Embedded OpenType

From Wikipedia, the free encyclopedia
Embedded OpenType
Filename extension
Internet media type
Type of formatoutline font

Embedded OpenType (EOT) fonts are a compact form of OpenType fonts designed by Microsoft for use as embedded fonts on web pages. These files use the extension .eot. They are supported only by Microsoft Internet Explorer, as opposed to competing WOFF files.


EOT font files can be created from existing TrueType font files using Microsoft's Web Embedding Fonts Tool (WEFT), and other proprietary and open source software (see “External links” below).

The font files are made small in size by use of subsetting (only including the needed characters), and by data compression (LZ compression, part of Agfa's MicroType Express). Like OTF fonts, EOT supports both Postscript and TrueType outlines for the glyphs.[1]

Simply including fonts in webpages might lead to unrestricted copying of copyrighted font files. Embedded OpenType includes features to discourage copying. Subsetting reduces the value of copying, as subsetted fonts will typically omit more than half of the characters. Other copy protection measures used are encryption and a list of "trusted roots" at the source end, and a proprietary decrypting library at the receiving end.

If the embedded font is not available to the web page for any reason (missing font file, wrong keys in the file, non-support by the web browser), then the second-choice font specification is used, ensuring that the page should be readable even without the intended font.

Embedded OpenType is a proprietary standard supported exclusively by Internet Explorer but was submitted to the W3C in 2007 as part of CSS3, which was rejected and resubmitted as a standalone submission March 18, 2008. The W3C team comment on the submission states that the "W3C plans to submit a proposal to the W3C members for a working group whose goal is to try and develop EOT into a W3C Recommendation." However, the W3C ultimately chose a different web font format (WOFF) as a W3C Recommendation.[2] The support for the format has not been built into the Microsoft Edge, the successor to the Internet Explorer.

Web Embedding Fonts Tool[edit]

The Web Embedding Fonts Tool, or WEFT, is Microsoft's utility for generating embeddable web fonts.

WEFT is used by webmasters to create 'font objects' that are linked to their web pages so that users using Microsoft's Internet Explorer web browser will see the pages displayed in the font style contained within the font object.

WEFT scans the HTML document file(s), the TrueType font file(s), and some additional parameters. It adjusts the HTML files and creates Embedded OpenType files for inclusion on the web site. These files usually use the extension '.eot'.

WEFT can embed most fonts, but it will not embed fonts that have been designated as 'no embedding' fonts by their designers. WEFT may reject other fonts because problems have been identified.

In the past, embedded fonts were widely used to generate non-English-language websites.

As of January 2015, the most recent version of the tool (WEFT 3.2) was released on 25 February 2003. As of 2019, the tool is no longer offered by Microsoft for download.

An open source alternative is 'ttf2eot'.

Microsoft PowerPoint 2007 and 2010 also generate .eot files with the '.fntdata' [1] extension when fonts are selected to be embedded in a presentation by the PowerPoint client application. These .eot files can be extracted from the '.pptx' file and used directly on web pages.

Security issues[edit]

Critical security update for Windows Vista KB969947 resolves several security issues that "could allow remote code execution if a user viewed content rendered in a specially crafted Embedded OpenType (EOT) font". Such fonts could be embedded in Web sites, including those that host user-provided content.[3]

See also[edit]


  1. ^ "The Typekit Blog | Type rendering: Font outlines and file formats".
  2. ^ Web Fonts - W3C
  3. ^ "Microsoft Security Bulletin MS09-065 – Critical Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (969947)". Microsoft. 2009-11-10.

External links[edit]