W3C home > Mailing lists > Public > public-webfonts-wg@w3.org > February 2011

re: Thoughts on font linking and embedding

From: John Daggett <jdaggett@mozilla.com>
Date: Wed, 16 Feb 2011 19:10:08 -0800 (PST)
To: WOFF Working Group <public-webfonts-wg@w3.org>
Cc: robert@ocallahan.org
Message-ID: <1609187567.370087.1297912208695.JavaMail.root@cm-mail03.mozilla.org>
I'm reposting this for Robert O'Callahan: 



I mostly agree with Maciej's points, but not his conclusion :-). 



Although the three-way distinction among linking, embedding and reading can be confusing and fuzzy (as outlined by Robert O'Callahan), it is nevertheless the model for the existing Web platform. 

I think Maciej is referring to http://weblogs.mozillazine.org/roc/archives/2011/02/distinguishing.html . I don't discuss linking there, since I think linking can be distinguished cleanly from embedding and reading. I also point out that, so far, we know of no actual use-cases for having an embedding vs reading distinction (except for IFRAMEs). The argument for retaining the distinction is rests entirely on consistency with existing embedding mechanisms (whose behavior is severely constrained by legacy compatibility issues). 



Setting different rules for different kinds of resources is confusing to authors, and makes security analysis more difficult. The security model of the Web is already way too complicated without odd corner-case rules. 

While this is true, maintaining an embedding vs reading distinction for fonts will also require adding complexity to the Web platform over time as we add APIs. For example, if we draw an embedded-but-not-readable font into <canvas>, should we clear the "origin-clean" flag? http://www.w3.org/TR/html5/the-canvas-element.html#security-with-canvas-elements 
If we do, that adds new failure modes for canvas text drawing followed by operations that expose pixel data (such as SVG 'pointer-events:visiblePainted'!). But if we don't, we implicitly require that forever in the future font glyph data must never be correlated with origin-private information. Hypothetical example: if we introduce an API to expose sFNT font tables to Javascript, should that API be applicable to fonts that are embedded but not readable? What about a "text to path" API plus an API to read the current canvas path? Any resolution will add complexity. 

The consistency argument is not without merit, though. We're faced with tradeoffs. 

OTOH his section #5 is completely right and should obviously be fixed immediately :-). 

Thanks, 
Robert O'Callahan 

=============== 

Rob 
-- 
"Now the Bereans were of more noble character than the Thessalonians, for they received the message with great eagerness and examined the Scriptures every day to see if what Paul said was true." [Acts 17:11] 
Received on Thursday, 17 February 2011 03:11:12 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 17 February 2011 03:11:14 GMT