- From: John Hudson <tiro@tiro.com>
- Date: Wed, 16 Mar 2011 14:25:40 -0700
- To: Tab Atkins <tabatkins@google.com>
- CC: Chris Lilley <chris@w3.org>, WOFF Working Group FONT <public-webfonts-wg@w3.org>
Tab Atkins wrote: > Displays where? In the page? Yes, in the page. > There's no new leverage here - as Chris > said, the ability to use confusing link text has always existed, and > using webfonts to deliver confusing link text gets you nothing. The example Chris provided involved using misleading title text within the link tag. What I am describing is using misleading glyphs in the display of actual text on the page, i.e. a served font with a hacked cmap table that maps glyphs to characters in such a way that the appearance of a text string is changed to read as something else. I agree that a careful user will spot the inconsistency between text and link target in the places where it is exposed, e.g. in the status or address bar, but the whole point of spoofing is that it targets non-careful users. JH
Received on Wednesday, 16 March 2011 21:26:17 UTC