Canvas Blocker will cause website auto jump failure

Question

Canvas Blocker will cause website auto jump failure

Opened this issue 7 years ago · 2 comments

Canvas Blocker has a bug on chrome, i tested it also on firefox has this bug.
Canvas Blocker will cause website auto jump failure.
you can reproduce in this link:
http://codersclub.org/discuzx/member.php?mod=register
no matter login or register, page does not auto jump.
Maybe make a option to keep a same Canvas Fingerprint for a while like 5 minutes would solve it.

Answer 1 · 2019-04-08T16:53:09.000Z

DiscuzX use a XML document as response. It will cause script injected. But we only want inject.js inject into HTML.

Answer 2 · 2019-04-08T17:04:09.000Z

Description

A <form> target to an iframe. And then submit the form. Iframe got the result in xml format. Because it doesn't have document.documentElement.dataset attribute.

Steps to reproduce

Create a form element.
Create an iframe element.
Set the form target to the iframe.
Set the form url to somewhere that may response an XML result.
Post the form.

index.html

<iframe name="my_iframe" onload="my_iframe_onload()"></iframe>
<form action="submit.php" method="POST" target="my_iframe">
    <input type="submit">
</form>
<script>
    function my_iframe_onload() {
        console.log(document.getElementsByName("my_iframe")[0].contentWindow.document.documentElement.textContent);
    }
</script>

submit.php

<?php
header('Content-Type: text/xml');
?><?xml version="1.0" encoding="UTF-8"?>
<root><![CDATA[Hello]]></root>

Excepted result

Hello

Actual result

{
  const toBlob = HTMLCanvasElement.prototype.toBlob;
  const toDataURL = HTMLCanvasElement.prototype.toDataURL;

  ......
  
  document.documentElement.dataset.htGfd = true;
}Hello

System Information

Windows 10 64-bit Chrome 73