Block external font-face set (#49)

LavaMoat · Sep 18, 2024 · 7958a69 · 7958a69
1 parent 8b345ee
commit 7958a69
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 5 deletions.
diff --git a/packages/core/src/element.mjs b/packages/core/src/element.mjs
@@ -36,8 +36,10 @@ function creator(style, tag, text = '') {
 
 const invoker = creator => () => creator();
 
-// an element that is hard to find/select
-export const unselectable = invoker(creator({
+// an element that it should be hard to find/select/leak from/etc
+export const hardened = invoker(creator({
+    // decide on an unguessable font-family (non-existing) so an external one cannot be applied
+    'font-family': rand(20),
     // makes element uneditable to prevent document.execCommand HTML injection attacks
     '-webkit-user-modify': 'unset',
     // makes element unselectable to prevent getSelection attacks

diff --git a/packages/core/src/lavadome.mjs b/packages/core/src/lavadome.mjs
@@ -13,7 +13,7 @@ import {
     url, destination, includes,
     preventDefault, stopPropagation,
 } from './native.mjs';
-import {distraction, unselectable} from './element.mjs';
+import {distraction, hardened} from './element.mjs';
 import {getShadow} from './shadow.mjs';
 
 // text-fragments links can be abused to leak shadow internals - block in-app redirection to them
@@ -37,8 +37,8 @@ export function LavaDome(host, opts) {
     const shadow = getShadow(host, opts);
     replaceChildren(shadow);
 
-    // child of the shadow, where the secret is set, must be unselectable
-    const child = unselectable();
+    // child of the shadow, where the secret is set, must be hardened
+    const child = hardened();
     appendChild(shadow, child);
 
     function text(text) {