duckduckgo-privacy-extension
duckduckgo-privacy-extension copied to clipboard
duckduckgo
This addon breaks xterm.js fonts
Description
All sites that use xterm.js show a "broken" version of the fonts.
Steps to Reproduce
- Surf to https://xtermjs.org/ to see the broken fonts
- Disable this addon
- See how the fonts should look
Versions
- Extension: 2021.9.2
- Browser: Firefox 92.0
- OS: Mint 20.2
Once the fonts look fine again, you can usually enable the addon again without reintroducing the problem.
Thanks for reporting! I followed the steps that you outlined and I wasn't able to reproduce (same extension version, same FF version, but on MacOS) 🤔 This may have something to do with our canvas protection, but I'll need more reliable repro case to investigate. Also, can you please share the screanshot of broken fonts?
@jonathanKingston can you please double-check on Linux?
and disabled:
PS: If you don't have a Mint 20.2 nearby, it is based on Ubuntu 20.4. I assume it will have the same problem
I have Ubuntu 20.4 with various Firefox installs and can't reproduce.
I can't see the code doing any font sizing via Canvas, which leads me to think this is either:
- A different set of system fonts
- Firefox doing some weird rendering that might be fixed by a reload?
Is the problem still reproducible for you @ngaro?
Yes, now I also reproduced it in a VM at the obfuscated link below:
Start with "https" follow it by a colon and 2 slashes, follow it by "login-cmt.uantwerpen.COUNTRYCODEOFBELGIUM/vmmintddg831.ova" and replace COUNTRYCODEOFBELGIUM by the correct one. It's a large download (almost 3GB) so won't keep it online forever.
Sorry, I just noticed that i gave the file wrong permissions, download should work now
Hello, I would like to point out this issue also affects the Home Assistant SSH terminal web ui add on
See github issue https://github.com/home-assistant/addons/issues/2214
This probably breaks other things too, only current solution is to disable the duck duck go plugin
Note, I don't have this problem on https://xtermjs.org/
I have right now the plugin enabled
This is https://xtermjs.org/
And here is my home assistant
Hello, I would like to point out this issue also affects the Home Assistant SSH terminal web ui add on
See github issue home-assistant/addons#2214
This probably breaks other things too, only current solution is to disable the duck duck go plugin
Note, I don't have this problem on xtermjs.org
I have right now the plugin enabled
This is xtermjs.org
And here is my home assistant
same problem here, but with ttyd instead of home assistant (home assistant uses ttyd). same goes for xterm.js - it works fine there
Progams:
- VSCode web: problems
- ttyd: problems
- portainer: works fine
- jupyterlab: works fine
- coderpad: works fine
- xtermjs.org: works fine
after whitelisting the sites in the add-on settings, they work fine
I suspect this is the fingerprint randomisation with their glyph sizing code: https://github.com/xtermjs/xterm.js/blob/569708677fab0b46689bb6cbff9ce7dfce20c38d/src/browser/renderer/CustomGlyphs.ts
It's likely it isn't consistent with which domains we cause this issue to as the browser uses different keys per user to generate this.
We have some carve outs on these protections however it looks like they're drawing bezier curves and other things that would trigger our protections.
One area we could exclude is the check for transparency here: https://github.com/xtermjs/xterm.js/blob/376b29673ba174934b1b6339ef3eed8449fec529/src/browser/ColorManager.ts#L167-L193
However we could be breaking https://github.com/xtermjs/xterm.js/blob/7bd7967ab7c61e544c597e6e1b4fdfc2ee7f73e0/addons/xterm-addon-webgl/src/atlas/WebglCharAtlas.ts#L408-L413 also and I can't see how we'd exclude this.
As a temporary fix, could it be possible to set an exception for DDGPE to not run at all on the following ?
http://homeassistant.lan https://homeassistant.lan http://homeassistant.lan:8123 https://homeassistant.lan:8123