[Tracking] Font Library. Stage 1: Manage fonts and Local fonts upload

[mikachan]

Tracking issue for the Font Library
Stage 1: Manage fonts and Local fonts upload

The following list covers known features, bugs, and issues related to the Font Library. Ideally, we'll complete as many of these as possible before the 6.4 beta 1 (September 26, 2023).

To Do

In Progress

• WP_Theme_JSON sanitization is not working below certain level of theme.json #52798
• Font Library: How to add lib-font package (or equivalent). #53653

Done

• Font Library backend: can we use _wp_handle_upload() mime type validation ? #53576
• Indicate nested paths on __experimentalSaveSpecifiedEntityEdits #54161
• Fonts Library: Backend #52704
• Fonts Library: Test improvements #53702
• Fonts Library: update properties name from snake case to camel case to match the rest of the properties #53746
• Relocates Font Face and Fonts Library PHP files into Core's fonts directory #53747
• Renames "Fonts Library" to "Font Library" #53780
• Font Library: use /wp-content/fonts instead of /wp-content/uploads/fonts to store font assets. #53965
• Add edits data to the useEntityRecord #54167
• Notification snackbar is below modals #52609
• Load font assets dynamically in the editor's iframe when the global settings are modified #51764
• Font Library: Frontend [Stage 1] #53884
• Font Library: ensure merged fontFace data is enconded as an array instead of an object #54435
• Font Library: Same font faces with different file extensions are added as a separated variant.  #54253

Related

• Server-Side Font Face CSS Generation and Printing: Ongoing Roadmap (formerly the Fonts API) #41479
• [Fonts API] Remove all files once Font Library is merged #51820

Next Steps:

Stage 2: #53307
Stage 3: #53926

[hellofromtonya]

Here's the Core Trac ticket https://core.trac.wordpress.org/ticket/59166 for tracking the merge of the Font Library into WordPress Core.

[matiasbenedetto]

To reduce the scope of this issue a little by removing the Google fonts references from Stage 1 and adding it to Stage 2 tracking issue. It is to break up things into smaller pieces easier to think about, review, and merge. Both parts are still intended to be ready for WordPress 6.4

[azaozz]

There have been questions/discussions about why the font previews in the UI don't use images (SVGs) but instead load the (whole) fonts from Google. It seems that using SVGs has some significant advantages:

1. Makes the Font Library quite faster when browsing fonts to install.
2. Fixes/removes the need to access the Google fonts CDN when browsing. That removes the need to ask for user consent every time the users look for new fonts in the Font Library (i.e. removes the need to have an intermediate "stop and ask for consent" stage). The SVG images can be hosted on wp.org together with the (updated) fonts list, or perhaps even be part of the list (several possible implementations).

Looking at the three stages: this issue, #53307 and #53926, it seems that using images for previews may be intended for stage 3. However thinking that implementing this enhancement now would make the Font Library quite better, and will help to alleviate some of the user privacy concerns. (There was a court case in EU over loading fonts from the Google CDN, hence there must be a "a blocking step/dialog/popup to ask for used consent" before loading fonts from there in the Font Library).

[jasmussen]

(There was a court case in EU over loading fonts from the Google CDN, hence there must be a "a blocking step/dialog/popup to ask for used consent" before loading fonts from there in the Font Library)

Just want to boost for visibility, as this keeps coming up, that in #53882 there is such a design requiring opt-in before you load anything at all. It seems like it would be very easy to implement, so let me know if that doesn't address the concern shared.

[webd-uk]

Should the notice not explain a little about why permission is required in that doing so exposes your IP to a third party who may use it to track you? “Giving permission to connect” isn’t the same as “giving permission to connect and expose your IP to whatever.third.party.server”.

[jasmussen]

Yes, I would love advice on the exact phrasing. In my opinion, this notice can be as big and scary as it needs to be, so long as there's a single clear button that takes you to the next step.

[matiasbenedetto]

There have been questions/discussions about why the font previews in the UI don't use images (SVGs) but instead load the (whole) fonts from Google. It seems that using SVGs has some significant advantages:

1. Makes the Font Library quite faster when browsing fonts to install.
2. Fixes/removes the need to access the Google fonts CDN when browsing.

Yes, we could load the SVG images as previews without hassle. I agree it's a good enhancement. However, I would prefer to think about that as a performance improvement and not correlate it to the GDPR legislation discussion because we would still need to load the font assets from Google to generate the custom text previews when we re-enable that feature.

[azaozz]

I would prefer to think about that as a performance improvement and not correlate it to the GDPR legislation discussion because we would still need to load the font assets from Google...

Right. Using images will not remove the need for loading fonts from Google for custom previews, but will reduce (quite significantly?) the number of times that may be needed. Fonts can also be installed without custom previews, right?

[azaozz]

Yes, I would love advice on the exact phrasing. In my opinion, this notice can be as big and scary as it needs to be

This looks great imho. One suggestion about the text: thinking it has to give the users an alternative. As it is currently the message can be perceived as "either give permission or fonts cannot be installed". This, of course, is not the case :)

[jasmussen]

Thanks. I took that feedback into consideration and updated the mockups in the main issue: #45271.

[matiasbenedetto]

I'm closing this issue because this stage was part of the plan to make the font library ready to merge in WordPress core 6.4, but since it was punted to 6.5, we should focus on making it ready for 6.5. This is the new tracking issue: #55277