Re: The unmentionable

On Wed, Jul 29, 2009 at 7:26 PM, Dirk Pranke <> wrote:

> Agreed, but I believe they do it for security concerns, not licensing
> concerns (although I'm not positive about this). I do know that the
> conversations about this in WebKit revolve primarily around security
> concerns.

I think the security aspect of fonts on the web has not gotten the attention
it probably deserves.
Just consider when a UA uses the OS for rendering fonts, possibly malicious
code gets to interact with processes deep in the OS, shared with other
applications. I know from unintentional experiments that a bad font can do
more damage than a malicious javascript.

I'm not saying this all by itself should be a reason for same-origin for
fonts. I bring it up with some reluctance as crying wolf nor demonstrating
would seem appropriate in a public forum. But it won't surprise me if folks
will try.


Received on Wednesday, 29 July 2009 20:17:42 UTC