[tor-commits] [tor-browser/tor-browser-68.8.0esr-9.5-1] (ESR68) Bug 1511941 - Don't expose PerformanceNavigationTiming in RFP mode

sysrqb at torproject.org sysrqb at torproject.org
Fri May 15 23:16:24 UTC 2020


commit 6d7f6ea31a7629d3df6fd09fc579b5a60e599c35
Author: sanketh <sgmenda at uwaterloo.ca>
Date:   Sun May 10 16:50:41 2020 +0000

    (ESR68) Bug 1511941 - Don't expose PerformanceNavigationTiming in RFP mode
    
    In RFP mode, we do not support PerformanceNavigationTiming, so don't expose it.
    In particular, window.PerformanceNavigationTiming should return undefined.
    
    Added a new method PerformanceNavigationTiming::Enabled which when used with the
    WebIDL Func attribute allows us to toggle whether
    window.PerformanceNavigationTiming is exposed.
    
    Created
    dom/tests/mochitest/general/test_toggling_performance_navigation_timing.html to
    test whether the toggling works. Updated
    browser/components/resistfingerprinting/test/browser/browser_performanceAPI.js
    to create a new window each time privacy.resistFingerprinting is flipped so this
    behavior does not leak into other tests.
---
 .../test/browser/browser_performanceAPI.js         | 62 ++++++++--------------
 dom/performance/PerformanceMainThread.cpp          |  3 +-
 dom/performance/PerformanceNavigationTiming.cpp    |  6 +++
 dom/performance/PerformanceNavigationTiming.h      |  6 +++
 dom/tests/mochitest/general/mochitest.ini          |  1 +
 ...est_toggling_performance_navigation_timing.html | 47 ++++++++++++++++
 dom/webidl/PerformanceNavigationTiming.webidl      |  2 +
 7 files changed, 85 insertions(+), 42 deletions(-)

diff --git a/browser/components/resistfingerprinting/test/browser/browser_performanceAPI.js b/browser/components/resistfingerprinting/test/browser/browser_performanceAPI.js
index b4c6b4f9d461..eb51a98e7364 100644
--- a/browser/components/resistfingerprinting/test/browser/browser_performanceAPI.js
+++ b/browser/components/resistfingerprinting/test/browser/browser_performanceAPI.js
@@ -78,7 +78,6 @@ let isRounded = (x, expectedPrecision) => {
 };
 
 let setupTest = async function(
-  tab,
   resistFingerprinting,
   reduceTimerPrecision,
   expectedPrecision,
@@ -95,6 +94,13 @@ let setupTest = async function(
       ],
     ],
   });
+
+  let win = await BrowserTestUtils.openNewBrowserWindow();
+  let tab = await BrowserTestUtils.openNewForegroundTab(
+    win.gBrowser,
+    TEST_PATH + "file_dummy.html"
+  );
+
   // No matter what we set the precision to, if we're in ResistFingerprinting mode
   // we use the larger of the precision pref and the constant 100ms
   if (resistFingerprinting) {
@@ -110,15 +116,11 @@ let setupTest = async function(
     },
     runTests
   );
+  await BrowserTestUtils.closeWindow(win);
 };
 // ================================================================================================
 // ================================================================================================
 add_task(async function runRPTests() {
-  let tab = await BrowserTestUtils.openNewForegroundTab(
-    gBrowser,
-    TEST_PATH + "file_dummy.html"
-  );
-
   let runTests = async function(data) {
     let timerlist = data.list;
     let expectedPrecision = data.precision;
@@ -165,21 +167,14 @@ add_task(async function runRPTests() {
     );
   };
 
-  await setupTest(tab, true, true, 100, runTests);
-  await setupTest(tab, true, false, 13, runTests);
-  await setupTest(tab, true, false, 0.13, runTests);
-
-  BrowserTestUtils.removeTab(tab);
+  await setupTest(true, true, 100, runTests);
+  await setupTest(true, false, 13, runTests);
+  await setupTest(true, false, 0.13, runTests);
 });
 
 // ================================================================================================
 // ================================================================================================
 add_task(async function runRTPTests() {
-  let tab = await BrowserTestUtils.openNewForegroundTab(
-    gBrowser,
-    TEST_PATH + "file_dummy.html"
-  );
-
   let runTests = async function(data) {
     let timerlist = data.list;
     let expectedPrecision = data.precision;
@@ -215,6 +210,7 @@ add_task(async function runRTPTests() {
       content.performance.getEntries().length,
       4,
       "For reduceTimerPrecision, there should be 4 entries for performance.getEntries()"
+      // PerformanceNavigationTiming, PerformanceMark, PerformanceMark, PerformanceMeasure
     );
     for (var i = 0; i < 4; i++) {
       let startTime = content.performance.getEntries()[i].startTime;
@@ -253,11 +249,9 @@ add_task(async function runRTPTests() {
     content.performance.clearResourceTimings();
   };
 
-  await setupTest(tab, false, true, 100, runTests);
-  await setupTest(tab, false, true, 13, runTests);
-  await setupTest(tab, false, true, 0.13, runTests);
-
-  BrowserTestUtils.removeTab(tab);
+  await setupTest(false, true, 100, runTests);
+  await setupTest(false, true, 13, runTests);
+  await setupTest(false, true, 0.13, runTests);
 });
 
 // ================================================================================================
@@ -284,27 +278,13 @@ let runWorkerTest = async function(data) {
 };
 
 add_task(async function runRPTestsForWorker() {
-  let tab = await BrowserTestUtils.openNewForegroundTab(
-    gBrowser,
-    TEST_PATH + "file_dummy.html"
-  );
-
-  await setupTest(tab, true, true, 100, runWorkerTest, "runRPTests");
-  await setupTest(tab, true, false, 13, runWorkerTest, "runRPTests");
-  await setupTest(tab, true, true, 0.13, runWorkerTest, "runRPTests");
-
-  BrowserTestUtils.removeTab(tab);
+  await setupTest(true, true, 100, runWorkerTest, "runRPTests");
+  await setupTest(true, false, 13, runWorkerTest, "runRPTests");
+  await setupTest(true, true, 0.13, runWorkerTest, "runRPTests");
 });
 
 add_task(async function runRTPTestsForWorker() {
-  let tab = await BrowserTestUtils.openNewForegroundTab(
-    gBrowser,
-    TEST_PATH + "file_dummy.html"
-  );
-
-  await setupTest(tab, false, true, 100, runWorkerTest, "runRTPTests");
-  await setupTest(tab, false, true, 13, runWorkerTest, "runRTPTests");
-  await setupTest(tab, false, true, 0.13, runWorkerTest, "runRTPTests");
-
-  BrowserTestUtils.removeTab(tab);
+  await setupTest(false, true, 100, runWorkerTest, "runRTPTests");
+  await setupTest(false, true, 13, runWorkerTest, "runRTPTests");
+  await setupTest(false, true, 0.13, runWorkerTest, "runRTPTests");
 });
diff --git a/dom/performance/PerformanceMainThread.cpp b/dom/performance/PerformanceMainThread.cpp
index 7c39b9350646..bfcbea4e1148 100644
--- a/dom/performance/PerformanceMainThread.cpp
+++ b/dom/performance/PerformanceMainThread.cpp
@@ -305,7 +305,8 @@ DOMHighResTimeStamp PerformanceMainThread::CreationTime() const {
 void PerformanceMainThread::CreateNavigationTimingEntry() {
   MOZ_ASSERT(!mDocEntry, "mDocEntry should be null.");
 
-  if (!StaticPrefs::dom_enable_performance_navigation_timing()) {
+  if (!StaticPrefs::dom_enable_performance_navigation_timing() ||
+      StaticPrefs::privacy_resistFingerprinting()) {
     return;
   }
 
diff --git a/dom/performance/PerformanceNavigationTiming.cpp b/dom/performance/PerformanceNavigationTiming.cpp
index dbc6aa78c4d5..fb18b91aabe6 100644
--- a/dom/performance/PerformanceNavigationTiming.cpp
+++ b/dom/performance/PerformanceNavigationTiming.cpp
@@ -6,6 +6,7 @@
 
 #include "mozilla/dom/PerformanceNavigationTiming.h"
 #include "mozilla/dom/PerformanceNavigationTimingBinding.h"
+#include "mozilla/StaticPrefs.h"
 
 using namespace mozilla::dom;
 
@@ -138,3 +139,8 @@ void PerformanceNavigationTiming::UpdatePropertiesFromHttpChannel(
     nsIHttpChannel* aHttpChannel, nsITimedChannel* aChannel) {
   mTimingData->SetPropertiesFromHttpChannel(aHttpChannel, aChannel);
 }
+
+bool PerformanceNavigationTiming::Enabled(JSContext* aCx, JSObject* aGlobal) {
+  return (StaticPrefs::dom_enable_performance_navigation_timing() &&
+          !StaticPrefs::privacy_resistFingerprinting());
+}
diff --git a/dom/performance/PerformanceNavigationTiming.h b/dom/performance/PerformanceNavigationTiming.h
index 8ef79999a1bc..7bf76ee3d670 100644
--- a/dom/performance/PerformanceNavigationTiming.h
+++ b/dom/performance/PerformanceNavigationTiming.h
@@ -65,6 +65,12 @@ class PerformanceNavigationTiming final : public PerformanceResourceTiming {
   void UpdatePropertiesFromHttpChannel(nsIHttpChannel* aHttpChannel,
                                        nsITimedChannel* aChannel);
 
+  /*
+   * For use with the WebIDL Func attribute to determine whether
+   * window.PerformanceNavigationTiming is exposed.
+   */
+  static bool Enabled(JSContext* aCx, JSObject* aGlobal);
+
  private:
   ~PerformanceNavigationTiming() {}
 };
diff --git a/dom/tests/mochitest/general/mochitest.ini b/dom/tests/mochitest/general/mochitest.ini
index cb233881397d..36f955500c09 100644
--- a/dom/tests/mochitest/general/mochitest.ini
+++ b/dom/tests/mochitest/general/mochitest.ini
@@ -141,6 +141,7 @@ skip-if = toolkit == 'android' # bug 1230232 - Mouse doesn't select in the same
 [test_storagePermissionsReject.html]
 [test_storagePermissionsRejectForeign.html]
 [test_stylesheetPI.html]
+[test_toggling_performance_navigation_timing.html]
 [test_vibrator.html]
 [test_WebKitCSSMatrix.html]
 [test_windowedhistoryframes.html]
diff --git a/dom/tests/mochitest/general/test_toggling_performance_navigation_timing.html b/dom/tests/mochitest/general/test_toggling_performance_navigation_timing.html
new file mode 100644
index 000000000000..88f7154286cd
--- /dev/null
+++ b/dom/tests/mochitest/general/test_toggling_performance_navigation_timing.html
@@ -0,0 +1,47 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <meta charset="utf-8">
+  <title>Test for Bug 1511941 - Don't expose PerformanceNavigationTiming when it is disabled</title>
+  <script src="/tests/SimpleTest/SimpleTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
+</head>
+<body>
+  <div id="content"> </div>
+  <script type="application/javascript">
+    async function testWhetherExposed(resistFingerprinting, enable_performance_navigation_timing) {
+      await SpecialPowers.pushPrefEnv({
+        "set": [["privacy.resistFingerprinting", resistFingerprinting],
+                ["dom.enable_performance_navigation_timing", enable_performance_navigation_timing]],
+        });
+      var iframe = document.createElement("iframe");
+      document.body.append(iframe);
+      var p = iframe.contentWindow.PerformanceNavigationTiming;
+      if (resistFingerprinting)
+        is(p, undefined, "window.PerformanceNavigationTiming should not be exposed when"
+                         + " dom.enable_performance_navigation_timing=" + enable_performance_navigation_timing
+                         + " and privacy.resistFingerprinting="+ resistFingerprinting +".");
+      if (!enable_performance_navigation_timing)
+        is(p, undefined, "window.PerformanceNavigationTiming should not be exposed when"
+                         + " dom.enable_performance_navigation_timing=" + enable_performance_navigation_timing
+                         + " and privacy.resistFingerprinting="+ resistFingerprinting +".");
+      if (enable_performance_navigation_timing && !resistFingerprinting) {
+        isnot(p, undefined, "window.PerformanceNavigationTiming should be exposed when"
+                            + " dom.enable_performance_navigation_timing=" + enable_performance_navigation_timing
+                            + " and privacy.resistFingerprinting="+ resistFingerprinting +".");
+      }
+    }
+
+    async function start() {
+      await testWhetherExposed(true,true);
+      await testWhetherExposed(true,false);
+      await testWhetherExposed(false,true);
+      await testWhetherExposed(false,false);
+      SimpleTest.finish();
+    }
+
+    SimpleTest.waitForExplicitFinish();
+    start();
+  </script>
+</body>
+</html>
diff --git a/dom/webidl/PerformanceNavigationTiming.webidl b/dom/webidl/PerformanceNavigationTiming.webidl
index b26e1c18f688..cf029972304f 100644
--- a/dom/webidl/PerformanceNavigationTiming.webidl
+++ b/dom/webidl/PerformanceNavigationTiming.webidl
@@ -17,6 +17,8 @@ enum NavigationType {
   "prerender"
 };
 
+[Exposed=Window,
+ Func="mozilla::dom::PerformanceNavigationTiming::Enabled"]
 interface PerformanceNavigationTiming : PerformanceResourceTiming {
   readonly        attribute DOMHighResTimeStamp unloadEventStart;
   readonly        attribute DOMHighResTimeStamp unloadEventEnd;



More information about the tor-commits mailing list