[wp-meta] [Making WordPress.org] #1443: Fonts-Plugin: Allow fonts from other sources than Typekit, Google and BoostrapCDN
Making WordPress.org
noreply at wordpress.org
Mon Dec 7 21:25:04 UTC 2015
#1443: Fonts-Plugin: Allow fonts from other sources than Typekit, Google and
BoostrapCDN
--------------------------+----------------------------------------
Reporter: Kau-Boy | Owner: iandunn
Type: enhancement | Status: accepted
Priority: normal | Component: wordcamp.org
Resolution: | Keywords: needs-patch good-first-bug
--------------------------+----------------------------------------
Comment (by Kau-Boy):
I totally understand the reason for the change in the Fonts-Plugin
regarding security. Would it be possible to whitelist something like
`https://cdn.jsdelivr.net/font-*.css` to allow only fonts?
We also talk about a plugin used for the WordCamp organizers. We should
enforce the best security possible, but we should also trust the
organizers that they don't intentionally try to break the platform by
using unsecure ressources from such CDNs.
--
Ticket URL: <https://meta.trac.wordpress.org/ticket/1443#comment:8>
Making WordPress.org <https://meta.trac.wordpress.org/>
Making WordPress.org
More information about the wp-meta
mailing list