tag | 521e937d5cfac87d42ccba44bfe447efe00113a3 | |
---|---|---|
tagger | Khaled Hosny <khaledhosny@eglug.org> | Sun Jul 15 22:53:41 2018 |
object | b2d8733abf5b141f20881b071b68d2dbe73c5baf |
New release
commit | b2d8733abf5b141f20881b071b68d2dbe73c5baf | [log] [tgz] |
---|---|---|
author | Khaled Hosny <khaledhosny@eglug.org> | Sun Jul 15 22:53:30 2018 |
committer | Khaled Hosny <khaledhosny@eglug.org> | Sun Jul 15 22:53:30 2018 |
tree | 72c5095aa4bf9c8e8a1de3642133c0993927b372 | |
parent | 1806add46e82c7ae0547aef2fb25dca7eb9a686f [diff] |
New release
The OpenType Sanitizer (OTS) parses and serializes OpenType files (OTF, TTF) and WOFF and WOFF2 font files, validating them and sanitizing them as it goes.
The C library is integrated into Chromium and Firefox, and also simple command line tools to check files offline in a Terminal.
The CSS font-face property is great for web typography. Having to use images in order to get the correct typeface is a great sadness; one should be able to use vectors.
However, on many platforms the system-level TrueType font renderers have never been part of the attack surface before, and putting them on the front line is a scary proposition... Especially on platforms like Windows, where it's a closed-source blob running with high privilege.
Instructions below are for building standalone OTS utilities, if you want to use OTS as a library then the recommended way is to copy the source code and integrate it into your existing build system. Our build system does not build a shared library intentionally.
Build OTS:
$ meson build $ ninja -C build
Run the tests (if you wish):
$ ninja -C build test
If you would like to see the source code lines related to reported errors, then replace meson call above with:
$ meson -Ddebug=true build
For example:
$ ./ots-sanitize ~/fonts/ofl/merriweathersans/MerriweatherSans-Bold.ttf ERROR at src/layout.cc:100 (ParseScriptTable) ERROR: Layout: DFLT table doesn't satisfy the spec. for script tag DFLT ERROR at src/layout.cc:1247 (ParseScriptListTable) ERROR: Layout: Failed to parse script table 0 ERROR at src/gsub.cc:642 (ots_gsub_parse) ERROR: GSUB: Failed to parse script list table ERROR at src/ots.cc:669 (ProcessGeneric) Failed to sanitize file!
See docs
Thanks to Alex Russell for the original idea.