- From: John Hudson <tiro@tiro.com>
- Date: Wed, 16 Mar 2011 12:59:33 -0700
- To: Chris Lilley <chris@w3.org>
- CC: WOFF Working Group FONT <public-webfonts-wg@w3.org>
Chris wrote: > HTML already allows people to be misled: > <a href="http://www.givemecash.ca" > title="http://scotiabank.ca">scotiabank.ca</a> True, but using web fonts something like <a href="http://www.givemecash.ca" title="http://scotiabank.ca">scotiabank.ca</a>www.givemecash.ca</a> could display as text on screen with the appearance 'scotiabank.ca'. The security issue is the same, but able to be leveraged in new ways. JH
Received on Wednesday, 16 March 2011 20:00:10 UTC