(file created 2013-01-03; last updated 2013-01-03) Type name: application Subtype name: font-woff Required parameters: None. Optional parameters: None. Encoding considerations: binary. Security considerations: Fonts are interpreted data structures that represent collections of glyph outlines, metrics and layout information for various languages and writing systems. Currently, there are many standardized font data tables that allow an unspecified number of entries, and where existing, predefined data fields allow storage of binary data with variable length. There is a significant risk that the flexibility of font data structures may be exploited to hide malicious binary content disguised as a font data component. WOFF is based on the table-based SFNT (scalable font) format which is highly extensible and offers an opportunity to introduce additional data structures when needed. However, this same extensibility may present specific security concerns – the flexibility and ease of defining new data structures makes it easy for any arbitrary data to be added and hidden inside a font file. WOFF fonts may contain 'hints' for the alignment of graphical elements of the glyphs with the target display pixel grid, and depending on the font technology utilized in the creation of a font these hints may represent active code interpreted and executed by the font rasterizer. Even though they operate within the confines of the glyph outline conversion system and have no access outside the font rendering machinery, hint instructions can be, however, quite complex, and a maliciously designed complex font could cause undue resource consumption (e.g. memory or CPU cycles) on a machine interpreting it. Indeed, fonts are sufficiently complex that most if not all interpreters cannot be completely protected from malicious fonts without undue performance penalties. Widespread use of fonts as necessary component of visual content presentation warrants that a careful attention should be given to security considerations whenever a font is either embedded into an electronic document or transmitted alongside media content as a linked resource. WOFF uses gzip compression. The WOFF header contains the uncompressed length of each compressed table. Applications may therefore constrain the size of memory buffer allocated for decompression and may stop writing if a maliciously crafted WOFF file in fact contains more data than is indicated. WOFF does not provide privacy protections internally; if needed, these should be provided externally. WOFF has a private data block facility, which may contain arbitrary binary data. WOFF does not provide a means to access this, or to execute any code contained therein. WOFF requires that the content of this block not affect font rendering in any way. Interoperability considerations: Published specification: This media type registration is extracted from the WOFF specification at W3C. http://www.w3.org/TR/WOFF Applications that use this media type: WOFF is used by Web browsers, often in conjunction with HTML and CSS. Additional information: Magic number(s): The signature field in the WOFF header MUST contain the "magic number" 0x774F4646 File extension(s): woff Macintosh file type code(s): (no code specified) Macintosh Universal Type Identifier code: org.w3c.woff Fragment Identifiers none. Person & email address to contact for further information: Chris Lilley (www-font&w3.org). Intended usage: COMMON Restrictions on usage: None Author: The WOFF specification is a work product of the World Wide Web Consortium's WebFonts Working Group. Change controller: The W3C has change control over this specification.