[wp-meta] [Making WordPress.org] #1443: Fonts-Plugin: Allow fonts from other sources than Typekit, Google and BoostrapCDN
Making WordPress.org
noreply at wordpress.org
Mon Dec 7 22:04:57 UTC 2015
#1443: Fonts-Plugin: Allow fonts from other sources than Typekit, Google and
BoostrapCDN
--------------------------+----------------------------------------
Reporter: Kau-Boy | Owner: iandunn
Type: enhancement | Status: accepted
Priority: normal | Component: wordcamp.org
Resolution: | Keywords: needs-patch good-first-bug
--------------------------+----------------------------------------
Comment (by iandunn):
> Would it be possible to whitelist something like
https://cdn.jsdelivr.net/font-*.css to allow only fonts?
Anybody can add a project to jsdelivr.com and name it whatever they want,
so `jsdelivr.net/font-awesomer/please-trust-me.css` might not be a font at
all; it could be full of `expression`s, bindings, etc.
> we should also trust the organizers that they don't intentionally try to
break the platform
I'm not really worried about organizers being malicious, but it'd be
pretty easy for an attacker to compromise an organizer's account, or to
compromise weak externally hosted services.
--
Ticket URL: <https://meta.trac.wordpress.org/ticket/1443#comment:9>
Making WordPress.org <https://meta.trac.wordpress.org/>
Making WordPress.org
More information about the wp-meta
mailing list