W3C home > Mailing lists > Public > www-style@w3.org > April 2008

Re: [css3-webfonts] Downloaded fonts should not...

From: L. David Baron <dbaron@dbaron.org>
Date: Thu, 10 Apr 2008 00:49:28 -0700
To: www-style@w3.org
Message-ID: <20080410074928.GA9169@ridley.dbaron.org>

On Wednesday 2008-04-09 17:00 +0100, Dave Crossland wrote:
> "Downloaded fonts should not be made available to other applications."
> - http://www.w3.org/TR/2002/WD-css3-webfonts-20020802/
> 
> Could someone explain what this means in a technical way for a browser
> developer implementing css3-webfonts?

I'm not quite sure what you mean by "in a technical way".  But I can
give some reasons it might be a bad idea for a downloaded font to be
used accidentally by another Web page or application:

  * the font might be in a highly unusual style that you wouldn't
want picked up by other content because it makes it hard to read

  * the font might use an encoding hack where it encodes glyphs that
represent other characters at the codeponts for commonly-used
characters.  (This was a common use for downloadable font
implementations in Netscape 4, particularly by Web pages in South
Asian languages.  It has also been used for fonts containing various
types of symbols or pictures.)  If such a font were picked up by
other applications, or even other Web pages, it would make them
illegible.

  * the font might be a malicious font designed to make the text in
a particular other Web page say something other than what it
actually says.

-David

-- 
L. David Baron                                 http://dbaron.org/
Mozilla Corporation                       http://www.mozilla.com/
Received on Thursday, 10 April 2008 07:50:30 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 27 April 2009 13:55:05 GMT