- From: <bugzilla@jessica.w3.org>
- Date: Fri, 11 Feb 2011 02:01:16 +0000
- To: public-html-bugzilla@w3.org
http://www.w3.org/Bugs/Public/show_bug.cgi?id=11955 --- Comment #3 from Jonas Sicking <jonas@sicking.cc> 2011-02-11 02:01:15 UTC --- Disclaimer: The outcome of this bug doesn't matter to gecko one way or another since we don't allow cross-origin fonts at all unless CORS is used. So fixing our code to align with this change is a no-op. This seems to close the window when the door is already opened. As you point out, you can get lots of information using CSSOM, and likely more as time goes on. Additionally, using things like pointer-events and SVG filters, you can get the actual pixel data in the font too. So the result of this bug seems to be solely to require implementations to add code. No actual security or privacy improvements are archived. The only benefit I can see is if is there is a long term plan to close the other holes too. Is that the case? -- Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA contact for the bug.
Received on Friday, 11 February 2011 02:01:17 UTC