OpenType Sanitizer

Ask for help about NoScript, no registration needed to post
Post Reply
alonbl
Posts: 1
Joined: Fri May 25, 2012 3:45 pm

OpenType Sanitizer

Post by alonbl »

Hello,

Is there any reason to keep block the font-face objects while there is the OpenType Sanitizer in firefox?

Maybe a new filter based on[1] can be added to match chrome level?

I don't quite understand the filter mechanism of noscript, as it is based on mime type, so for this it cannot be used as site can send whatever mime for font.

Alon

[1] http://code.google.com/p/ots/source/browse/trunk/README
Mozilla/5.0 (X11; Linux x86_64; rv:10.0.4) Gecko/20100101 Firefox/10.0.4
Top
Tom T.
Field Marshal
Posts: 3620
Joined: Fri Mar 20, 2009 6:58 am

Re: OpenType Sanitizer

Post by Tom T. »

alonbl wrote:Is there any reason to keep block the font-face objects while there is the OpenType Sanitizer in firefox?
Is there any reason to get rid of it, as another layer of defense-in-depth, in the event of bugs in Fx OTS (they have occurred)?
You can uncheck it, should you like.
I don't quite understand the filter mechanism of noscript, as it is based on mime type, so for this it cannot be used as site can send whatever mime for font.
If you wish, every time you encounter a new MIME type for font, you can add it to an ABE rule. ABE FAQ

Code: Select all

Site somenewfontmime@https?://*./
Deny
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.28) Gecko/20120306 Firefox/12.0
Top
Post Reply

Return to “NoScript Support”