W3C home > Mailing lists > Public > www-style@w3.org > July 2015

Re: [css-font-loading] Handling cross-origin CORS-tainted font faces

From: John Daggett <jdaggett@mozilla.com>
Date: Tue, 14 Jul 2015 09:59:26 +0900
Message-ID: <CALYZoVOcmhm_4OhO+6c5kjsB02_21cdgJczBqTej=d=AX1EKJQ@mail.gmail.com>
To: "Tab Atkins Jr." <jackalmage@gmail.com>
Cc: www-style list <www-style@w3.org>
Tab Atkins wrote:

> 1. Put a "CORS-tainted" flag on FontFaces, set appropriately, and
> rewrite several of the search/iteration algorithms in the spec to skip
> tainted FontFaces unless you're a blessed caller.
>
> 2. Add a "OpaqueFontFace" interface which lacks most of the
> attributes, but has a private slot pointing to the real FontFace it
> represents (as usual, private slots are only visible/accessible to the
> implementation), and then just treat it as normal.

If style rules from a cross-origin stylesheet don't show up in the OM then
I think it makes more sense for FontFace objects to not be exposed via
FontFaceSet methods. Having "opaque" objects seems nasty. So I guess option
(1) would be one way to achieve this.

I also responded on the github thread.

Cheers,

John Daggett

‚Äč
Received on Tuesday, 14 July 2015 00:59:55 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 22:52:18 UTC