- From: Ian Hickson <ian@hixie.ch>
- Date: Thu, 24 Aug 2006 21:52:34 +0000 (UTC)
- To: "Paul Nelson (ATC)" <paulnel@winse.microsoft.com>
- Cc: www-style@w3.org
On Thu, 24 Aug 2006, Paul Nelson (ATC) wrote: > > If a UA is going to take complex files, like fonts, from the web, they > will need to be ready for fonts that have pointers outside of the font, > don't have sentenals at the ends of cmaps, and all sorts of other things > of that nature. The same applies to complex files like images, videos, sound files, interactive animations, and even scripts, stylesheets, and documents. That's not to say fonts are easy to handle, but it seems like this is not a relevant argument against howcome's proposal. The same problem exists even without automated downloading: regardless of the Web, you don't want crash bugs to exist in the OS font code. The OS font subsystem should, like all subsystems, be designed from the ground up with the expectation that it will be faced with corrupt data, intentionally or not. > The @font-face is not the issue. The only issue is that other UAs have > not yet released the ability to get font files that way. So there isn't a security issue specific to zip-files? (You suggested in an earlier e-mail that there was a zip-file-specific security problem, which I am concerned about since some UAs depend on zip-files a lot.) -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Thursday, 24 August 2006 21:52:50 UTC