As promised, I refined the AntiGareth bookmarklet I introduced yesterday by making it aim precisely at those Unicode code points (mostly combining characters) which are found to bleed vertically by this canvas-based scanner.

Warning: I’m hosting the scanner on evil.hackademix.net because it amounts to a quite effective DOS attack against your CPU, especially on Firefox (which, on the other side, finds much more “overbleeders” than Chrome): you’ll probably want to click the “STOP” button after \u20d2. Could anybody explain the awful speed difference, by the way?

However, I’m sure the script can be improved, both accuracy and performanc wise, hence patches and forks are welcome. Enjoy :)

7 Responses to “AntiGareth V2 (Sniper Edition With Scanner)”

  1. #1 Alfred Kayser says:

    Performance difference is probably mostly caused by the more precise rendering of Firefox. (And whilst CPU eating, it has a STOP button which works, whereby most DOS attacks are not easily stoppable…

  2. #2 Khalil Fazal says:

    I was able to complete the entire test in Chrome.

    I got the following overbleeders after \u20d2:
    \u20d4-\u20d7
    \u20db-\u20dc
    \u20e1\ua806
    \uf8eb-\uf8ef
    \uf8fa-\uf8fc
    \ufe24-\ufe26

    Also, http://pastebin.com/KkDnLUdr

  3. #3 Giorgio says:

    @Khalil Fazal:
    Which Chrome version and OS?
    Which default font?

    I find 179, stopping at \u1dff, on Chrome 19.0.1084.52 m on Windows 7 with “Arial Unicode MS”.

  4. #4 Voulnet says:

    I ran the test completely on Firefox 12.0, on Mac OS X 10.6

    My overbleeders: \u0346-\u034e\u0350-\u035f\u0362-\u036f\u0963\u18a9\u1dc0-\u1dca\u1dfe-\u1dff\ua67c

  5. #5 Khalil Fazal says:

    @Giorgio:

    Chromium 18.0.1025.151 (Developer Build 130497 Linux) Ubuntu 10.10

    Using Arial Unicode MS as well

  6. #6 Khalil Fazal says:

    Completed with Firefox.
    Mozilla/5.0 (X11; Linux i686; rv:13.0) Gecko/20100101 Firefox/13.0

    Scanned \u0000 to \uffff in 3289650ms, 160 overbleeders found.

    \u0300-\u0333
    \u0339-\u0341
    \u0343-\u0344
    \u0346-\u034e
    \u0350-\u0357
    \u0359-\u035b
    \u0363-\u036f
    \u0483-\u0486
    \u0610-\u0615
    \u0656-\u065e
    \u06d6-\u06dc
    \u06df
    \u06e1-\u06e3
    \u06e7-\u06e8
    \u06ea-\u06ed
    \u1dc0-\u1dca
    \u1dfe-\u1dff
    \u20d0-\u20d1
    \u20d4-\u20d7
    \u20db-\u20dc
    \u20e1
    \u20e5-\u20e6
    \u20e8-\u20ea
    \ufe22

    Using Arial Unicode MS

  7. #7 Tom T. says:

    Scanned \u0000 to \uffff in 2438716ms, 22 overbleeders found.

    (Are the 1/1000 seconds really meaningful? Seems like clutter, IMHO. YMMV.)

    \u0302\u0304-\u0308\u030a-\u0311\u033d\u033f\u1dc4-\u1dc9

    Was *not* a complete DOS attack. Puter was very slow, but I was able to open new tabs, navigate to new sites, create a text file to log this stuff, etc. Apparently, even though CPU pegged at 100%, this system allowed interrupts and diversion of some CPU to these other tasks. Scanner probably would have run faster had I not tested it by doing other things.

    Probable reason for only 22 overbleeders: Unnecessary fonts were long ago deleted from the machine, trimming the %windir%\Fonts folder from the usual 50-100 MB to exactly 6 MB. Also, deleted all language folders, from the system and from all apps, except for en-US (0409). Doesn’t affect the ability to use, say, German umlaut or Spanish tilde, etc.

    Perhaps there is some merit to deleting unnecessary fonts — as with all unnecessary attack surface?

    Win XP-32, done on Fx 3.6.28 for the first try. (Sorry about the UA switcher lol.) Was going to compare to the current browser, but while running the test, received notice that 13.01 was available (yes, *while running the test* ;), so will have to try on that one some other time.

    PS: Sorry I’ve not been around. Work has been h*ll the past few weeks, with not much relief in sight in the near future.

Bad Behavior has blocked 36097 access attempts in the last 7 days.