- From: John Hudson <tiro@tiro.com>
- Date: Wed, 16 Mar 2011 11:39:41 -0700
- To: WOFF Working Group FONT <public-webfonts-wg@w3.org>
This applies to any implementation of @font-face and served font, not just WOFF. Unicode maintains a list of visually confusable characters that might be used in spoofing, e.g. a link on a website directed to miсrosoft.com, in which the letter 'c' is in microsoft is actually the Cyrillic letter 'es'. This, obviously, is a security concern. It strikes me that the use of @font-face and served fonts effectively makes all text potentially spoofable using nefarious fonts, e.g. a font that renders the text givemecash.ca as scotiabank.ca JH
Received on Wednesday, 16 March 2011 18:40:23 UTC