View Issue Details

IDProjectCategoryView StatusLast Update
0004989Talerwallet (WebExtensions)public2017-06-06 14:18
ReportersharethewisdomAssigned ToFlorian Dold 
PriorityhighSeveritycrashReproducibilityalways
Status closedResolutionfixed 
PlatformOSlinuxOS Version4.8.13-1-ARCH
Product Version0.2 
Target Version0.3Fixed in Version0.3 
Summary0004989: chromeBadge.js:107 Failed to execute 'getImageData': The canvas has been tainted by cross-origin data.
DescriptionI was trying this out for the first time. The installation state on https://bank.demo.taler.net reads "Wallet not installed". Contrary to issue 0004682, withdrawal does not work for me there.
Steps To Reproducein chrome://extensions/
click Inspect views: src/background/background.html
in the console, I find the following error:
Uncaught (in promise) DOMException: Failed to execute 'getImageData' on 'CanvasRenderingContext2D': The canvas has been tainted by cross-origin data. [...]
TagsNo tags attached.

Activities

Christian Grothoff

2017-04-15 16:02

manager   ~0012037

Which version of Chrome is this?

sharethewisdom

2017-04-15 16:31

reporter   ~0012038

Chromium version 57.0.2987.133 (64-bit)
(with these flags which may not matter:)
--enable-potentially-annoying-security-features
--enable-strict-mixed-content-checking

Florian Dold

2017-04-19 01:17

manager   ~0012047

Ah, interesting. The problem only occurs with these flags enabled.

It seems that Chromium prevents calls to "getImageData" in order to defend against canvas fingerprinting? I don't see where we touch data that comes from another origin, we only use primitive drawing operations and text drawing.

"Fixed" here:
https://git.taler.net/wallet-webex.git/commit/?id=e6e0cbc387c2a77b48e4065c229daa65bf1aa0fa

This means that with these extra security features enabled, we can't have the extension icon rendered via canvas.

Not sure if it makes sense that Chromium tries to prevent extensions from canvas fingerprinting ....

Issue History

Date Modified Username Field Change
2017-04-14 21:29 sharethewisdom New Issue
2017-04-14 21:29 sharethewisdom Status new => assigned
2017-04-14 21:29 sharethewisdom Assigned To => Florian Dold
2017-04-15 16:02 Christian Grothoff Note Added: 0012037
2017-04-15 16:02 Christian Grothoff Target Version => 0.3
2017-04-15 16:31 sharethewisdom Note Added: 0012038
2017-04-19 01:17 Florian Dold Note Added: 0012047
2017-04-19 01:17 Florian Dold Status assigned => resolved
2017-04-19 01:17 Florian Dold Resolution open => fixed
2017-04-19 13:36 Christian Grothoff Fixed in Version => 0.3
2017-06-06 14:18 Christian Grothoff Status resolved => closed