RE: I18N-ISSUE-9: OpenType feature preservation [WOFF]

I share the same concerns regarding the layout table handling that Richard and Christopher brought up, but I agree with John, and I think that mentioning the specific OT tables would be out of character for the WOFF spec. WOFF deals with packaging of fonts, and throughout the spec we've been very consistent referring to SFNT-based fonts (that doesn't imply any particular set of tables, table tags, etc.). Section 5 of the spec makes it clear that font data tables packaged in the WOFF file are the same as the table in the input font and, in addition, the compliance to the WOFF spec implies identical reconstruction of the input font when the WOFF file is unpacked. Saying anything specific about handling and semantics of particular font tables in the normative part would be out of scope of the WOFF spec, as Richard noted in his comment.

However, the informative note in section 5 does mention that UA "need not necessarily reconstitute the input font as a whole" and "may access individual tables directly as needed". I think it would be reasonable and appropriate to add a language here with the warning that removing or ignoring any font table may result in breaking the functionality of the font, which may affect text rendering results and text layout. 

I think this would be best we can do, as far as WOFF spec is concerned. Once a font is unpacked, rendering of text using it is totally under UA control. I am a strong believer in market forces and think that while specs can establish interoperability they cannot *enforce* quality. A product that is not capable of rendering text in complex language scripts due to mishandling of certain font tables would be seen as inferior compared to the competition, and would likely have a limited market share. Sacrificing functionality vs. taking on security risks is a decision that only UA vendors can make based on their target markets and user base - and market itself offers much stronger incentives to get it right, more than any spec requirements would.

Thank you,
Vlad


> -----Original Message-----
> From: www-font-request@w3.org [mailto:www-font-request@w3.org] On
> Behalf Of Christopher Slye
> Sent: Monday, December 20, 2010 3:12 AM
> To: John Daggett
> Cc: www-font@w3.org; public-i18n-core@w3.org
> Subject: Re: I18N-ISSUE-9: OpenType feature preservation [WOFF]
> 
> I'm sympathetic to the security concerns, but nevertheless I do think
> such an advisory is relevant to WOFF. One of the stated features of
> WOFF is to give user agents the ability to selectively access font
> tables. It would be worthwhile to point out that some OT tables, while
> optional, might be important for layout and should not be disregarded
> capriciously.
> 
> -Christopher
> 
> 
> On Dec 18, 2010, at 2:02 PM, John Daggett wrote:
> 
> >
> > Hi Richard,
> >
> > This is not an issue for the WOFF spec, which deals with packaging
> font data.  This issue is more directed at the CSS3 Fonts spec which
> governs the loading of fonts in user agents.  The WOFF spec refers to
> that spec.  A note in the CSS3 Fonts spec would be fine I think.
> >
> > I would also add that this issue is related to security, the user
> agent (Chrome) you're concerned about is not doing this for arbitrary
> reasons, those tables are removed because of concerns over the
> possibility of exploits in system libraries on various platforms.  As
> the libraries that do OpenType shaping (HarfBuzz, Uniscribe, CoreText)
> become more robust, the need to shield the underlying OS libraries from
> arbitrary GPOS/GDEF/GSUB tables will diminish.  Unfortunately, security
> concerns will always trump other concerns.
> >
> > Regards,
> >
> > John Daggett
> >
> >
> > ----- Original Message -----
> > From: "Internationalization Core Working Group Issue Tracker"
> <sysbot+tracker@w3.org>
> > To: www-font@w3.org, public-i18n-core@w3.org
> > Sent: Thursday, December 16, 2010 4:18:48 AM
> > Subject: I18N-ISSUE-9: OpenType feature preservation [WOFF]
> >
> >
> > I18N-ISSUE-9: OpenType feature preservation [WOFF]
> >
> > http://www.w3.org/International/track/issues/9
> >
> > Raised by: Richard Ishida
> > On product: WOFF
> >
> > 5. Font Data Tables, Note
> > http://www.w3.org/TR/WOFF/#DataTables
> >
> > WG Reviewed: Yes
> >
> > We are concerned about implementers that are ignoring OpenType
> feature support. This advice falls outside the scope of the WOFF spec,
> but we think that adding to the note at the bottom of section 5 will be
> very useful in alerting people to this issue.
> >
> > We suggest to add some text saying something like this:
> >
> > "The automatic removal of OpenType features such as GPOS and GSUB
> information at any stage in the process of deploying a WOFF file is
> strongly discouraged. Many writing systems around the world rely on
> these features for very basic display of text in the script that they
> use."
> >
> >
> >
> >
> >
> 

Received on Monday, 20 December 2010 15:41:52 UTC