[Webkit-unassigned] [Bug 31106] [Chromium] handle web fonts in a secure manner
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Nov 9 15:36:47 PST 2009
https://bugs.webkit.org/show_bug.cgi?id=31106
--- Comment #36 from Sam Weinig <sam at webkit.org> 2009-11-09 15:36:44 PDT ---
I would rather this not get committed until we have more time to discus this.
If it is in fact a good idea to have this sanitizer, then I believe a copy
should live in the webkit tree (just as image decoders live in the tree).
That said, I am not sure it is good idea. What makes one parser (the sanitizer)
less prone to security bugs then the actual font parser? Won't this increase
the attack surface for a certain class of bug?
Let's not push this through until there has been more discussion on this.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list