Opened 18 months ago

Last modified 4 weeks ago

#25489 new enhancement

Implement a fallback mechanism for icon fonts and SVGs used in CSS for high-security mode

Reported by: cypherpunks Owned by: hiro
Priority: Low Milestone:
Component: Webpages/Styleguide Version:
Severity: Normal Keywords:
Cc: irl, antonela Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

It should be possible to fall back to PNG assets in high security mode where icon fonts (font awesome and tor icons) would not be available, and SVG graphics would also not be available.

I am not yet aware of a method of doing this reliably across all browsers, it may be worth talking to the Tor Browser people before looking at this to see if they have ideas.

Child Tickets

TicketTypeStatusOwnerSummary
#29932defectclosedhiroImages are not loaded with the security slider set to "Safest"

Change History (4)

comment:1 Changed 18 months ago by cypherpunks

I am not yet aware of a method of doing this reliably across all browsers

https://css-tricks.com/svg-fallbacks/ ;)

comment:3 Changed 5 weeks ago by torlove

Is there anything about Font Awesome itself that is unsafe for the safest mode? If not, what is stopping Tor Browser from simply embedding the font (or fonts, to be backwards compatible) into the app? Is it a licensing concern?

On a related note, Tor Browser might do well to include the 50 most popular web fonts, out of the box.

If this is a possibility, tell me and I will volunteer time to research the 50 most popular webfonts that can legally be included. There are available statistics on popular fonts. I will also seek to supply web developers with a wide variety of font styles (including extended, narrow, slab, script, calligraphic, etc) such that any privacy aware web developer can easily find a fonts from our selection to either completely fulfil their needs, or provide a good fallback.

In the interests on onboarding as many participants as possible and reducing the bandwidth on the Tor network we should provide the basics. Webfonts today are used so prevalently that we simply cannot completely ignore all font requests. Even, in the safer modes.

Yes these caches may need to be updated from time to time as more glyphs are developed, but not strictly necessary.

To summarise:

  • Can Font Awesome be supported by being packaged into Tor Browser itself?
  • Can we provide some support for popular webfonts in a similar manner?

comment:4 Changed 4 weeks ago by torlove

Serious question... Does Hiro still work on Tor and receive messages?

Note: See TracTickets for help on using tickets.