|tagger||Khaled Hosny <firstname.lastname@example.org>||Sun Dec 20 14:07:53 2020|
Version 8.1.2 * Sanitize maxPoints, maxComponentPoints, and maxComponentDepth from the maxp table. * Increase limits for decompressed tables and files from 30MB for both, to 150MB and 300MB, respectively. * Improve warning and error messages in hhea/vhea tables.
|author||Khaled Hosny <email@example.com>||Sun Dec 20 14:07:38 2020|
|committer||Khaled Hosny <firstname.lastname@example.org>||Sun Dec 20 14:07:38 2020|
The OpenType Sanitizer (OTS) parses and serializes OpenType files (OTF, TTF) and WOFF and WOFF2 font files, validating them and sanitizing them as it goes.
The C library is integrated into Chromium and Firefox, and also simple command line tools to check files offline in a Terminal.
The CSS font-face property is great for web typography. Having to use images in order to get the correct typeface is a great sadness; one should be able to use vectors.
However, on many platforms the system-level TrueType font renderers have never been part of the attack surface before, and putting them on the front line is a scary proposition... Especially on platforms like Windows, where it's a closed-source blob running with high privilege.
Instructions below are for building standalone OTS utilities, if you want to use OTS as a library then the recommended way is to copy the source code and integrate it into your existing build system. Our build system does not build a shared library intentionally.
$ meson build $ ninja -C build
Run the tests (if you wish):
$ ninja -C build test
Thanks to Alex Russell for the original idea.