- From: Ashley Sheridan <ash@ashleysheridan.co.uk>
- Date: Tue, 11 May 2010 12:28:34 +0100
On Tue, 2010-05-11 at 12:32 +0300, Eitan Adler wrote: > > Please note there's a rather strong privacy issue here. I don't want a > > web page to be able - without my prior consent - to query the list of > > fonts available in my system. > > You already have this problem if a website were to create a list of > elements with a list of different fonts and use Javascript to > determine which font is being displayed. [1] > > I'm not advocating opening another hole just because one already > exists - I'm just pointing this out. > > [1] http://www.lalit.org/lab/javascript-css-font-detect It's not as clear cut as you make it sound. That script works on the basis that the glyphs within a font have different widths compared to the same glyph of another font. What happens when two fonts have exactly the same dimensions for their glyphs? The script will register a false positive. As such, I don't think its a security flaw or anything to overly worry about. Thanks, Ash http://www.ashleysheridan.co.uk -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20100511/0b2dec2e/attachment.htm>
Received on Tuesday, 11 May 2010 04:28:34 UTC