- From: Behdad Esfahbod <behdad@google.com>
- Date: Tue, 5 Jan 2016 12:36:10 +0000
- To: Jonathan Kew <jfkthame@gmail.com>
- Cc: WOFF Working Group <public-webfonts-wg@w3.org>
- Message-ID: <CAOY=jUQaPqObcQs=Z1QNsT+jyRz7D=_kEhDtj=ZJP2cahviqJA@mail.gmail.com>
On Tue, Jan 5, 2016 at 10:10 AM, Jonathan Kew <jfkthame@gmail.com> wrote:
> On 4/1/16 22:54, Roderick Sheeter wrote:
>
>> Just a quick heads up, Firefox 44, coming Jan 26 2016
>> (https://developer.mozilla.org/en-US/Firefox/Releases/44) updates OTS to
>> reject fonts if it rejected any of { GDEF, GSUB, GPOS }. Chrome will
>> pick this up at some point as well.
>>
>>
> I'm not sure this will affect Chrome, actually; my understanding is that
> Blink now lets GDEF/GSUB/GPOS tables bypass OTS validation, on the grounds
> that harfbuzz does its own sanitization before using them and therefore
> should be safe from malformed/malicious tables.
>
> (See https://codereview.chromium.org/1306343006/)
>
> It's possible we'll do something like that in Gecko at some point, though
> in principle I'd prefer to see pressure brought to bear on
> designers/authors to get incorrectly-built fonts fixed.
I fully agree with the latter statement. Though, the reason we dropped OTS
check was that they were too limiting, rejecting perfectly legitimate
tables.
>
> JK
>
>
> Previously OTS would drop the table(s) but accept the font so it would
>> work as a web font, albeit potentially with odd behavior due to the
>> missing tables.
>>
>> This change causes some fonts that were previously accepted to be
>> rejected by the browser. If so, those fonts will require updates to
>> continue to work as web fonts.
>>
>> See https://github.com/khaledhosny/ots/issues/74 for additional context
>> around the OTS change.
>>
>> Rod S
>>
>
>
>
Received on Tuesday, 5 January 2016 12:36:54 UTC