[HarfBuzz] Font sanitizing support in Harfbuzz
Behdad Esfahbod
behdad at behdad.org
Wed Oct 23 14:37:25 PDT 2013
On 13-10-22 10:04 PM, GD dev wrote:
> Hi All,
>
> Please correct me if I am wrong. My understanding is that harfbuzz internally
> does font sanitization to rule out malicious fonts.
Correct. It does just enough to make sure other harfbuzz routines can run
correctly on the font.
> Now, we have platform libs that would use harfbuzz but some might decide to do
> their own shaping, in which case, could they use harfbuzz just for font
> sanitization.
I don't mind exporting API for the sanitization part, but then again, we make
no guarantee that our sanitization suites any other piece of code's
requirements. It's really just about what our own code is happy about.
> Also, how does harfbuzz' font sanitization support compare to
> the one provided by "Sanitiser for OpenType" library from Chromium
> (https://code.google.com/p/ots/wiki/DesignDoc).
Not really. We don't adhere to any standards. We just clean up the tables
enough to be sure that nothing bad happens when *our* code is run on the font.
--
behdad
http://behdad.org/
More information about the HarfBuzz
mailing list