Google Git
Sign in
chromium / external / github.com / khaledhosny / ots / v7.1.7
tag521e937d5cfac87d42ccba44bfe447efe00113a3
taggerKhaled Hosny <khaledhosny@eglug.org>Sun Jul 15 22:53:41 2018
objectb2d8733abf5b141f20881b071b68d2dbe73c5baf 
New release
commitb2d8733abf5b141f20881b071b68d2dbe73c5baf[log] [tgz]
authorKhaled Hosny <khaledhosny@eglug.org>Sun Jul 15 22:53:30 2018
committerKhaled Hosny <khaledhosny@eglug.org>Sun Jul 15 22:53:30 2018
tree72c5095aa4bf9c8e8a1de3642133c0993927b372
parent1806add46e82c7ae0547aef2fb25dca7eb9a686f [diff]
New release
1 file changed
tree: 72c5095aa4bf9c8e8a1de3642133c0993927b372
  1. docs/
  2. include/
  3. src/
  4. tests/
  5. third_party/
  6. util/
  7. .appveyor.yml
  8. .gitmodules
  9. .travis.yml
  10. LICENSE
  11. meson.build
  12. meson_options.txt
  13. README.md
README.md

Build Status Build status

OpenType Sanitizer

The OpenType Sanitizer (OTS) parses and serializes OpenType files (OTF, TTF) and WOFF and WOFF2 font files, validating them and sanitizing them as it goes.

The C library is integrated into Chromium and Firefox, and also simple command line tools to check files offline in a Terminal.

The CSS font-face property is great for web typography. Having to use images in order to get the correct typeface is a great sadness; one should be able to use vectors.

However, on many platforms the system-level TrueType font renderers have never been part of the attack surface before, and putting them on the front line is a scary proposition... Especially on platforms like Windows, where it's a closed-source blob running with high privilege.

Building from source

Instructions below are for building standalone OTS utilities, if you want to use OTS as a library then the recommended way is to copy the source code and integrate it into your existing build system. Our build system does not build a shared library intentionally.

General build instructions

Build OTS:

$ meson build
$ ninja -C build

Run the tests (if you wish):

$ ninja -C build test

Developer build instructions

If you would like to see the source code lines related to reported errors, then replace meson call above with:

$ meson -Ddebug=true build

For example:

$ ./ots-sanitize ~/fonts/ofl/merriweathersans/MerriweatherSans-Bold.ttf
ERROR at src/layout.cc:100 (ParseScriptTable)
ERROR: Layout: DFLT table doesn't satisfy the spec. for script tag DFLT
ERROR at src/layout.cc:1247 (ParseScriptListTable)
ERROR: Layout: Failed to parse script table 0
ERROR at src/gsub.cc:642 (ots_gsub_parse)
ERROR: GSUB: Failed to parse script list table
ERROR at src/ots.cc:669 (ProcessGeneric)
Failed to sanitize file!

Usage

See docs

Thanks to Alex Russell for the original idea.