On 10/25/11 4:35 PM, websec issue tracker wrote: > #25: what, if any, sniffing for fonts is required? > > The current spec has a stub for sniffing fonts. > The use case for this was @font-face, CSS' font linking feature. > The request came in http://www.ietf.org/mail- > archive/web/websec/current/msg00235.html > > However, "That seems very anecdotal. Do you have data to back up these > claims?" (in this case, "data" = "significant use cases where sniffing is > necessary"). > > > http://lists.w3.org/Archives/Public/public-webfonts-wg/2011Apr/0005.html > http://lists.w3.org/Archives/Public/public-webfonts-wg/2011Apr/0012.html > > Reading those, it looks like there was some disagreement about what types > ought to be registered. This seems like a case where there are multiple > type definitions which can be distinguished by magic number or other usage > patterns, and the question is whether to register them as separate types > or to use a single type and disambiguate later in the process at the > receiver. > > In any case, we need to resolve what font sniffing is necessary, what > should be sniffed, etc. >
I will bring this up during next Monday's joint meeting of the WebFonts, WebAppSec and CSS WGs at the W3C plenary. Peter -- Peter Saint-Andre https://stpeter.im/ _______________________________________________ websec mailing list [email protected] https://www.ietf.org/mailman/listinfo/websec
