- From: Ambrose Li <ambrose.li@gmail.com>
- Date: Thu, 10 Apr 2008 09:32:40 -0400
- To: www-style@w3.org
On 10/04/2008, L. David Baron <dbaron@dbaron.org> wrote: > > On Wednesday 2008-04-09 17:00 +0100, Dave Crossland wrote: > > > > Could someone explain what this means in a technical way for a browser > > developer implementing css3-webfonts? > > I'm not quite sure what you mean by "in a technical way". But I can > give some reasons it might be a bad idea for a downloaded font to be > used accidentally by another Web page or application: I feel that "in a technical way" might mean something like: "The browser should contain a font renderer that [insert technical details here]" Personally, I think that the font renderer MUST validate the downloaded fonts and reject the font if it is invalid (as invalid fonts are known to crash applications and even down the whole system), and it MUST take care to limit cpu and memory usage so that malicious web sites cannot DoS you by forcing you to download, say, a huge number of huge fonts or a very complicated font that will stall your system. -- cheers, -ambrose The 'net used to be run by smart people; now many sites are run by idiots. So SAD... (Sites that does spam filtering on mails sent to the abuse contact need to be cut off the net...)
Received on Thursday, 10 April 2008 13:33:14 UTC