Google Git
Sign in
chromium / external / ots / 8bba749d9d5401726a7d7609ab914fdb5e92bfbe / .
tree: 02712cd3896d60a0365a1dfacad2f3d06d122b38 [path history] [tgz]
  1. docs/
  2. include/
  3. src/
  4. subprojects/
  5. tests/
  6. third_party/
  7. util/
  8. .appveyor.yml
  9. .gitignore
  10. .gitmodules
  11. .travis.yml
  12. LICENSE
  13. meson.build
  14. meson_options.txt
  15. README.md
README.md

Build Status Build status OSS-Fuzz Status

OpenType Sanitizer

The OpenType Sanitizer (OTS) parses and serializes OpenType files (OTF, TTF) and WOFF and WOFF2 font files, validating them and sanitizing them as it goes.

The C library is integrated into Chromium and Firefox, and also simple command line tools to check files offline in a Terminal.

The CSS font-face property is great for web typography. Having to use images in order to get the correct typeface is a great sadness; one should be able to use vectors.

However, on many platforms the system-level TrueType font renderers have never been part of the attack surface before, and putting them on the front line is a scary proposition... Especially on platforms like Windows, where it's a closed-source blob running with high privilege.

Building from source

Instructions below are for building standalone OTS utilities, if you want to use OTS as a library then the recommended way is to copy the source code and integrate it into your existing build system. Our build system does not build a shared library intentionally.

Build OTS:

$ meson build
$ ninja -C build

Run the tests (if you wish):

$ ninja -C build test

Usage

See docs

Thanks to Alex Russell for the original idea.