<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8">
<META NAME="GENERATOR" CONTENT="GtkHTML/3.26.3">
On Tue, 2010-05-11 at 12:32 +0300, Eitan Adler wrote:
> Please note there's a rather strong privacy issue here. I don't want a
> web page to be able - without my prior consent - to query the list of
> fonts available in my system.
You already have this problem if a website were to create a list of
determine which font is being displayed. 
I'm not advocating opening another hole just because one already
exists - I'm just pointing this out.
It's not as clear cut as you make it sound. That script works on the basis that the glyphs within a font have different widths compared to the same glyph of another font. What happens when two fonts have exactly the same dimensions for their glyphs? The script will register a false positive. As such, I don't think its a security flaw or anything to overly worry about.<BR>
<TABLE CELLSPACING="0" CELLPADDING="0" WIDTH="100%">