- From: John Daggett via cvs-syncmail <cvsmail@w3.org>
- Date: Thu, 07 Apr 2011 23:08:51 +0000
- To: public-css-commits@w3.org
Update of /sources/public/csswg/css3-fonts
In directory hutz:/tmp/cvs-serv4612
Modified Files:
Overview.html
Log Message:
make same-origin restriction required
Index: Overview.html
===================================================================
RCS file: /sources/public/csswg/css3-fonts/Overview.html,v
retrieving revision 1.18
retrieving revision 1.19
diff -u -d -r1.18 -r1.19
--- Overview.html 23 Mar 2011 07:08:32 -0000 1.18
+++ Overview.html 7 Apr 2011 23:08:49 -0000 1.19
@@ -101,7 +101,7 @@
}
</style>
- <link href="http://www.w3.org/StyleSheets/TR/W3C-WD.css" rel=stylesheet
+ <link href="http://www.w3.org/StyleSheets/TR/W3C-ED.css" rel=stylesheet
type="text/css">
<body>
@@ -111,15 +111,15 @@
<h1>CSS Fonts Module Level 3</h1>
- <h2 class="no-num no-toc" id=w3c-working-draft-24-march-2011>W3C Working
- Draft 24 March 2011</h2>
+ <h2 class="no-num no-toc" id=editors-draft-7-april-2011>Editor's Draft 7
+ April 2011</h2>
<dl id=authors>
- <dt>This version:</dt>
- <!-- <dd><a href="http://dev.w3.org/csswg/css3-fonts/">http://dev.w3.org/csswg/css3-fonts/</a> -->
+ <dt>This version:
<dd><a
- href="http://www.w3.org/TR/2011/WD-css3-fonts-20110324">http://www.w3.org/TR/2011/WD-css3-fonts-20110324</a>
+ href="http://dev.w3.org/csswg/css3-fonts/">http://dev.w3.org/csswg/css3-fonts/</a>
+ <!-- <dd><a href="http://www.w3.org/TR/2011/ED-css3-fonts-20110407">http://www.w3.org/TR/2011/ED-css3-fonts-20110407</a> -->
<dt>Latest version:
@@ -135,6 +135,9 @@
<dt>Previous version (CSS3 Fonts):
<dd><a
+ href="http://www.w3.org/TR/2011/WD-css3-fonts-20110324">http://www.w3.org/TR/2011/WD-css3-fonts-20110324</a>
+
+ <dd><a
href="http://www.w3.org/TR/2009/WD-css3-fonts-20090618">http://www.w3.org/TR/2009/WD-css3-fonts-20090618</a>
<dd><a
@@ -181,41 +184,35 @@
<h2 class="no-num no-toc" id=status>Status of this document</h2>
<!--begin-status-->
- <p><em>This section describes the status of this document at the time of
- its publication. Other documents may supersede this document. A list of
- current W3C publications and the latest revision of this technical report
- can be found in the <a href="http://www.w3.org/TR/">W3C technical reports
- index at http://www.w3.org/TR/.</a></em>
-
- <p>Publication as a Working Draft does not imply endorsement by the W3C
- Membership. This is a draft document and may be updated, replaced or
- obsoleted by other documents at any time. It is inappropriate to cite this
- document as other than work in progress.
+ <p>This is a public copy of the editors' draft. It is provided for
+ discussion only and may change at any moment. Its publication here does
+ not imply endorsement of its contents by W3C. Don't cite this document
+ other than as work in progress.
<p>The (<a
href="http://lists.w3.org/Archives/Public/www-style/">archived</a>) public
- mailing list <a href="mailto:www-style@w3.org">www-style@w3.org</a> (see
- <a href="http://www.w3.org/Mail/Request">instructions</a>) is preferred
- for discussion of this specification. When sending e-mail, please put the
- text “css3-fonts” in the subject, preferably like this:
+ mailing list <a
+ href="mailto:www-style@w3.org?Subject=%5Bcss3-fonts%5D%20PUT%20SUBJECT%20HERE">
+ www-style@w3.org</a> (see <a
+ href="http://www.w3.org/Mail/Request">instructions</a>) is preferred for
+ discussion of this specification. When sending e-mail, please put the text
+ “css3-fonts” in the subject, preferably like this:
“[<!---->css3-fonts<!---->] <em>…summary of comment…</em>”
- <p>This document was produced by the <a
- href="http://www.w3.org/Style/CSS/members">CSS Working Group</a> (part of
- the <a href="http://www.w3.org/Style/">Style Activity</a>).
+ <p>This document was produced by the <a href="/Style/CSS/members">CSS
+ Working Group</a> (part of the <a href="/Style/">Style Activity</a>).
<p>This document was produced by a group operating under the <a
- href="http://www.w3.org/Consortium/Patent-Policy-20040205/">5 February
- 2004 W3C Patent Policy</a>. W3C maintains a <a
- href="http://www.w3.org/2004/01/pp-impl/32061/status"
+ href="/Consortium/Patent-Policy-20040205/">5 February 2004 W3C Patent
+ Policy</a>. W3C maintains a <a href="/2004/01/pp-impl/32061/status"
rel=disclosure>public list of any patent disclosures</a> made in
connection with the deliverables of the group; that page also includes
instructions for disclosing a patent. An individual who has actual
knowledge of a patent which the individual believes contains <a
- href="http://www.w3.org/Consortium/Patent-Policy-20040205/#def-essential">Essential
+ href="/Consortium/Patent-Policy-20040205/#def-essential">Essential
Claim(s)</a> must disclose the information in accordance with <a
- href="http://www.w3.org/Consortium/Patent-Policy-20040205/#sec-Disclosure">section
- 6 of the W3C Patent Policy</a>.</p>
+ href="/Consortium/Patent-Policy-20040205/#sec-Disclosure">section 6 of the
+ W3C Patent Policy</a>.</p>
<!--end-status-->
<h3 class="no-num no-toc" id=atrisk>Features at risk</h3>
@@ -288,6 +285,12 @@
<li><a href="#font-rend-desc"><span class=secno>4.6 </span>Font
features: the font-variant and font-feature-settings descriptors</a>
+
+ <li><a href="#font-face-loading"><span class=secno>4.7 </span>Font
+ loading guidelines</a>
+
+ <li><a href="#same-origin-restriction"><span class=secno>4.8
+ </span>Same-origin restriction for fonts</a>
</ul>
<li><a href="#font-matching-algorithm"><span class=secno>5 </span>Font
@@ -353,13 +356,10 @@
<li><a href="#rendering-considerations"><span class=secno>7
</span>Resolving font feature settings </a>
- <li class=no-num><a href="#same-origin-restriction">Appendix A:
- Same-origin restriction for fonts</a>
-
- <li class=no-num><a href="#platform-props-to-css">Appendix B: Mapping
+ <li class=no-num><a href="#platform-props-to-css">Appendix A: Mapping
platform font properties to CSS properties</a>
- <li class=no-num><a href="#font-licensing">Appendix C: Font licensing
+ <li class=no-num><a href="#font-licensing">Appendix B: Font licensing
issues</a>
<li class=no-num><a href="#ch-ch-ch-changes">Changes</a>
@@ -2131,7 +2131,7 @@
format hints "truetype" and "opentype" must be considered as synonymous; a
format hint of "opentype" does not imply that the font contains Postscript
CFF style glyph data or that it contains OpenType layout information (see
- Appendix B for more background on this).
+ Appendix A for more background on this).
<p>When authors would prefer to use a locally available copy of a given
font and download it if it's not, local() can be used. The locally
@@ -2625,6 +2625,92 @@
omitted. When multiple font feature descriptors or properties are used,
the cumulative effect on text rendering is described below.
+ <h3 id=font-face-loading><span class=secno>4.7 </span>Font loading
+ guidelines</h3>
+
+ <p>The @font-face rule is designed to allow lazy loading of fonts, fonts
+ are only downloaded when needed for use within a document. A stylesheet
+ can include @font-face rules for a library of fonts of which only a select
+ set are used; user agents must only download those fonts that are referred
+ to within the style rules applicable to a given page. User agents that
+ download all fonts defined in @font-face rules without considering whether
+ those fonts are in fact used within a page are considered non-conformant.
+ In cases where a font might be downloaded in character fallback cases,
+ user agents may download a font if it's listed in a font list but is not
+ actually used for a given text run.
+
+ <pre>
+@font-face {
+ font-family: GeometricModern;
+ src: url(font.ttf);
+}
+
+p {
+ /* font will be downloaded for pages with p elements */
+ font-family: GeometricModern, sans-serif;
+}
+
+h2 {
+ /* font may be downloaded for pages with h2 elements, even if Futura is available locally */
+ font-family: Futura, GeometricModern, sans-serif;
+}
+</pre>
+
+ <p>In cases where textual content is loaded before downloadable fonts are
+ available, user agents may render text as it would be rendered if
+ downloadable font resources are not available or they may render text
+ transparently with fallback fonts to avoid a flash of text using a
+ fallback font. In cases where the font download fails user agents must
+ display text, simply leaving transparent text is considered non-conformant
+ behavior. Authors are advised to use fallback fonts in their font lists
+ that closely match the vertical metrics of the downloadable fonts to avoid
+ large page reflows where possible.
+
+ <h3 id=same-origin-restriction><span class=secno>4.8 </span>Same-origin
+ restriction for fonts</h3>
+
+ <p>User agents must implement a same-origin restriction when loading fonts
+ via the @font-face mechanism. This restriction limits the loading of fonts
+ for a given document to fonts loaded from the same origin. Fonts can only
+ be loaded via the same host, port, and method combination as the
+ containing document, using the <a
+ href="http://www.w3.org/TR/html5/origin-0.html">origin matching
+ algorithm</a> described in the <a href="#HTML5"
+ rel=biblioentry>[HTML5]<!--{{!HTML5}}--></a> specification. The origin of
+ the stylesheet containing @font-face rules is not used when deciding
+ whether a font is same origin or not, only the origin of the containing
+ document is used.
+
+ <p>Given a document located at http://example.com/page.html, fonts defined
+ with ‘<a href="#descdef-src"><code class=property>src</code></a>’
+ definitions considered cross origin must not be loaded:
+
+ <pre>
+/* same origin (i.e. domain, protocol, port match document) */
+src: url(fonts/simple.ttf);
+src: url(//fonts/simple.ttf);
+
+/* cross origin, different protocol */
+src: url(https://example.com/fonts/simple.ttf);
+
+/* cross origin, different domain */
+src: url(http://another.example.com/fonts/simple.ttf);
+</pre>
+
+ <p>User agents must also implement the ability to relax this restriction
+ using cross-site origin controls <a href="#CORS"
+ rel=biblioentry>[CORS]<!--{{!CORS}}--></a>. Sites can explicitly allow
+ cross-site downloading of font data using the
+ <code>Access-Control-Allow-Origin</code> HTTP header.
+
+ <p class=issue>Some implementers feel a same-origin restriction should be
+ the default for all new resource types, including fonts, while others feel
+ strongly that an opt-in strategy usuable for all resource types would be a
+ better mechanism and that the default should always be to allow
+ cross-origin linking for consistency with existing resource types (e.g.
+ script, images). As such, this subsection should be considered at risk for
+ removal if the consensus is to use an alternative mechanism.
+
<h2 id=font-matching-algorithm><span class=secno>5 </span>Font matching
algorithm</h2>
@@ -4569,56 +4655,7 @@
<!-- simple example of using both font-variant subproperty and descriptor value -->
<!-- example showing conflicting values and how they are resolved -->
- <h2 class=no-num id=same-origin-restriction>Appendix A: Same-origin
- restriction for fonts</h2>
-
- <p><em>This appendix is normative.</em>
-
- <p>Some user agents implement a same-origin restriction when loading font
- resources. This section defines the meaning of that restriction.
-
- <p>A same-origin restriction limits the loading of fonts for a given
- document to fonts loaded from the same origin. This means that fonts can
- only be loaded via the same host, port, and method combination as the
- containing document, using the same origin matching algorithm described in
- the <a href="#HTML5" rel=biblioentry>[HTML5]<!--{{!HTML5}}--></a>
- specification. The origin of the stylesheet containing @font-face rules is
- not used when deciding whether a font is same origin or not, only the
- origin of the containing document is used.
-
- <p>Given a document located at http://example.com/page.html, fonts defined
- with ‘<a href="#descdef-src"><code class=property>src</code></a>’
- definitions considered cross origin must not be loaded:
-
- <pre>
-/* same origin (i.e. domain, protocol, port match document) */
-src: url(fonts/simple.ttf);
-src: url(//fonts/simple.ttf);
-
-/* cross origin, different protocol */
-src: url(https://example.com/fonts/simple.ttf);
-
-/* cross origin, different domain */
-src: url(http://another.example.com/fonts/simple.ttf);
-</pre>
-
- <p>If a user agent implements a same-origin restriction for fonts loaded
- via @font-face rules it must implement that restriction for all font
- types, rather than for a subset of possible types. It must also implement
- the ability to relax this restriction using cross-site origin controls <a
- href="#CORS" rel=biblioentry>[CORS]<!--{{!CORS}}--></a>. Sites can
- explicitly allow cross-site downloading of font data using the
- <code>Access-Control-Allow-Origin</code> HTTP header.
-
- <p class=issue>Some implementers feel a same-origin restriction should be
- the default for all new resource types while others feel strongly that an
- opt-in strategy usuable for all resource types would be a better mechanism
- and that the default should always be to allow cross-origin linking for
- consistency with existing resource types (e.g. script, images). As such,
- this section should be considered at risk for removal if the consensus is
- to use an alternative mechanism.
-
- <h2 class=no-num id=platform-props-to-css>Appendix B: Mapping platform font
+ <h2 class=no-num id=platform-props-to-css>Appendix A: Mapping platform font
properties to CSS properties</h2>
<p><em>This appendix is included as background for some of the problems and
@@ -4692,7 +4729,7 @@
<p class=issue>Need to define normatively how WWS names are handled across
platforms.
- <h2 class=no-num id=font-licensing>Appendix C: Font licensing issues</h2>
+ <h2 class=no-num id=font-licensing>Appendix B: Font licensing issues</h2>
<p><em>This appendix is informative only.</em>
@@ -4947,9 +4984,9 @@
<dt id=OPENTYPE-FONT-GUIDE>[OPENTYPE-FONT-GUIDE]
<dd><a
- href="http://www.fontfont.com/opentype/FF_OT_UserGuide_v2.pdf"><cite>OpenType
+ href="https://www.fontfont.com/staticcontent/downloads/FF_OT_UserGuide_v2.pdf"><cite>OpenType
User Guide.</cite></a> FontShop International. URL: <a
- href="http://www.fontfont.com/opentype/FF_OT_UserGuide_v2.pdf">http://www.fontfont.com/opentype/FF_OT_UserGuide_v2.pdf</a>
+ href="https://www.fontfont.com/staticcontent/downloads/FF_OT_UserGuide_v2.pdf">https://www.fontfont.com/staticcontent/downloads/FF_OT_UserGuide_v2.pdf</a>
</dd>
<!---->
Received on Thursday, 7 April 2011 23:08:53 UTC