Re: css3-fonts: should not dictate usage policy with respect to origin

On Thu, Jun 30, 2011 at 9:25 AM, Boris Zbarsky <bzbarsky@mit.edu> wrote:
> On 6/30/11 12:09 PM, Glenn Adams wrote:
>>
>> There is no mechanism to allow script content to access font data, even
>> by inference
>
> Given that you can draw text into a canvas, this seems to be an incorrect
> claim.
>
> And, importantly, new mechanisms of various sorts are getting added all the
> time.  Preventing unintentional leakage is _hard_.  See
> http://lists.w3.org/Archives/Public/www-svg/2008Sep/0112.html for example.

Even more importantly, we already have a proof-of-concept attack on
glyph data, at least, due to the fact that most impls optimize
font-drawing and no-op if a glyph is being drawn outside the bounds of
the canvas.  You can just make a 1x1 canvas, shift the position of the
drawn text around, and use timing to tell whether the pixel is inside
or outside the glyph.  Larger font sizes give you more detail.

There simply is no real distinction between reading and embedding,
just a gradient of difficulty.  If you want to prevent reading, you
have to prevent embedding as well.

~TJ

Received on Thursday, 30 June 2011 16:43:10 UTC