W3C home > Mailing lists > Public > www-style@w3.org > April 2008

Re: [css3-webfonts] Downloaded fonts should not...

From: Ambrose Li <ambrose.li@gmail.com>
Date: Thu, 10 Apr 2008 09:32:40 -0400
Message-ID: <af2cae770804100632x16a5cd61lfd563c4319cbb67c@mail.gmail.com>
To: www-style@w3.org

On 10/04/2008, L. David Baron <dbaron@dbaron.org> wrote:
>
>  On Wednesday 2008-04-09 17:00 +0100, Dave Crossland wrote:
>  >
>  > Could someone explain what this means in a technical way for a browser
>  > developer implementing css3-webfonts?
>
> I'm not quite sure what you mean by "in a technical way".  But I can
>  give some reasons it might be a bad idea for a downloaded font to be
>  used accidentally by another Web page or application:

I feel that "in a technical way" might mean something like: "The browser
should contain a font renderer that [insert technical details here]"

Personally, I think that the font renderer MUST validate the downloaded
fonts and reject the font if it is invalid (as invalid fonts are known to crash
applications and even down the whole system), and it MUST take care
to limit cpu and memory usage so that malicious web sites cannot DoS
you by forcing you to download, say, a huge number of huge fonts or a
very complicated font that will stall your system.

-- 
cheers,
-ambrose

The 'net used to be run by smart people; now many sites are run by
idiots. So SAD... (Sites that does spam filtering on mails sent to the
abuse contact need to be cut off the net...)
Received on Thursday, 10 April 2008 13:33:14 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 27 April 2009 13:55:05 GMT