InformAction Forums

NoScripters and WebSec nerds of all lands, unite!
https://forums.informaction.com/

OpenType Sanitizer

https://forums.informaction.com/viewtopic.php?t=8773

Page 1 of 1

OpenType Sanitizer

Posted: Fri May 25, 2012 3:52 pm
by alonbl
Hello,

Is there any reason to keep block the font-face objects while there is the OpenType Sanitizer in firefox?

Maybe a new filter based on[1] can be added to match chrome level?

I don't quite understand the filter mechanism of noscript, as it is based on mime type, so for this it cannot be used as site can send whatever mime for font.

Alon

[1] http://code.google.com/p/ots/source/browse/trunk/README

Re: OpenType Sanitizer

Posted: Sat May 26, 2012 1:12 am
by Tom T.
alonbl wrote:Is there any reason to keep block the font-face objects while there is the OpenType Sanitizer in firefox?
Is there any reason to get rid of it, as another layer of defense-in-depth, in the event of bugs in Fx OTS (they have occurred)?
You can uncheck it, should you like.
I don't quite understand the filter mechanism of noscript, as it is based on mime type, so for this it cannot be used as site can send whatever mime for font.
If you wish, every time you encounter a new MIME type for font, you can add it to an ABE rule. ABE FAQ

Code: Select all

Site somenewfontmime@https?://*./
Deny
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited