- From: Noam Rosenthal via GitHub <sysbot+gh@w3.org>
- Date: Wed, 01 Jul 2020 17:09:18 +0000
- To: public-css-archive@w3.org
> I didn't see it stated very clearly clearly in this issue, so let me first state what I think the information leak is: > > Developers can detect whether there is EXIF rotation information in an image by rendering it twice - once with `image-orientation: from-image` and one with `image-orientation: none`, and observing if there is a difference in the layout size of the result. > > Therefore, for a cross-domain image, the developer can obtain one bit of information about these images. Yes, and same for a potential implementation of image-resolution, and for querying image orientation from javascript (https://github.com/whatwg/html/issues/5602). > > However, don't sites already know multiple "bits of information" about cross-origin images, such as their width and height? I think the only bits of information they know right now is an image's width and height. Is exposing related information such as orientation/density a problem? It's hard for me to fathom how that info can be used, but it's difficult to be certain. -- GitHub Notification of comment by noamr Please view or discuss this issue at https://github.com/w3c/csswg-drafts/issues/5165#issuecomment-652541940 using your GitHub account
Received on Wednesday, 1 July 2020 17:09:21 UTC