W3C home > Mailing lists > Public > www-style@w3.org > October 2009

Re: [WOFF] Checksums, IDs, and Local Cacheing

From: Neville Hillyer <n.hillyer@open.ac.uk>
Date: Sun, 25 Oct 2009 17:42:48 +0000
Message-ID: <4AE48E18.7070902@open.ac.uk>
To: www-style <www-style@w3.org>, www-font <www-font@w3.org>
jdaggett@mozilla.com wrote:
> It seems like what you're asking for is a way of caching fonts by a mechanism other than the URL.  There are security reasons this isn't such a great idea; if you provide a way that the fonts of one site can end up on the content of another site, you effectively enable malicious content to be injected into another page.  It's also difficult to imagine a caching mechanism that would be foolproof, it would be awfully easy to create two fonts that would be different but have the same key

I know little about this issue but it does occur to me that there may be several 
acceptable ways to provide common resources, such as fonts, other than from the 
host site:

1	From a trusted third party site via a specific URL on the page such as 
scripts, images, style sheets etc - ie cached via URL - I am unsure if the 
application of this to fonts would require browser and/or CSS changes.

2	A separate longer term cache for items from trusted sites such as W3C or 
browser manufacturers etc - similar to plug-ins - a cookie type mechanism could 
be employed but with separate, totally different, security to normal cookies - I 
assume that this would require design changes to browsers.

I suspect others can think of further mechanisms.



Received on Sunday, 25 October 2009 17:43:25 UTC

This archive was generated by hypermail 2.4.0 : Monday, 23 January 2023 02:13:40 UTC