- From: Neville Hillyer <n.hillyer@open.ac.uk>
- Date: Sun, 25 Oct 2009 17:42:48 +0000
- To: www-style <www-style@w3.org>, www-font <www-font@w3.org>
jdaggett@mozilla.com wrote: > It seems like what you're asking for is a way of caching fonts by a mechanism other than the URL. There are security reasons this isn't such a great idea; if you provide a way that the fonts of one site can end up on the content of another site, you effectively enable malicious content to be injected into another page. It's also difficult to imagine a caching mechanism that would be foolproof, it would be awfully easy to create two fonts that would be different but have the same key I know little about this issue but it does occur to me that there may be several acceptable ways to provide common resources, such as fonts, other than from the host site: 1 From a trusted third party site via a specific URL on the page such as scripts, images, style sheets etc - ie cached via URL - I am unsure if the application of this to fonts would require browser and/or CSS changes. 2 A separate longer term cache for items from trusted sites such as W3C or browser manufacturers etc - similar to plug-ins - a cookie type mechanism could be employed but with separate, totally different, security to normal cookies - I assume that this would require design changes to browsers. I suspect others can think of further mechanisms. -- Neville http://neville.hillyer.eu
Received on Sunday, 25 October 2009 17:43:28 UTC