[Webkit-unassigned] [Bug 31106] [Chromium] handle web fonts in a secure manner
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Nov 5 11:25:16 PST 2009
https://bugs.webkit.org/show_bug.cgi?id=31106
--- Comment #12 from Adam Langley <agl at chromium.org> 2009-11-05 11:25:13 PDT ---
(From update of attachment 42543)
LGTM. (I am not a WebKit reviewer. You need a real review also.)
> + handle web fonts in a secure manner
This ChangeLog entry should be more descriptive:
Add support for OpenType Sanitiser (OTS). This is experimental code that is
Chromium only for the moment. It parses OpenType files (from @font-face) and
attempts to validate and sanitise them. We hope this reduces the attack surface
of the system font libraries.
> + // This is the largest web font size which we'll try to transcode.
> + static const size_t maxWebFontSize = 30 * 1024 * 1024; // 30 MB
This is pretty huge, but looking around it does seem that some fonts are nearly
this large!
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list