@font-face hosed by CSS editor
-
quite frankly, it is deeply annoying that simple CSS code like this
should be knee-capped into this useless code (as copied form my CSS upgrade file)
/* test google apis */ #post-5338 @font-face { font-family: 'Codystar'; font-style: normal; font-weight: 400; src: format('woff2'), format("woff"); }it is almost as if working with more creative fonts is sequestered into this narrow design box that was decided on by the theme designer and WP
why on earth would the free google.apis font catalog be considered a security risk?
WP could just block any svg fonts and be done with it.
very very frustrating, to work with the CSS WP editor, once you get past knowing the basics of CSS and have outgrown childish things.
beyond the sarcasm, I would actually be interested in the business or technical reason for the above.
(editorial note: I am starting to get into writing my own SPAs on the desktop… guess I will have to learn the Google App Scripting lingo and also how to use their HTML service…. in order to do more interesting things with CSS… then I can in add some JS code using the IndexedDB facility and unleash my very own first gadget!)
The blog I need help with is: (visible only to logged in users)
-
The CSS editor at WordPress.com is very cautious in regard to security. The @font-face rule allows loading of external files, so it’s not so much that the free Google APIs are not allowed explicitly and more that those particular ones are probably fine but we have never made a step to whitelist them and other unknown files that could be loaded maliciously are the risk that would need to be assessed or worked around. It’s possible someone here will decide in the future to lift the restriction after a more solid review or to whitelist the Google Font APIs outright, however, in the past, priority has typically gone to developing simpler tools to change fonts such as what you see in the Fonts panel in Appearance > Customize and that will probably continue to be the case.
You are one of the most advanced CSS users I’ve seen posting here in the CSS forums. I’m sorry the tools aren’t less restricted for you!
(editorial note: I am starting to get into writing my own SPAs on the desktop… guess I will have to learn the Google App Scripting lingo and also how to use their HTML service…. in order to do more interesting things with CSS… then I can in add some JS code using the IndexedDB facility and unleash my very own first gadget!)
That sounds really cool!
-
@designsimply
Thanks for the compliment! I understand about the security concerns. I did go to another site that had what I thought was a safe free font download for an attractive looking font that I wanted to test on a sample program and got snapped with a Trojan. Luckily I was able to quickly get rid of it through Norton and Malware Bytes. By the same token, I long for the possibilities and the look of SVG icons (I have even started to learn Inkscape to learn understand to design them myself), but am starting to see the security problems inherent to that technology. Hopefully robust solution to that will soon be found. I think the WP editor is a good place to start getting your feet wet in terms of understanding how CSS and HTML template driven design actually work together– as opposed to reading books about it, and falling asleep doing so. But if you have the interest and aptitude for it, WP CSS soon becomes too restrictive — which has happened with me after (slowly) learning more advanced CSS and HTML coding techniques last October. Btw, Brackets is now the only HTML editor I will ever use again. Bye Notepad! It was good while it lasted, but I now have to say goodbye. *S* And oddly enough, I think I may have found my calling in UIX design, particularly mobile driven design (and all the technical things you have to keep in mind in that env), which I find fascinating, and may even go to the Smashing Conference in NY in June. cheers! -
Agreed, about learning CSS here. Stuff like this is also really good for beginners because it’s hands-on:
http://www.codecademy.com/courses/web-beginner-en-TlhFi/0/1?curriculum_id=50579fb998b470000202dc8bif you have the interest and aptitude for it, WP CSS soon becomes too restrictive
In your case, I think that’s true! But I’m serious that you get more advanced and do a lot more experimental and cutting edge stuff than anyone else I’ve seen here on WordPress.com. If you’re interested in doing stuff like that, you can definitely outgrow WordPress.com’s options which are indeed more restrictive than a WordPress.org setup by design.
and may even go to the Smashing Conference in NY in June
I’ve never been to one! They seem really cool though.
- The topic ‘@font-face hosed by CSS editor’ is closed to new replies.
WordPress.com Forums 