As promised, I refined the AntiGareth bookmarklet I introduced yesterday by making it aim precisely at those Unicode code points (mostly combining characters) which are found to bleed vertically by this canvas-based scanner.
Warning: I’m hosting the scanner on evil.hackademix.net because it amounts to a quite effective DOS attack against your CPU, especially on Firefox (which, on the other side, finds much more “overbleeders” than Chrome): you’ll probably want to click the “STOP” button after \u20d2. Could anybody explain the awful speed difference, by the way?
However, I’m sure the script can be improved, both accuracy and performanc wise, hence patches and forks are welcome. Enjoy :)
June 8th, 2012 at 9:12 am
Performance difference is probably mostly caused by the more precise rendering of Firefox. (And whilst CPU eating, it has a STOP button which works, whereby most DOS attacks are not easily stoppable...
June 8th, 2012 at 9:13 am
I was able to complete the entire test in Chrome.
I got the following overbleeders after \u20d2:
\u20d4-\u20d7
\u20db-\u20dc
\u20e1\ua806
\uf8eb-\uf8ef
\uf8fa-\uf8fc
\ufe24-\ufe26
Also, http://pastebin.com/KkDnLUdr
June 8th, 2012 at 9:36 am
@Khalil Fazal:
Which Chrome version and OS?
Which default font?
I find 179, stopping at \u1dff, on Chrome 19.0.1084.52 m on Windows 7 with "Arial Unicode MS".
June 8th, 2012 at 11:15 pm
I ran the test completely on Firefox 12.0, on Mac OS X 10.6
My overbleeders: \u0346-\u034e\u0350-\u035f\u0362-\u036f\u0963\u18a9\u1dc0-\u1dca\u1dfe-\u1dff\ua67c
June 12th, 2012 at 6:20 am
@Giorgio:
Chromium 18.0.1025.151 (Developer Build 130497 Linux) Ubuntu 10.10
Using Arial Unicode MS as well
June 12th, 2012 at 7:20 am
Completed with Firefox.
Mozilla/5.0 (X11; Linux i686; rv:13.0) Gecko/20100101 Firefox/13.0
Scanned \u0000 to \uffff in 3289650ms, 160 overbleeders found.
\u0300-\u0333
\u0339-\u0341
\u0343-\u0344
\u0346-\u034e
\u0350-\u0357
\u0359-\u035b
\u0363-\u036f
\u0483-\u0486
\u0610-\u0615
\u0656-\u065e
\u06d6-\u06dc
\u06df
\u06e1-\u06e3
\u06e7-\u06e8
\u06ea-\u06ed
\u1dc0-\u1dca
\u1dfe-\u1dff
\u20d0-\u20d1
\u20d4-\u20d7
\u20db-\u20dc
\u20e1
\u20e5-\u20e6
\u20e8-\u20ea
\ufe22
Using Arial Unicode MS
June 18th, 2012 at 10:19 am
Scanned \u0000 to \uffff in 2438716ms, 22 overbleeders found.
(Are the 1/1000 seconds really meaningful? Seems like clutter, IMHO. YMMV.)
\u0302\u0304-\u0308\u030a-\u0311\u033d\u033f\u1dc4-\u1dc9
Was *not* a complete DOS attack. Puter was very slow, but I was able to open new tabs, navigate to new sites, create a text file to log this stuff, etc. Apparently, even though CPU pegged at 100%, this system allowed interrupts and diversion of some CPU to these other tasks. Scanner probably would have run faster had I not tested it by doing other things.
Probable reason for only 22 overbleeders: Unnecessary fonts were long ago deleted from the machine, trimming the %windir%\Fonts folder from the usual 50-100 MB to exactly 6 MB. Also, deleted all language folders, from the system and from all apps, except for en-US (0409). Doesn't affect the ability to use, say, German umlaut or Spanish tilde, etc.
Perhaps there is some merit to deleting unnecessary fonts -- as with all unnecessary attack surface?
Win XP-32, done on Fx 3.6.28 for the first try. (Sorry about the UA switcher lol.) Was going to compare to the current browser, but while running the test, received notice that 13.01 was available (yes, *while running the test* ;), so will have to try on that one some other time.
PS: Sorry I've not been around. Work has been h*ll the past few weeks, with not much relief in sight in the near future.