Bug 190195 - User installed fonts are not always disabled when they should be
Summary: User installed fonts are not always disabled when they should be
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Text (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Nobody
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2018-10-02 04:58 PDT by Antti Koivisto
Modified: 2018-10-02 15:57 PDT (History)
6 users (show)

See Also:

Attachments
patch (3.42 KB, patch)
2018-10-02 05:24 PDT, Antti Koivisto 		no flags Details | Formatted Diff | Diff
patch (3.42 KB, patch)
2018-10-02 05:27 PDT, Antti Koivisto 		mmaxfield: review-
Details | Formatted Diff | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Antti Koivisto 2018-10-02 04:58:06 PDT 
SVG images and some theme cases fail to respect the setting.
Comment 1 Antti Koivisto 2018-10-02 05:24:49 PDT 
Created attachment 351372 [details]
patch
Comment 2 Antti Koivisto 2018-10-02 05:27:14 PDT 
Created attachment 351373 [details]
patch
Comment 3 Geoffrey Garen 2018-10-02 10:24:54 PDT 
Comment on attachment 351373 [details]
patch

r=me
Comment 4 WebKit Commit Bot 2018-10-02 10:57:50 PDT 
Comment on attachment 351373 [details]
patch

Clearing flags on attachment: 351373

Committed r236753: <https://trac.webkit.org/changeset/236753>
Comment 5 WebKit Commit Bot 2018-10-02 10:57:51 PDT 
All reviewed patches have been landed.  Closing bug.
Comment 6 Radar WebKit Bug Importer 2018-10-02 10:58:26 PDT 
<rdar://problem/44944369>
Comment 7 Myles C. Maxfield 2018-10-02 11:31:45 PDT 
Comment on attachment 351373 [details]
patch

View in context: https://bugs.webkit.org/attachment.cgi?id=351373&action=review

> Source/WebCore/platform/graphics/FontDescription.cpp:83
> -    , m_shouldAllowUserInstalledFonts(static_cast<unsigned>(AllowUserInstalledFonts::Yes))
> +    , m_shouldAllowUserInstalledFonts(static_cast<unsigned>(AllowUserInstalledFonts::No))

The default setting for WKWebViews (and regular WebViews) is that user-installed fonts are allowed. Changing the default will cause tons of native apps to break.
Comment 8 Antti Koivisto 2018-10-02 11:39:07 PDT 
> The default setting for WKWebViews (and regular WebViews) is that
> user-installed fonts are allowed. Changing the default will cause tons of
> native apps to break.

This doesn't change any default settings. It only changes what happens when you construct a FontDescription and don't initialize allowUserInstalledFonts bit. All cases where this happens seemed to be places where enabling it was wrong.
Comment 9 Antti Koivisto 2018-10-02 11:59:04 PDT 
Also all cases where we get this wrong is a potential fingerprinting vector so safe initialization is important here.
Comment 10 Myles C. Maxfield 2018-10-02 12:16:15 PDT 
(In reply to Antti Koivisto from comment #9)
> Also all cases where we get this wrong is a potential fingerprinting vector
> so safe initialization is important here.

False positives allow fingerprinting, but false negatives break native apps (which people have paid money for). We need to be sure this patch is correct.