RESOLVED FIXED 190195
User installed fonts are not always disabled when they should be 
https://bugs.webkit.org/show_bug.cgi?id=190195
Summary User installed fonts are not always disabled when they should be
Antti Koivisto
Reported 2018-10-02 04:58:06 PDT
SVG images and some theme cases fail to respect the setting.
Attachments
patch (3.42 KB, patch)
2018-10-02 05:24 PDT, Antti Koivisto 		no flags
DetailsFormatted DiffDiff
patch (3.42 KB, patch)
2018-10-02 05:27 PDT, Antti Koivisto 		mmaxfield: review-
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Antti Koivisto
Comment 1 2018-10-02 05:24:49 PDT
Created attachment 351372 [details] patch
Antti Koivisto
Comment 2 2018-10-02 05:27:14 PDT
Created attachment 351373 [details] patch
Geoffrey Garen
Comment 3 2018-10-02 10:24:54 PDT
Comment on attachment 351373 [details] patch r=me
WebKit Commit Bot
Comment 4 2018-10-02 10:57:50 PDT
Comment on attachment 351373 [details] patch Clearing flags on attachment: 351373 Committed r236753: <https://trac.webkit.org/changeset/236753>
WebKit Commit Bot
Comment 5 2018-10-02 10:57:51 PDT
All reviewed patches have been landed. Closing bug.
Radar WebKit Bug Importer
Comment 6 2018-10-02 10:58:26 PDT
<rdar://problem/44944369>
Myles C. Maxfield
Comment 7 2018-10-02 11:31:45 PDT
Comment on attachment 351373 [details] patch View in context: https://bugs.webkit.org/attachment.cgi?id=351373&action=review > Source/WebCore/platform/graphics/FontDescription.cpp:83 > - , m_shouldAllowUserInstalledFonts(static_cast<unsigned>(AllowUserInstalledFonts::Yes)) > + , m_shouldAllowUserInstalledFonts(static_cast<unsigned>(AllowUserInstalledFonts::No)) The default setting for WKWebViews (and regular WebViews) is that user-installed fonts are allowed. Changing the default will cause tons of native apps to break.
Antti Koivisto
Comment 8 2018-10-02 11:39:07 PDT
> The default setting for WKWebViews (and regular WebViews) is that > user-installed fonts are allowed. Changing the default will cause tons of > native apps to break. This doesn't change any default settings. It only changes what happens when you construct a FontDescription and don't initialize allowUserInstalledFonts bit. All cases where this happens seemed to be places where enabling it was wrong.
Antti Koivisto
Comment 9 2018-10-02 11:59:04 PDT
Also all cases where we get this wrong is a potential fingerprinting vector so safe initialization is important here.
Myles C. Maxfield
Comment 10 2018-10-02 12:16:15 PDT
(In reply to Antti Koivisto from comment #9) > Also all cases where we get this wrong is a potential fingerprinting vector > so safe initialization is important here. False positives allow fingerprinting, but false negatives break native apps (which people have paid money for). We need to be sure this patch is correct.
Note You need to log in before you can comment on or make changes to this bug.