- From: Tab Atkins Jr. <jackalmage@gmail.com>
- Date: Wed, 28 May 2014 14:23:48 -0700
- To: Rik Cabanier <cabanier@gmail.com>
- Cc: Anne van Kesteren <annevk@annevk.nl>, "www-style@w3.org" <www-style@w3.org>, Domenic Denicola <domenic@domenicdenicola.com>
On Wed, May 28, 2014 at 1:34 PM, Rik Cabanier <cabanier@gmail.com> wrote: > Is there anything you can actually do today with a font in a worker? It > seems like this should be put at-risk immediately :-) Canvas-in-workers is a specced thing, and you'll need FontFace to draw text there. > The spec doesn't mention anything about CORS or fetching. Should it not > reference or at least mention it? I dunno, should it? I explicitly say to attempt to load it as defined in Fonts, so I assumed that all the text in Fonts applies automatically, including same-origin/etc. > You can construct a 'FontFace' with random data. Wouldn't that be dangerous? No more dangerous than loading a font that's actually just random data today. (In other words, probably a little bit, yeah, but there's no way around it besides hardening your font stack.) > Also, passing invalid font data should fail somehow but your algorithm > doesn't cover that. Sure I do - if it fails to load, it rejects the promise and sets its status to "error". This happens both for binary data (in the constructor) and network-loaded fonts (in the load() method). ~TJ
Received on Wednesday, 28 May 2014 21:24:35 UTC