Comment by stgiga
7 months ago
WebAssembly in fonts doesn't sound very secure, coming from someone who is certified in cybersecurity and has spent years doing font stuff.
7 months ago
WebAssembly in fonts doesn't sound very secure, coming from someone who is certified in cybersecurity and has spent years doing font stuff.
Yes, that's the general consensus in the comments. It doesn't even sound safe to me and I'm not a full security pro. But OP did it as a PoC/for fun. It's okay to have fun still.
It's not what OP did that isn't safe, it's the mechanism that he used in HarfBuzz.
Sorry for not disclosing everything that could go wrong, but you seemed to have missed my point while trying to be exact.
3 replies →
But probably much better than custom VM like TrueType bytecodes or embedded PostScript...