Re: [csswg-drafts] [css-fonts][css-fonts-4] CSS Fonts 4 needs a proper Security and Privacy Considerations section (#4697) from Myles C. Maxfield via GitHub on 2020-02-21 (public-css-archive@w3.org from February 2020)

From: Myles C. Maxfield via GitHub <sysbot+gh@w3.org>
Date: Fri, 21 Feb 2020 16:27:52 +0000
To: public-css-archive@w3.org
Message-ID: <issue_comment.created-589728052-1582302471-sysbot+gh@w3.org>

The attack relies on the CSS being hosted by a third party. E.g. google fonts hosts css files that contain a bunch of @font-faces already. If they wanted to be evil, they could use this attack to “read” users’ webpages in real-time.

-- 
GitHub Notification of comment by litherum
Please view or discuss this issue at https://github.com/w3c/csswg-drafts/issues/4697#issuecomment-589728052 using your GitHub account

Received on Friday, 21 February 2020 16:27:54 UTC