EXPLAINER/questionnaire: Ensure results are sorted

WICG / local-font-access

Web API for enumerating fonts on the local system

https://wicg.github.io/local-font-access

Apache License 2.0

75 stars 16 forks source link

EXPLAINER/questionnaire: Ensure results are sorted #13

Closed chasephillips closed 4 years ago

chasephillips commented 4 years ago

Reduce fingerprinting entropy bits by ensuring that results are first sorted before being returned. This ensures that implementations of this API remove any unnecessary information from system APIs that may return a font list in some order that would otherwise add more entropy bits.

chasephillips commented 4 years ago

Meant to address internal and external (https://github.com/w3ctag/design-reviews/issues/399) feedback regarding entropy bits that system APIs could potentially add given their ordering of the font list.

FYI I plan to update font-table-access with a similar PR (it returns tables) once we settle on this change.

pwnall commented 4 years ago

This sounds like a really good idea!

IMO, sorting the results makes the API more consistent across browsers, even if fingerprinting wouldn't be a concern. More normalized outputs reduce the potential for brittleness in apps.