W3C home > Mailing lists > Public > www-font@w3.org > April to June 2010

RE: What constitutes protection [was: About using CORS]

From: Sylvain Galineau <sylvaing@microsoft.com>
Date: Tue, 4 May 2010 13:42:40 +0000
To: Anne van Kesteren <annevk@opera.com>, Robert O'Callahan <robert@ocallahan.org>
CC: John Hudson <tiro@tiro.com>, Tab Atkins Jr. <jackalmage@gmail.com>, "www-font@w3.org" <www-font@w3.org>
Message-ID: <045A765940533D4CA4933A4A7E32597E21483677@TK5EX14MBXC120.redmond.corp.microsoft.com>

> The WOFF implementation that landed in Chromium does not use CORS by
> the
> way.

Taking the opportunity to point out that it also apparently cripples the font 
to mitigate security risks and breaks several font features in the process 
(complex scripts, kerning, ligatures). Adding Tab so we can get more info on 
this design, including on the exact security issues that led to this design 
decision.

This is also an area worth investigating for this WG from a conformance standpoint.
Received on Tuesday, 4 May 2010 13:44:09 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 22:37:34 UTC