When testing CentralNotice banners, the stricter Content Security Policy was throwing up a series of warnings.
This relates to series of font files that are being defined here:
https://ar.wikipedia.org/wiki/%D9%85%D9%8A%D8%AF%D9%8A%D8%A7%D9%88%D9%8A%D9%83%D9%8A:Ruqaa.css
And are being pulled in by default to the sites common.css.
The previous characters were removed here with the edit summary ' The line was removed because the system no longer supports links from Tulabs ' (إزالة السطر بسبب أن النظام لم يعد يدعم الروابط القادمة من التولابز). The new fonts were added in in this edit. Both by the same user.
The file names were what looked most suspect to me and I can believe there is a good faith reason for doing this. But loading in any files for an entire site from labs in this way should not be the done thing.