Project: chromium Issues People Development process History Sign in
New issue
Advanced search Search tips
Issue 17818 Enabled dynamic / web font support in a secure manner
Starred by 48 users Project Member Reported by js...@chromium.org, Jul 27, 2009 Back to list
Status: Fixed
Owner: yusukes@chromium.org
Closed: Dec 2009
Cc: takuya+legacy@google.com, js...@chromium.org, dhw@chromium.org, agl@chromium.org
Components:
OS: All
Pri: 2
Type: Bug
M-5

Restricted
  • Only users with EditIssue permission may comment.


Sign in to add a comment
In issue 1303, web / dynamic font was enabled, but was disabled by default 
(unless the command line options --enable-remote-font is used) in issue 9633. 

There's a work going on to enable web / dynamic font support again with a 
security issue taken care of. Takuya, can you assign this to the engineer 
working on this?  

I couldn't find a bug on this (re-enabling web/dynamic font in a secure 
manner). If there's one filed already, please dupe this away. Thanks !


 
Comment 1 by js...@chromium.org, Jul 27, 2009
Summary: Enabled dynamic / web font support in a secure manner (was: NULL)
Comment 2 by js...@chromium.org, Jul 27, 2009
Issue 15694 has been merged into this issue.
Comment 3 by js...@chromium.org, Jul 27, 2009
Issue 17418 has been merged into this issue.
Comment 4 by js...@chromium.org, Jul 27, 2009
Issue 17776 has been merged into this issue.
Comment 5 by yusukes@chromium.org, Jul 27, 2009
Comment 6 by yusukes@chromium.org, Jul 27, 2009
Comment 7 by yusukes@chromium.org, Jul 27, 2009
Status: Started
The review is in progress on the internal rietveld: issue 1092002 and 1090032.

I also filed two related issues:
- Issue 18490 (dynamic font is not supported on Linux)
- Issue 18494 (dynamic font is not supported on Mac)
Comment 9 by yusukes@chromium.org, Aug 13, 2009
Issue 19136 has been merged into this issue.
Comment 10 by dhw@chromium.org, Sep 23, 2009
Issue 22752 has been merged into this issue.
Will this be fixed in time for 4.0?
Comment 12 by karen@chromium.org, Oct 19, 2009
Labels: Mstone-4
Yes, we are trying to make it in 4.0.
Please see Web Fonts part in http://dev.chromium.org/developers/web-platform-status for 
the updates.
http://code.google.com/p/ots/ (The sanitiser library - now public)
http://codereview.chromium.org/363001 (DEPS/GYP changes to pull the library)
http://codereview.chromium.org/165236 (introduce --disable-remote-font flag)

I'll file a WebKit bug to start WebCore/platform/graphics/{chromium,mac} reviews.

https://bugs.webkit.org/show_bug.cgi?id=31106
Will attach patches shortly.

Comment 16 by bugdro...@gmail.com, Nov 13, 2009
The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=31878 

------------------------------------------------------------------------
r31878 | yusukes@google.com | 2009-11-12 18:15:59 -0800 (Thu, 12 Nov 2009) | 7 lines
Changed paths:
   M http://src.chromium.org/viewvc/chrome/trunk/src/DEPS?r1=31878&r2=31877
   M http://src.chromium.org/viewvc/chrome/trunk/src/build/all.gyp?r1=31878&r2=31877
   M http://src.chromium.org/viewvc/chrome/trunk/src/build/features_override.gypi?r1=31878&r2=31877

Pull the OpenType sanitiser library from code.google.com/ots/, as per our discussion on the (internal) group. 

Review URL: http://codereview.chromium.org/363001

BUG= 17818 
TEST=none 

------------------------------------------------------------------------

Comment 17 by bugdro...@gmail.com, Nov 13, 2009
The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=31895 

------------------------------------------------------------------------
r31895 | yusukes@google.com | 2009-11-13 00:59:29 -0800 (Fri, 13 Nov 2009) | 7 lines
Changed paths:
   M http://src.chromium.org/viewvc/chrome/trunk/src/DEPS?r1=31895&r2=31894

Update OTS from r4 (initial commit) to r10 (reviewed revision).
http://code.google.com/p/ots/source/detail?r=10

BUG= 17818 
TEST=none

Review URL: http://codereview.chromium.org/387045
------------------------------------------------------------------------

Comment 18 by bugdro...@gmail.com, Nov 18, 2009
The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=32300 

------------------------------------------------------------------------
r32300 | mal@chromium.org | 2009-11-17 23:00:19 -0800 (Tue, 17 Nov 2009) | 9 lines
Changed paths:
   M http://src.chromium.org/viewvc/chrome/branches/249/src/chrome/browser/tab_contents/render_view_host_delegate_helper.cc?r1=32300&r2=32299
   M http://src.chromium.org/viewvc/chrome/branches/249/src/chrome/common/chrome_switches.cc?r1=32300&r2=32299
   M http://src.chromium.org/viewvc/chrome/branches/249/src/chrome/common/chrome_switches.h?r1=32300&r2=32299
   M http://src.chromium.org/viewvc/chrome/branches/249/src/webkit/glue/webpreferences.h?r1=32300&r2=32299

For the 249 branch:

Enable remote fonts by default. This change introduces --disable-remote-fonts flag and obsoletes --enable-remote-fonts. 

TBR= yusukes
BUG= 17818 
TEST=(1) Start chromium WITHOUT --disable-remote-fonts. Visit http://www.alistapart.com/d/cssatten/poen.html . Verify that the page is rendered using _remote_ fonts (reference image: http://www.alistapart.com/d/cssatten/poen.png ) / (2) Start chromium WITH --disable-remote-fonts. Visit http://www.alistapart.com/d/cssatten/poen.html . Verify that the page is rendered using _local_ fonts 

Review URL: http://codereview.chromium.org/397038
------------------------------------------------------------------------

Comment 19 by bugdro...@gmail.com, Nov 18, 2009
The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=32301 

------------------------------------------------------------------------
r32301 | mal@chromium.org | 2009-11-17 23:00:37 -0800 (Tue, 17 Nov 2009) | 13 lines
Changed paths:
   M http://src.chromium.org/viewvc/chrome/branches/WebKit/249/WebCore/WebCore.gyp/WebCore.gyp?r1=32301&r2=32300
   M http://src.chromium.org/viewvc/chrome/branches/WebKit/249/WebCore/WebCore.gypi?r1=32301&r2=32300
   M http://src.chromium.org/viewvc/chrome/branches/WebKit/249/WebCore/platform/graphics/chromium/FontCustomPlatformData.cpp?r1=32301&r2=32300
   M http://src.chromium.org/viewvc/chrome/branches/WebKit/249/WebCore/platform/graphics/mac/FontCustomPlatformData.cpp?r1=32301&r2=32300

For the 249 branch:

Add support for OpenType sanitiser (OTS). It parses OpenType files (from @font-face)
and attempts to validate and sanitise them. We hope this reduces the attack surface
of the system font libraries.

This change is for Chromium 4.0 branch. Upstream patch for WebKit trunk will be
submitted soon: https://bugs.webkit.org/show_bug.cgi?id=31106

BUG= 17818 
TEST=none
TBR= yusukes
Review URL: http://codereview.chromium.org/399062
------------------------------------------------------------------------

Comment 20 by yusukes@chromium.org, Nov 18, 2009
Labels: -Size-Medium -Mstone-4 Mstone-5
Status: Upstream
All @font-face related patches have been submitted *** to the 4.0 branch. ***

Since one WebKit patch is not submitted to the WebKit trunk yet (see WebKit bug 
31106, we're waiting for a response from Apple), the status of this bug can't be 
changed to Fixed. Changing the Mstone-4 label to -5 instead.


Comment 21 by bugdro...@gmail.com, Nov 19, 2009
The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=31878 

------------------------------------------------------------------------
r31878 | yusukes@google.com | 2009-11-12 18:15:59 -0800 (Thu, 12 Nov 2009) | 7 lines
Changed paths:
   M http://src.chromium.org/viewvc/chrome/trunk/src/DEPS?r1=31878&r2=31877
   M http://src.chromium.org/viewvc/chrome/trunk/src/build/all.gyp?r1=31878&r2=31877
   M http://src.chromium.org/viewvc/chrome/trunk/src/build/features_override.gypi?r1=31878&r2=31877

Pull the OpenType sanitiser library from code.google.com/ots/, as per our discussion on the (internal) group. 

Review URL: http://codereview.chromium.org/363001

BUG= 17818 
TEST=none 

------------------------------------------------------------------------

Comment 22 by bugdro...@gmail.com, Nov 19, 2009
The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=31895 

------------------------------------------------------------------------
r31895 | yusukes@google.com | 2009-11-13 00:59:29 -0800 (Fri, 13 Nov 2009) | 7 lines
Changed paths:
   M http://src.chromium.org/viewvc/chrome/trunk/src/DEPS?r1=31895&r2=31894

Update OTS from r4 (initial commit) to r10 (reviewed revision).
http://code.google.com/p/ots/source/detail?r=10

BUG= 17818 
TEST=none

Review URL: http://codereview.chromium.org/387045
------------------------------------------------------------------------

Comment 23 by bugdro...@gmail.com, Nov 19, 2009
The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=32300 

------------------------------------------------------------------------
r32300 | mal@chromium.org | 2009-11-17 23:00:19 -0800 (Tue, 17 Nov 2009) | 9 lines
Changed paths:
   M http://src.chromium.org/viewvc/chrome/branches/249/src/chrome/browser/tab_contents/render_view_host_delegate_helper.cc?r1=32300&r2=32299
   M http://src.chromium.org/viewvc/chrome/branches/249/src/chrome/common/chrome_switches.cc?r1=32300&r2=32299
   M http://src.chromium.org/viewvc/chrome/branches/249/src/chrome/common/chrome_switches.h?r1=32300&r2=32299
   M http://src.chromium.org/viewvc/chrome/branches/249/src/webkit/glue/webpreferences.h?r1=32300&r2=32299

For the 249 branch:

Enable remote fonts by default. This change introduces --disable-remote-fonts flag and obsoletes --enable-remote-fonts. 

TBR= yusukes
BUG= 17818 
TEST=(1) Start chromium WITHOUT --disable-remote-fonts. Visit http://www.alistapart.com/d/cssatten/poen.html . Verify that the page is rendered using _remote_ fonts (reference image: http://www.alistapart.com/d/cssatten/poen.png ) / (2) Start chromium WITH --disable-remote-fonts. Visit http://www.alistapart.com/d/cssatten/poen.html . Verify that the page is rendered using _local_ fonts 

Review URL: http://codereview.chromium.org/397038
------------------------------------------------------------------------

Comment 24 by bugdro...@gmail.com, Nov 19, 2009
The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=32301 

------------------------------------------------------------------------
r32301 | mal@chromium.org | 2009-11-17 23:00:37 -0800 (Tue, 17 Nov 2009) | 13 lines
Changed paths:
   M http://src.chromium.org/viewvc/chrome/branches/WebKit/249/WebCore/WebCore.gyp/WebCore.gyp?r1=32301&r2=32300
   M http://src.chromium.org/viewvc/chrome/branches/WebKit/249/WebCore/WebCore.gypi?r1=32301&r2=32300
   M http://src.chromium.org/viewvc/chrome/branches/WebKit/249/WebCore/platform/graphics/chromium/FontCustomPlatformData.cpp?r1=32301&r2=32300
   M http://src.chromium.org/viewvc/chrome/branches/WebKit/249/WebCore/platform/graphics/mac/FontCustomPlatformData.cpp?r1=32301&r2=32300

For the 249 branch:

Add support for OpenType sanitiser (OTS). It parses OpenType files (from @font-face)
and attempts to validate and sanitise them. We hope this reduces the attack surface
of the system font libraries.

This change is for Chromium 4.0 branch. Upstream patch for WebKit trunk will be
submitted soon: https://bugs.webkit.org/show_bug.cgi?id=31106

BUG= 17818 
TEST=none
TBR= yusukes
Review URL: http://codereview.chromium.org/399062
------------------------------------------------------------------------

Comment 25 by dhw@chromium.org, Nov 23, 2009
Issue 28472 has been merged into this issue.
Comment 26 by yusukes@chromium.org, Nov 23, 2009
I've filed a related issue:
http://code.google.com/p/chromium/issues/detail?id=28567

The issue 28567 has been fixed on WebKit tree. Then let me merge the change to the 
249 branch, since the @font-face feature might look unstable without the fix. Please note that the fix (http://trac.webkit.org/changeset/51605) is pretty small 
(1-byte change) and safe. It affects WebFonts loading path only.

The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=33662 

------------------------------------------------------------------------
r33662 | yusukes@google.com | 2009-12-02 19:38:18 -0800 (Wed, 02 Dec 2009) | 16 lines
Changed paths:
   M http://src.chromium.org/viewvc/chrome/branches/WebKit/249/WebCore/platform/graphics/opentype/OpenTypeUtilities.cpp?r1=33662&r2=33661

Merge 51605 - 20091202  Yusuke Sato  <yusukes@chromium.org>

        Reviewed by Dan Bernstein.

        Safari/Chromium for Windows fails to load CJK WebFonts
        https://bugs.webkit.org/show_bug.cgi?id=31804

        * platform/graphics/opentype/OpenTypeUtilities.cpp:
        (WebCore::renameAndActivateFont): Load a remote font even if the font has 2 or more faces.

BUG= 17818 
BUG= 28567 
TEST=see crbug.com/28567
TBR=eric@webkit.org

Review URL: http://codereview.chromium.org/464014
------------------------------------------------------------------------

Status: Fixed
> Since one WebKit patch is not submitted to the WebKit trunk yet (see WebKit bug 
> 31106, we're waiting for a response from Apple), the status of this bug can't be 
> changed to Fixed. Changing the Mstone-4 label to -5 instead.

Landed. http://trac.webkit.org/changeset/51623

The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=33800 

------------------------------------------------------------------------
r33800 | yusukes@google.com | 2009-12-03 22:34:46 -0800 (Thu, 03 Dec 2009) | 6 lines
Changed paths:
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/tab_contents/render_view_host_delegate_helper.cc?r1=33800&r2=33799
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/common/chrome_switches.cc?r1=33800&r2=33799
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/common/chrome_switches.h?r1=33800&r2=33799
   M http://src.chromium.org/viewvc/chrome/trunk/src/webkit/glue/webpreferences.h?r1=33800&r2=33799

Enable remote fonts by default. This change introduces --disable-remote-fonts flag and obsoletes --enable-remote-fonts.

BUG= 17818 
TEST=(1) Start chromium WITHOUT --disable-remote-fonts. Visit http://www.alistapart.com/d/cssatten/poen.html . Verify that the page is rendered using _remote_ fonts (reference image: http://www.alistapart.com/d/cssatten/poen.png ) / (2) Start chromium WITH --disable-remote-fonts. Visit http://www.alistapart.com/d/cssatten/poen.html . Verify that the page is rendered using _local_ fonts 

Review URL: http://codereview.chromium.org/165236
------------------------------------------------------------------------

Project Member Comment 31 by bugdroid1@chromium.org, Oct 12, 2012
Labels: Restrict-AddIssueComment-Commit
This issue has been closed for some time. No one will pay attention to new comments.
If you are seeing this bug or have new data, please click New Issue to start a new bug.
Project Member Comment 32 by bugdroid1@chromium.org, Mar 10, 2013
Labels: -Area-WebKit -Mstone-5 M-5 Cr-Content
Project Member Comment 33 by bugdroid1@chromium.org, Mar 13, 2013
Labels: -Restrict-AddIssueComment-Commit Restrict-AddIssueComment-EditIssue
Project Member Comment 34 by bugdroid1@chromium.org, Apr 6, 2013
Labels: -Cr-Content Cr-Blink
Sign in to add a comment