Re: [css-font-loading] Handling cross-origin CORS-tainted font faces from John Daggett on 2015-07-14 (www-style@w3.org from July 2015)

From: John Daggett <jdaggett@mozilla.com>
Date: Tue, 14 Jul 2015 09:59:26 +0900
To: "Tab Atkins Jr." <jackalmage@gmail.com>
Cc: www-style list <www-style@w3.org>
Message-ID: <CALYZoVOcmhm_4OhO+6c5kjsB02_21cdgJczBqTej=d=AX1EKJQ@mail.gmail.com>

Tab Atkins wrote:

> 1. Put a "CORS-tainted" flag on FontFaces, set appropriately, and
> rewrite several of the search/iteration algorithms in the spec to skip
> tainted FontFaces unless you're a blessed caller.
>
> 2. Add a "OpaqueFontFace" interface which lacks most of the
> attributes, but has a private slot pointing to the real FontFace it
> represents (as usual, private slots are only visible/accessible to the
> implementation), and then just treat it as normal.

If style rules from a cross-origin stylesheet don't show up in the OM then
I think it makes more sense for FontFace objects to not be exposed via
FontFaceSet methods. Having "opaque" objects seems nasty. So I guess option
(1) would be one way to achieve this.

I also responded on the github thread.

Cheers,

John Daggett

Received on Tuesday, 14 July 2015 00:59:55 UTC