add CanvasRenderingContext2D.prototype.isPointInPath and 4 other meth…

[pes10k]

Fixes #10288

This change would block the following 5 methods (presented below, with brief motivation for each). Numbers for feature use / tracking use are taken from https://www.cs.uic.edu/%7Epsnyder/static/papers/Browser_Feature_Usage_on_the_Modern_Web.pdf

I've added a link to this paper in the FP part of the wiki, along with a description of the SVG related methods. I did not further discuss the canvas and WebGL related methods, since they're already mentioned.

CanvasRenderingContext2D.prototype.isPointInPath

• Is used in popular live, popular fingerprinting code
• Is infrequently used on the web (was observed on only 166 sites in the Alexa 10k)
• Is frequently blocked by anti-tracking tools (in the presence of Ghostery, it is only seen on 28 sites in the Alexa 10k, suggesting its used for tracking 83% of the time)

WebGLRenderingContext.prototype.getUniformLocation and WebGLRenderingContext.prototype.getAttribLocation

• Are used in popular live, popular fingerprinting code, (here and here, for example)
• Are infrequently used on the web (was observed on only 255 and 250 sites in the Alexa 10k, respectivly)
• Are frequently blocked by anti-tracking tools (in the presence of Ghostery, it is only seen on 44 and sites in the Alexa 10k, suggesting its used for tracking 82.75% and 82.4% of the time)
• Non-obvious use case (e.x.: its not obvious to see why you'd need to query these parameters out of the context, if you'd already set them)

SVGPathElement.prototype.getTotalLength

• Anecdotally Used in ways similar to canvas finger printing (font enumeration, getting subtle differences in rendering between platforms)
• Very infrequently used on the web (observed on 140 of the Alexa 10k)
• Very frequently associated with tracking (use goes down to only 2 sites, or a 98.57% reduction, in the presence of Ghostery)

SVGTextContentElement.prototype.getComputedTextLength

• Anecdotally Used in ways similar to canvas finger printing (font enumeration, getting subtle differences in rendering between platforms)
• Extremely associated with tracking (use goes from 1003 sites in the Alexa 10k, to 1, or a 99.9% reduction, in the presence of Ghostery)

[codecov-io]

Codecov Report

Merging #11140 into master will decrease coverage by 0.04%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##           master   #11140      +/-   ##
==========================================
- Coverage   53.46%   53.41%   -0.05%     
==========================================
  Files         251      251              
  Lines       21771    21771              
  Branches     3407     3407              
==========================================
- Hits        11639    11630       -9     
- Misses      10132    10141       +9

Flag	Coverage Δ
#unittest	53.41% <ø> (-0.05%)	⬇️

Impacted Files	Coverage Δ
js/stores/appStoreRenderer.js	91.17% <0%> (-8.83%)	⬇️
app/renderer/components/reduxComponent.js	84.37% <0%> (-6.25%)	⬇️
js/stores/windowStore.js	27.45% <0%> (-0.31%)	⬇️

[diracdeltas]

lgtm! the proxy fingerprinting and device enumeration tests are failing but they also fail on master

[luixxiul]

do we need QA on this?

[diracdeltas]

do we need QA on this?

unless @snyderp has example sites that use these methods, nope

[diracdeltas]

i'm going to lift this into 0.19.x hotfix 6 because it's unlikely to break anything and also it solves merge conflict with #11784

[diracdeltas]

0.19.x: 14ef118