W3C home > Mailing lists > Public > public-css-archive@w3.org > August 2019

[csswg-drafts] [css-fonts-4] Palette leakage needs tests (#4252)

From: Chris Lilley via GitHub <sysbot+gh@w3.org>
Date: Wed, 28 Aug 2019 21:01:37 +0000
To: public-css-archive@w3.org
Message-ID: <issues.opened-486606990-1567026095-sysbot+gh@w3.org> 
svgeesus has just created a new issue for https://github.com/w3c/csswg-drafts:

== [css-fonts-4] Palette leakage needs tests ==
> An author-defined font color palette is only available to the documents that reference it. Using an author-defined color palette outside of the documents that reference it would constitute a security leak since the contents of one page would be able to affect other pages, something an attacker could use as an attack vector.
https://drafts.csswg.org/css-fonts-4/#font-palette-values

This is easily testable (two iframes, referencing the same font, one also has an @font-palette-values rule).

Please view or discuss this issue at https://github.com/w3c/csswg-drafts/issues/4252 using your GitHub account
Received on Wednesday, 28 August 2019 21:01:39 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 06:41:52 UTC