[Webkit-unassigned] [Bug 31106] Sanitize web fonts using the OTS library
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Nov 9 18:35:39 PST 2009
https://bugs.webkit.org/show_bug.cgi?id=31106
John Daggett <jdaggett at mozilla.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |bdakin at apple.com
--- Comment #41 from John Daggett <jdaggett at mozilla.com> 2009-11-09 18:35:37 PDT ---
(In reply to comment #40)
> Yes, the OTS library currently does not support GPOS/GSUB/morx tables. However,
> "does not support" means that OTS does not parse these tables, does not put
> them on a reconstructed font. As a result, attackers are not able to abuse
> these tables.
This means that fonts for any language that requires shaping (Arabic, Hindi,
etc.) will effectively be neutered by the sanitize process. Also looks like
this effectively disables kerning, a recently added feature:
https://bugs.webkit.org/show_bug.cgi?id=6136
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list