MozillaWiki

SVGFonts: Difference between revisions

Page Discussion

SVGFonts (view source)

Revision as of 19:47, 8 March 2011

1 byte removed ,  8 March 2011
m
typo fix: "Borris" --> "Boris"
m (Typo fix: "on line" -> "online")
m (typo fix: "Borris" --> "Boris")
Line 256: Line 256:
== An estimation of the additional security risk of implementing SVG fonts ==
== An estimation of the additional security risk of implementing SVG fonts ==


As [http://developers.slashdot.org/comments.pl?sid=1713004&cid=32847010 Borris Zbarsky points out] "Once you put an <iframe> in a glyph, all sorts of issues arise". SVG is powerful, so security holes can be proportionally important.
As [http://developers.slashdot.org/comments.pl?sid=1713004&cid=32847010 Boris Zbarsky points out] "Once you put an <iframe> in a glyph, all sorts of issues arise". SVG is powerful, so security holes can be proportionally important.


But SVG Fonts do not introduce particularly more dangerous behaviors the the rest of the SVG Spec. After all, we can put an <iframe> in any <path>, and it should not behave more badly than in a <glyph>.
But SVG Fonts do not introduce particularly more dangerous behaviors the the rest of the SVG Spec. After all, we can put an <iframe> in any <path>, and it should not behave more badly than in a <glyph>.
Dholbert
Confirmed users
490

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/289731"