On some websites certain scripts must be temporarily allowed in order to get past the captchas. After I get past the captcha I disable those temporary permissions.
When doing that I see the allow/disallow canvas icon show up in the address bar.
How exactly does TOR deal with canvvassing to protect my privacy?
For now I have installed the CanvasBlocker extension manually from an .xpi file, and it does show that it is blocking canvas while the mentioned scripts are allowed.
First of all, installing third-party extensions can further reduce your anonymity. You can't predict vulnerabilities or information that is sent to the extension developer or the site your visiting.
As for HTML canvases, the top answer here addresses the question. Unless you allow the canvas, The Tor Browser will send back a blank canvas. I'd recommend X'ing out of the notification all together as blocking it sends a much more obvious "I don't want to send you a canvas." This is according to the API by Mozilla for Firefox.
In general, X'ing out of permission notifications does the same as blocking without letting the website know you blocked it, and it will save you more time than considering whether or not accepting or blocking is the correct thing to do.