#33430: Disable downloadable fonts on Safest security level --------------------------------------+------------------------------ Reporter: dcent | Owner: tbb-team Type: defect | Status: needs_review Priority: Medium | Milestone: Component: Applications/Tor Browser | Version: Severity: Normal | Resolution: Keywords: TorBrowserTeam202002 | Actual Points: Parent ID: | Points: Reviewer: acat | Sponsor: --------------------------------------+------------------------------ Changes (by sysrqb):
* status: new => needs_review * reviewer: => acat Comment: While this is still fresh in my mind: `bug33430_00` https://gitweb.torproject.org/user/sysrqb/torbutton.git/commit/?h=bug33430_00&id=9e18e7e2a9042976e128f96bddd1d38953512d73 I verified this works by loading the provided example page on Safer (before disabling the pref), I opened the webtools Inspector, I selected an element on the page (any of them should work), from the panel on the right-side I selected the "fonts" tab, at the bottom of the fonts tab there is an "All fonts on page" arrow/toggle (at least in English). Clicking this shows all fonts used on the page, and indeed it shows the `data:` webfonts. After disabling the downloadable_fonts pref, I refreshed the page and repeated the above steps. It shows only system fonts were used. In parallel, I went code-diving and this seems reasonable. -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/33430#comment:8> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs