[wp-meta] [Making WordPress.org] #1443: Fonts-Plugin: Allow fonts from other sources than Typekit, Google and BoostrapCDN
Making WordPress.org
noreply at wordpress.org
Mon Dec 7 21:19:04 UTC 2015
#1443: Fonts-Plugin: Allow fonts from other sources than Typekit, Google and
BoostrapCDN
--------------------------+----------------------------------------
Reporter: Kau-Boy | Owner: iandunn
Type: enhancement | Status: accepted
Priority: normal | Component: wordcamp.org
Resolution: | Keywords: needs-patch good-first-bug
--------------------------+----------------------------------------
Comment (by iandunn):
> if there are plugins on wordcamp.org that might cause a regression for
our organizers/sites, we should review them before updating
This was actually [https://meta.trac.wordpress.org/changeset/2085 a
security restriction that I added], but it only effects sites when making
changes to Custom CSS. Sites that are currently `@import`ing fonts are
grandfathered in, unless they make changes in the future.
I went through all the recent/upcoming sites -- i.e., those likely to be
making changes -- to make sure they wouldn't be effected, and manually
configured the Fonts plugin for them, and added Font Awesome support
because one of them needed it. It wasn't practical to do it for the other
~500 sites, though.
> Actual Hack can only be used (in different flavors) with this CDN:
http://www.jsdelivr.com/projects/font-hack
We can't whitelist the entire CDN, because malicious files could be hosted
there. We'd have to limit it to just `/projects/font-hack`, but then we'd
be back to whitelisting individual fonts, which isn't practical. See
comment:2.
--
Ticket URL: <https://meta.trac.wordpress.org/ticket/1443#comment:7>
Making WordPress.org <https://meta.trac.wordpress.org/>
Making WordPress.org
More information about the wp-meta
mailing list