplementation of `CanvasRenderingContext2D.isPointInStroke` and `CanvasRenderingContext2D.isPointInPath`

Opened a year ago by polcak. Modified a year ago