[whatwg] Need document.available_fonts() call
Ashley Sheridan
ash at ashleysheridan.co.uk
Tue May 11 04:28:34 PDT 2010
On Tue, 2010-05-11 at 12:32 +0300, Eitan Adler wrote:
> > Please note there's a rather strong privacy issue here. I don't want a
> > web page to be able - without my prior consent - to query the list of
> > fonts available in my system.
>
> You already have this problem if a website were to create a list of
> elements with a list of different fonts and use Javascript to
> determine which font is being displayed. [1]
>
> I'm not advocating opening another hole just because one already
> exists - I'm just pointing this out.
>
> [1] http://www.lalit.org/lab/javascript-css-font-detect
It's not as clear cut as you make it sound. That script works on the
basis that the glyphs within a font have different widths compared to
the same glyph of another font. What happens when two fonts have exactly
the same dimensions for their glyphs? The script will register a false
positive. As such, I don't think its a security flaw or anything to
overly worry about.
Thanks,
Ash
http://www.ashleysheridan.co.uk
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20100511/0b2dec2e/attachment-0002.htm>
More information about the whatwg
mailing list