Re: WebFonts ready for use

On Apr 30, 2008, at 4:22 AM, Maciej Stachowiak wrote:

>>>> Once a webfont has been installed for use in a UA I don't see why  
>>>> it would have to be limited to the webpage that included the  
>>>> @font-face. I'm for example thinking of the case where all the  
>>>> systemfonts didn't contain glyphs for some particular range,  
>>>> while a webfont happened to do so. I think in such a situation it  
>>>> would be better to show some text using the webfont rather than  
>>>> to show missing glyphs (usually hollow rects) or even no text at  
>>>> all.
>>> I think this still creates security risk from malicious fonts.
>> Personally I wouldn't trust any site to not serve malicious fonts.  
>> They may do so unknowingly, or by intention. I wouldn't feel fully  
>> confortable if the UA didn't check that the fonts were not  
>> malicious before installing them. No matter where they were meant  
>> to be used.
> The kind of maliciousness I am thinking of is substituting  
> misleading glyphs to make text on other sites appear to say  
> something other than it actually does. This is not something the UA  
> can verify. It is also not a serious problem if a site does this to  
> itself, but a site can't be allowed to do it to other sites. Apple's  
> Product Security team was specifically worried about the risk of  
> cross-site font injection like this when we described the Web Fonts  
> feature to them, and we had to explain why it is not vulnerable.

But do you agree that if both sites used some future feature of @font- 
face to "fingerprint" the font, that if the fingerprints matched the  
font from the first site could be used for the second site? The second  
site would not be using a fingerprint of a font it didn't want.

Received on Wednesday, 30 April 2008 14:30:26 UTC