Implement fingerprinting in the FirefoxDriver

jleyba · jleyba · commit b82512999938 · 2015-01-27T15:53:11.000-08:00
The FirefoxDriver will flag its presence by setting window.navigator.webdriver === true on every page. See: https://w3c.github.io/webdriver/webdriver-spec.html#fingerprinting For now, the original fingerprinting method (setting an attribute on documentElement) remains.
diff --git a/javascript/firefox-driver/extension/content/server.js b/javascript/firefox-driver/extension/content/server.js
@@ -35,12 +35,35 @@ try {
 // _browser window_ (not chrome window). Multiple tabs in the same window will
 // share a FirefoxDriver and DomMessenger instance.
 window.addEventListener('load', function(e) {
+  // http://w3c.github.io/webdriver/webdriver-spec.html#security-and-privacy
+  var appcontent = document.getElementById('appcontent');
+  if (appcontent) {
+    appcontent.addEventListener('DOMContentLoaded', function(e) {
+      var doc = e.originalTarget || e.target;
+      var isSvg = doc.documentElement.nodeName == 'svg';
+      var script = isSvg ?
+          doc.createElementNS('http://www.w3.org/2000/svg', 'script') :
+          doc.createElement('script');
+      script.setAttribute('type', 'text/javascript');
+      script.textContent = '(' + function() {
+        Object.defineProperty(window.navigator, 'webdriver', {
+          value: true,
+          configurable: false,
+          enumerable: true,
+          writable: false
+        });
+      } + ')()';
+      doc.documentElement.appendChild(script);
+      doc.documentElement.removeChild(script);
+    });
+  }
+
+  // old fingerprinting path
   var server = Components.classes['@googlecode.com/webdriver/fxdriver;1']
       .createInstance()
       .wrappedJSObject;
 
   if (!domMessenger) {
-    var appcontent = document.getElementById('appcontent');
     if (appcontent) {
       try {
         var commandProcessor = Components.
diff --git a/javascript/node/selenium-webdriver/test/fingerprint_test.js b/javascript/node/selenium-webdriver/test/fingerprint_test.js
@@ -0,0 +1,55 @@
+// Copyright 2015 Selenium committers
+// Copyright 2015 Software Freedom Conservancy
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+//     You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+'use strict';
+
+var assert = require('../testing/assert'),
+    test = require('../lib/test'),
+    Pages = test.Pages;
+
+
+test.suite(function(env) {
+  var browsers = env.browsers;
+
+  var driver;
+  test.before(function() {
+    driver = env.builder().build();
+  });
+
+  test.after(function() {
+    driver.quit();
+  });
+
+  describe('fingerprinting', function() {
+    test.it('it should fingerprint the navigator object', function() {
+      driver.get(Pages.simpleTestPage);
+      assert(driver.executeScript('return navigator.webdriver')).equalTo(true);
+    });
+
+    test.it('fingerprint must not be writable', function() {
+      driver.get(Pages.simpleTestPage);
+      assert(driver.executeScript(
+          'navigator.webdriver = "ohai"; return navigator.webdriver'))
+          .equalTo(true);
+    });
+
+    test.it('leaves fingerprint on svg pages', function() {
+      driver.get(Pages.svgPage);
+      assert(driver.executeScript('return navigator.webdriver')).equalTo(true);
+    });
+  });
+
+// Currently only implemented in firefox.
+}, {browsers: ['firefox']});
