Re: WebFonts ready for use from Erik Dahlström on 2008-04-30 (www-style@w3.org from April 2008)

From: Erik Dahlström <ed@opera.com>
Date: Wed, 30 Apr 2008 13:02:47 +0200
To: "Maciej Stachowiak" <mjs@apple.com>
Cc: "Brad Kemper" <brkemper@comcast.net>, "Paul Nelson" <paulnel@winse.microsoft.com> (ATC), Håkon Wium Lie <howcome@opera.com>, "www-style@w3.org" <www-style@w3.org>
Message-ID: <op.uae7mx0ugqiacl@gnorps.palace.opera.no>

On Wed, 30 Apr 2008 12:29:25 +0200, Maciej Stachowiak <mjs@apple.com>  
wrote:

> On Apr 30, 2008, at 1:15 AM, Erik Dahlström wrote:
>
>> On Tue, 29 Apr 2008 04:17:45 +0200, Maciej Stachowiak <mjs@apple.com>  
>> wrote:
>>
>>> On Apr 22, 2008, at 8:13 PM, Brad Kemper wrote:
>>>
>>>>
>>>> On Apr 22, 2008, at 2:50 PM, Paul Nelson (ATC) wrote:

...

>>> What is not OK (in my opinion) is exposing the font to Web pages that  
>>> don't have an @font-face rule for it in their stylesheet,
>>
>> Once a webfont has been installed for use in a UA I don't see why it  
>> would have to be limited to the webpage that included the @font-face.  
>> I'm for example thinking of the case where all the systemfonts didn't  
>> contain glyphs for some particular range, while a webfont happened to  
>> do so. I think in such a situation it would be better to show some text  
>> using the webfont rather than to show missing glyphs (usually hollow  
>> rects) or even no text at all.
>
> I think this still creates security risk from malicious fonts.

Personally I wouldn't trust any site to not serve malicious fonts. They  
may do so unknowingly, or by intention. I wouldn't feel fully confortable  
if the UA didn't check that the fonts were not malicious before installing  
them. No matter where they were meant to be used.

> Also, it would make it difficult for authors to serve a font only  
> licensed for embedding in documents they produce, since the UA may use  
> it for other documents without any deliberate action on the part of  
> either the site or the user.
>
>>> or installing it on the system where random documents and applications  
>>> can see it. That would be a security risk and would not even  
>>> conceptually be embedding.
>>
>> I agree it shouldn't be installed on the system so that other  
>> applications can see it.
>
> I think unrelated pages that do not request the font are conceptually  
> the same as other applications, for purposes of this analysis.

And what if the page requested the font, for example by providing a list  
of font-families? It might well be that a platform didn't have "Helvetica"  
installed, but another site offered this font? Or do you mean request by  
having an @font-face definition?

Cheers
/Erik

-- 
Erik Dahlstrom, Core Technology Developer, Opera Software
Co-Chair, W3C SVG Working Group
Personal blog: http://my.opera.com/macdev_ed

Received on Wednesday, 30 April 2008 11:01:31 UTC