W3C home > Mailing lists > Public > public-css-archive@w3.org > August 2019

[csswg-drafts] [css-fonts-4] Palette leakage needs tests (#4252)

From: Chris Lilley via GitHub <sysbot+gh@w3.org>
Date: Wed, 28 Aug 2019 21:01:37 +0000
To: public-css-archive@w3.org
Message-ID: <issues.opened-486606990-1567026095-sysbot+gh@w3.org>
svgeesus has just created a new issue for https://github.com/w3c/csswg-drafts:

== [css-fonts-4] Palette leakage needs tests ==
> An author-defined font color palette is only available to the documents that reference it. Using an author-defined color palette outside of the documents that reference it would constitute a security leak since the contents of one page would be able to affect other pages, something an attacker could use as an attack vector.

This is easily testable (two iframes, referencing the same font, one also has an @font-palette-values rule).

Please view or discuss this issue at https://github.com/w3c/csswg-drafts/issues/4252 using your GitHub account
Received on Wednesday, 28 August 2019 21:01:39 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 06:41:52 UTC