search

andryou / scriptsafe

a browser extension to bring security and privacy to chrome, firefox, and opera
https://www.andryou.com/scriptsafe
509 stars 79 forks source link

ScriptSafe preventing canvas2d game engines to render fonts (even when trusted) #209

Open cookiengineer opened 7 years ago

cookiengineer commented 7 years ago

ScriptSafe is always injecting the CanvasRenderingContext2D.prototype.measureText method and therefore will break any JS 2D game engine and/or game, even when the domain is fully trusted.

Also, this method should NOT return false, as this is not spec compatible. Instead, if decided it should stay, it should return something along { width: 0 }. Otherwise shit will keep breakin unnecessarily.

> CanvasRenderingContext2D.prototype.measureText

function () {
                    canvasfont_triggerblock.title = 'measureText';
                    document.documentElement.appendChild(canvasfont_triggerblock);
                    return false;
                }
cookiengineer commented 7 years ago

Relevant source code line in ss.js: https://github.com/andryou/scriptsafe/blob/e87c86c85f2f841693838305345e0940b978c588/js/ss.js#L270