[wp-meta] [Making WordPress.org] #1443: Fonts-Plugin: Allow fonts from other sources than Typekit, Google and BoostrapCDN

Making WordPress.org noreply at wordpress.org
Mon Dec 7 22:04:57 UTC 2015


#1443: Fonts-Plugin:  Allow fonts from other sources than Typekit, Google and
BoostrapCDN
--------------------------+----------------------------------------
  Reporter:  Kau-Boy      |      Owner:  iandunn
      Type:  enhancement  |     Status:  accepted
  Priority:  normal       |  Component:  wordcamp.org
Resolution:               |   Keywords:  needs-patch good-first-bug
--------------------------+----------------------------------------

Comment (by iandunn):

 > Would it be possible to whitelist something like
 https://cdn.jsdelivr.net/font-*.css to allow only fonts?

 Anybody can add a project to jsdelivr.com and name it whatever they want,
 so `jsdelivr.net/font-awesomer/please-trust-me.css` might not be a font at
 all; it could be full of `expression`s, bindings, etc.

 > we should also trust the organizers that they don't intentionally try to
 break the platform

 I'm not really worried about organizers being malicious, but it'd be
 pretty easy for an attacker to compromise an organizer's account, or to
 compromise weak externally hosted services.

--
Ticket URL: <https://meta.trac.wordpress.org/ticket/1443#comment:9>
Making WordPress.org <https://meta.trac.wordpress.org/>
Making WordPress.org


More information about the wp-meta mailing list