Why does iPhone/iPad/iTouch only supports SVG @font-face, and not TTF or WOFF?

Does anyone know why iPhone/iPad/iTouch only supports SVG @font-face implementation, and not TTF or WOFF? Seems strange to me since Apple® Safari® (Webkit) supports TTF from version 3.1 and later. Thanks!

blank's picture

Because thousands of iPhone users downloading fonts in addition to the rest of web content would finally push AT&T’s entire network into a catastrophic hardware meltdown.

Chris Roberts's picture

LOL! NetFlix has already got that one figured out.

Si_Daniels's picture

My guess would be to remove a possible attack vector and limit the attack surface area for malicious Web content.

jdaggett's picture

Which was my guess except that Apple has enabled PDF viewing in iOS 4, so unless they've disabled embedded PDF fonts the same attack vector is available.

Chris Roberts's picture

I was thinking the same Simon. I suspect that they are not intentionally adding this limitation to @font-face, but rather just blocking the download of TTF file type globally on the device.

Mark Simonson's picture

You don't need iOS 4 to view PDFs on an iPad. It can already do that. All they've done is added PDFs as a content source to iBooks in the next version.

You can view PDFs in all sorts of ways--Mail, Safari, special reader apps, etc. If there are fonts embedded in a PDF, they are displayed. Same with the iPhone going all the way back to the first one.

My guess as to why they haven't enabled @font-face for TTF and OTF: to reduce the amount of data needed for downloading a web page, both for speed and to conserve the limited amount of RAM in the devices.

Si_Daniels's picture

>Which was my guess except that Apple has enabled PDF viewing in iOS 4, so unless they've disabled embedded PDF fonts the same attack vector is available.

Probably right, but they've had years to "harden" their PDF viewer against this type of attack (perhaps is uses a standalone rasterizer too?) but they are relative newcomers to the web-delivered-font attack vector.

Mark may have something - they are obsessive about Safari performance esp. on these devices.

Richard Fink's picture

@mark, sii, and all:

My guess as to why they haven't enabled @font-face for TTF and OTF: to reduce the amount of data needed for downloading a web page, both for speed and to conserve the limited amount of RAM in the devices.

All the more reason for them to add a compressed format like WOFF at the earliest.
But, conservation as motivation doesn't make a lot of sense to me in that SVG data is bloated compared to the equivalent data sent as an OTF or TTF. And since the Apple rasterizer throws away the TrueType hints, the most sensical thing would have been for them to, at least, have allowed OTF CFF files if file size was the concern.

I think the decision was more akin to a coin toss.

Si_Daniels's picture

Resurrecting this thread - it's funny how fonts ended up being the iPhone attack-vector getting all the press and how I over-estimated Apple's security "they've had years to "harden" their PDF viewer against this type of attack" oops, oh well. Goes to prove even I'm not immune. 

dberlow's picture

Lucky us.

Cheers!

Si_Daniels's picture

>Lucky us.

Says the Palm Pre user

dberlow's picture

>Says the Palm Pre user

Not I, said the iPhoner, (who has yet to come across a pdf in 3 years of iPhone use). I meant how lucky we are that you, MSNBC and people who normally write about MS issues (and Richard) are watching over us to prevent this vicious attack vector from disturbing our computing... and how lucky we are to have WOFF that would never allow such a thing to be possible.

Cheers!

Si_Daniels's picture

>Says the Palm Pre user

>>Not I, said the iPhoner,

Better fonts.

Richard Fink's picture

Here's an amusing font attack vector for IE:

1) Take a weird looking font. The weirder the better.
2) Rename it "inherit"
3) Install it in Windows
4) Go to wachovia.com (and many other sites, too. It's just a matter of time)

See you in LA!

blank's picture

2) Rename it "inherit"

BWAHAHAHAHHAHA!

Syndicate content Syndicate content