W3C home > Mailing lists > Public > whatwg@whatwg.org > May 2013

Re: [whatwg] font security on measureText

From: Anne van Kesteren <annevk@annevk.nl>
Date: Fri, 3 May 2013 15:40:33 +0100
Message-ID: <CADnb78jeABTE=wekZNsxbdQtOQxoVFk-9n5sFx2GLrcpSO4HiQ@mail.gmail.com>
To: Boris Zbarsky <bzbarsky@mit.edu>
Cc: WHATWG <whatwg@lists.whatwg.org>
On Fri, May 3, 2013 at 3:07 PM, Boris Zbarsky <bzbarsky@mit.edu> wrote:
> The text at
> http://dev.w3.org/csswg/css-fonts/#default-same-origin-restriction and
> http://dev.w3.org/csswg/css-fonts/#allowing-cross-origin-font-loading
> predates your introduction of the mode values, but clearly corresponds to
> the "CORS" mode, no?

Yeah that text sort of works, though fails in the face of redirects
and fails to the right thing for data URLs. But indeed, the intent is

> And while browsers are not aligned yet, they did plan to align last I heard,
> in that their representatives in the WG had agreed to the above text.


> Of course it's possible some of the browsers involved are just planning to
> ignore the spec altogether without bothering to argue to get it changed to
> what they think is the right thing.

Let's hope not.

Received on Friday, 3 May 2013 14:40:59 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:58 UTC