0

I'm modding firefox and I'm looking for a way to modify the date.toLocaleString JavaScript method behavior on FireFox.

It is a "Chameleon" mod to spoof the return value. I want to add an extra argument if none was passed:

e.g 

var date = new Date();
date.toLocaleString(); // "6/28/2016, 6:16:18 PM"
date.toLocateString("ar-TN"); // "٢٨‏/٦‏/٢٠١٦ ٦:١٦:١٨ م"

I'd like to get the second result from the first call (normally used by websites when fingerprinting), given the locale without changing the whole browser's locale, just the JS.

I have already tried JavaScript approaches (overriding the function, proxy pattern, you name it..) but couldn't get a clean implementation (that can be removed from the DOM without problem) and patching the underlying C++ code without success (didn't dig too much on that honestly).

Can you point me to an appropriate approach, and/or a specific patch location ?

Wahib Mkadmi
  • 627
  • 2
  • 9
  • 26
  • 1
    What is it you are actually trying to accomplish? – Steven R. Loomis Jul 19 '16 at 20:07
  • Wow, the technical lead of icu for c/c++ himself, couldn't ask better for internationalization lol. I've posted a new answer, thanks ! :) – Wahib Mkadmi Jul 19 '16 at 22:24
  • ICU is a team effort… anyways, thanks for posting the reply. Anyways, what I'm asking is what the use case is for overriding the locale. – Steven R. Loomis Jul 20 '16 at 01:10
  • I'm developing an anti-fingerprinting application. A vector for fingerprinting is the output of toLocaleString() methods, so I want to spoof it, and give the user the choice of what default locale he wants JS to return. – Wahib Mkadmi Jul 20 '16 at 02:56
  • I'd be curious about any background on this use of `fingerprinting` - I had heard of it during the ecma402 discussion. – Steven R. Loomis Jul 20 '16 at 15:58
  • I didn't really get what you're asking for, but I think those link are a good start: https://trac.torproject.org/projects/tor/ticket/15473 / https://bugzilla.mozilla.org/show_bug.cgi?id=867501 / http://tor-bugs.torproject.narkive.com/cFPjbmRb/10284-firefox-patch-issues-locale-dependent-js-methods-may-leak-language-info-to-content-window – Wahib Mkadmi Jul 20 '16 at 21:57
  • ok. i guess you are really just looking for a way to (as you say below) set the JS Locale independent of the UI Locale. thanks, I had heard of this concern before but not in this detail. – Steven R. Loomis Jul 20 '16 at 23:26
  • Exactly. Fingerprinters have no way to determine the browser UI language, what we need to target JavaScript only (for a better user experience as well). What exactly are you looking for ? – Wahib Mkadmi Jul 21 '16 at 14:13

1 Answers1

0

A bit late maybe, but I've solved the problem on my own, it could help someone someday. (Explained in the most boring way so any one gets it, these lands are kind of dark...)

There is no easy way to override the locale in JavaScript, as there is no such feature in ECMA Specification.

The targets here are the Date and Number. These are self hosted objects. and It's difficult to find a way to achieve this goal in self hosted js, as available options are quite restricted (See here for a list)
The solution hence is to do on the C++ side.

In its simplest form, the problem is about overriding the default locale, used by JavaScript without affecting the browser UI. Recent versions of Firefox are relying on ICU for internationalization, a C++ library. Say hello to XPConnect. The localization of JavaScript is done via the bool xpc_LocalizeContext(JSContext* cx) method (available here), overriding the default locale is as simple as inserting this code at the beginning of function: 

char* overrideLocale = std::getenv("OVERRIDE_LOCALE");
if (overrideLocale != NULL) {
    return JS_SetDefaultLocale(rt, overrideLocale);
}

This code overrides the default locale via environment variable, but it's easily changeable.

Wahib Mkadmi
  • 627
  • 2
  • 9
  • 26