What are the security implications of using a web font hosted by a 3rd party provider? [closed]

Question

Closed. This question needs to be more focused. It is not currently accepting answers.

---

Want to improve this question? Update the question so it focuses on one problem only by editing this post.

Closed 8 years ago.

Improve this question

What are the security implications of using a web font hosted by a 3rd party provider, such as Google or Adobe?

Answer 1

Google Fonts offers 3 methods of including their fonts on your page: through the link element, through the CSS @import statement and through external JavaScript.

There should be no security problems if you include your stylesheet using the link element with a type attribute set to "text/css" or through the css @import statement; the browser would only attempt to read this as CSS and ignore anything which is invalid.

There would be potential security risks in including the fonts through external JavaScript, but this all boils down to trust; do you trust Google or Adobe to host JavaScript for you?