- From: Sylvain Galineau <sylvaing@microsoft.com>
- Date: Wed, 28 Apr 2010 02:28:29 +0000
- To: John Hudson <tiro@tiro.com>, "public-webfonts-wg@w3.org" <public-webfonts-wg@w3.org>
- CC: Anne van Kesteren <annevk@opera.com>
> From: public-webfonts-wg-request@w3.org [mailto:public-webfonts-wg- > request@w3.org] On Behalf Of John Hudson > Sent: Tuesday, April 27, 2010 5:56 PM > It is also worth pointing out, perhaps, that a font isn't analogous to > an image or a video: its a piece of software, a little machine that > typesets text. WOFF and this WG exist because fonts are not 'like images'. The same argument was made to argue that raw fonts is all that should be needed. Until the realities of HTTP compression and the aim to maximize web author choice - beyond free fonts and dedicated proprietary obfuscation services like TypeKit - meant that this just wasn't true in practice. That this is the way the code should ideally work is nice, but it wasn't getting us as far and as fast as WOFF will. The larger motivation is the broadest choice of fonts for all web authors. For a bunch of reasons - some technical, some not - this resulted in a new cross-browser format and other related implementation decisions. For CORS specifically, I understand the main motivation was security. Fonts include small bits of code (opcodes actually) and thus do not have quite the same security surface as an image file. Also, fonts have generally not been as actively targeted for exploits as other resource formats; it thus seems reasonable to assume the underlying decoders to be relatively less hardened than, say, the latest PNG decoder. That most font licenses require same-origin is an added benefit in support of Mozilla's choice that fits well with the broader motive.
Received on Wednesday, 28 April 2010 02:29:05 UTC