[whatwg] font security on measureText

Anne van Kesteren annevk at annevk.nl
Fri May 3 07:40:33 PDT 2013

On Fri, May 3, 2013 at 3:07 PM, Boris Zbarsky <bzbarsky at mit.edu> wrote:
> The text at
> http://dev.w3.org/csswg/css-fonts/#default-same-origin-restriction and
> http://dev.w3.org/csswg/css-fonts/#allowing-cross-origin-font-loading
> predates your introduction of the mode values, but clearly corresponds to
> the "CORS" mode, no?

Yeah that text sort of works, though fails in the face of redirects
and fails to the right thing for data URLs. But indeed, the intent is

> And while browsers are not aligned yet, they did plan to align last I heard,
> in that their representatives in the WG had agreed to the above text.


> Of course it's possible some of the browsers involved are just planning to
> ignore the spec altogether without bothering to argue to get it changed to
> what they think is the right thing.

Let's hope not.


More information about the whatwg mailing list