[wp-trac] [WordPress Trac] #26072: Bundle the Open Sans font
WordPress Trac
noreply at wordpress.org
Sat Jun 27 14:30:51 UTC 2015
#26072: Bundle the Open Sans font
----------------------------+------------------------------
Reporter: johnbillion | Owner:
Type: task (blessed) | Status: reopened
Priority: high | Milestone: Awaiting Review
Component: Administration | Version: 3.8
Severity: normal | Resolution:
Keywords: | Focuses: ui
----------------------------+------------------------------
Comment (by dorianmuthig):
* Is inappropriate change
* Has security implications
As per comment on GitHub:
https://github.com/WordPress/WordPress/commit/81df9bffc5ffdda9cd7c16dadef21b574f9ee922#commitcomment-11859945
(most recent code change that is relevant to the issue described)
And suggestion from:
https://core.trac.wordpress.org/ticket/32552?cnum_edit=9#comment:10
>> Please make a change and do not load libraries from external sources.
This centralizes the failure point and enables the external provider to
track all visitors, or worse, inject code in a targeted manner via
referrer, domain, IP and public cookie matching. Please include these
resources locally with the wordpress installation and make using the local
copy the default. In case you'd like to provide users with the option to
use a CDN, please do it in a manner which allows and encourages those
managing multiple wordpress installations to 1. use their own, 2. verify
the script loaded is the right one (lazy load it with JavaScript and
verify a checksum) and 3. avoid leaking user's browser behavior to third
parties.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/26072#comment:41>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list