Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

There's a whole, let's say, scripting engine that lets the font decide which glyph is going to be used that goes way further than just simple ligature substitution. People have even implemented "games" as fonts this way: https://www.coderelay.io/fontemon.html


If anyone is interested I wrote a blog post about how I made fontemon and which type features I used: https://github.com/mmulet/code-relay/blob/main/markdown/HowI...


Have there been any high profile exploits of these font scripting engines?

I guess that must be where stuff like

https://arstechnica.com/information-technology/2015/05/bewar...

comes from.

It seems quite risky, I’m used to not downloading and executing shady programs, but downloading and executing… characters… is hard to avoid.


Windows had some security issues in the past. It has a font rendering engine in the kernel.


Great link, I'm impressed by the sort of animations that they were able to fit into a font.


> Implementation for a seemingly simple logic is surprisingly powerful

hmm.


Well, that's surprisingly addictive.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: