- From: Aryeh Gregor <Simetrical@gmail.com>
- Date: Thu, 6 Nov 2008 22:22:10 -0500
- To: robert@ocallahan.org
- Cc: "Tab Atkins Jr." <jackalmage@gmail.com>, "Mikko Rantalainen" <mikko.rantalainen@peda.net>, "www-style@w3.org" <www-style@w3.org>
On Thu, Nov 6, 2008 at 9:20 PM, Robert O'Callahan <robert@ocallahan.org> wrote: > It's been incredibly successful in some ways. It's also been incredibly > disastrous for security (when applied to scripts, images and IFRAMEs at > least). Same-origin restrictions are important for security, of course. I just don't see it as being a great solution for DRM. As far as security goes, I see no security difference here between the various proposals, since all allow remote-linking a font with at most the consent of the font's host (which the uploader of a malicious font would obviously grant). > I happen to agree with the "other side" that allowing anyone to link to any > font anywhere, unless the person hosting the font file has taken explicit > steps to forbid, makes it too easy for people to do the wrong thing. Isn't this an identical situation to images? Do you think the web would be better if linking to images across domains was opt-in (and opting in required messing with web server configuration)?
Received on Friday, 7 November 2008 03:22:46 UTC