Opened 3 years ago

Last modified 20 months ago

#18205 new defect

Restrict font whitelist patch to apply only to non-chrome contexts?

Reported by: arthuredelstein Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-fingerprinting-fonts
Cc: gk Actual Points:
Parent ID: #18097 Points:
Reviewer: Sponsor:

Description

We have run into a number of difficulties where Tor-Browser's whitelist is preventing the browser's non-content UI (aka chrome) from rendering properly. It would be better if we could only apply the whitelist to content.

Child Tickets

Change History (3)

comment:1 Changed 3 years ago by cypherpunks

Are sure that this will not be used for fingerprinting? What if a page opens an iframe with some chrome: elements (for example a pdf) and measures its content someway without code injection?

comment:2 Changed 3 years ago by gk

Cc: gk added

comment:3 Changed 20 months ago by cypherpunks

What if a page opens an iframe with some chrome: elements (for example a pdf) and measures its content someway without code injection?

These cannot be opened by a web page, even in an iframe.

Note: See TracTickets for help on using tickets.