[tor-commits] [tor-browser] 01/74: Bug 41116: Normalize system fonts.
gitolite role
git at cupani.torproject.org
Thu Oct 27 21:21:06 UTC 2022
This is an automated email from the git hooks/post-receive script.
richard pushed a commit to branch tor-browser-102.4.0esr-12.0-2
in repository tor-browser.
commit 8d85e2ff55481c7b8c90fd1989c8fb0d4706e5d2
Author: Pier Angelo Vendrame <pierov at torproject.org>
AuthorDate: Mon Sep 19 12:57:40 2022 +0200
Bug 41116: Normalize system fonts.
System fonts are an enormous fingerprinting vector.
Even with font allow lists and with our custom configuration on Linux,
which counter metrics measurements, getComputedStyle leaks several
details.
This patch counters both these kinds of attacks.
---
gfx/thebes/gfxPlatformFontList.cpp | 3 ++-
layout/base/nsLayoutUtils.cpp | 5 ++++-
widget/LookAndFeel.h | 4 +++-
widget/gtk/nsNativeThemeGTK.cpp | 8 ++++++--
widget/nsXPLookAndFeel.cpp | 18 +++++++++++++++---
widget/nsXPLookAndFeel.h | 3 ++-
6 files changed, 32 insertions(+), 9 deletions(-)
diff --git a/gfx/thebes/gfxPlatformFontList.cpp b/gfx/thebes/gfxPlatformFontList.cpp
index 37a095868031..1e03ca76b0fa 100644
--- a/gfx/thebes/gfxPlatformFontList.cpp
+++ b/gfx/thebes/gfxPlatformFontList.cpp
@@ -1901,7 +1901,8 @@ static void GetSystemUIFontFamilies([[maybe_unused]] nsAtom* aLangGroup,
nsFont systemFont;
gfxFontStyle fontStyle;
nsAutoString systemFontName;
- if (!LookAndFeel::GetFont(StyleSystemFont::Menu, systemFontName, fontStyle)) {
+ if (!LookAndFeel::GetFont(StyleSystemFont::Menu, systemFontName, fontStyle,
+ nsContentUtils::ShouldResistFingerprinting())) {
return;
}
systemFontName.Trim("\"'");
diff --git a/layout/base/nsLayoutUtils.cpp b/layout/base/nsLayoutUtils.cpp
index 4cae8e948de7..f2d023b0653d 100644
--- a/layout/base/nsLayoutUtils.cpp
+++ b/layout/base/nsLayoutUtils.cpp
@@ -9564,7 +9564,10 @@ void nsLayoutUtils::ComputeSystemFont(nsFont* aSystemFont,
const Document* aDocument) {
gfxFontStyle fontStyle;
nsAutoString systemFontName;
- if (!LookAndFeel::GetFont(aFontID, systemFontName, fontStyle)) {
+ const bool rfp = aDocument
+ ? nsContentUtils::ShouldResistFingerprinting(aDocument)
+ : nsContentUtils::ShouldResistFingerprinting();
+ if (!LookAndFeel::GetFont(aFontID, systemFontName, fontStyle, rfp)) {
return;
}
systemFontName.Trim("\"'");
diff --git a/widget/LookAndFeel.h b/widget/LookAndFeel.h
index 9fe38d632919..c62948673ad1 100644
--- a/widget/LookAndFeel.h
+++ b/widget/LookAndFeel.h
@@ -486,8 +486,10 @@ class LookAndFeel {
* @param aID Which system-theme font is wanted.
* @param aName The name of the font to use.
* @param aStyle Styling to apply to the font.
+ * @param aRFP Whether RFP is enabled in the caller's context
*/
- static bool GetFont(FontID aID, nsString& aName, gfxFontStyle& aStyle);
+ static bool GetFont(FontID aID, nsString& aName, gfxFontStyle& aStyle,
+ bool aRFP);
/**
* GetPasswordCharacter() returns a unicode character which should be used
diff --git a/widget/gtk/nsNativeThemeGTK.cpp b/widget/gtk/nsNativeThemeGTK.cpp
index 9072e95dcf05..304e7e44d25f 100644
--- a/widget/gtk/nsNativeThemeGTK.cpp
+++ b/widget/gtk/nsNativeThemeGTK.cpp
@@ -1369,11 +1369,15 @@ nsNativeThemeGTK::GetMinimumWidgetSize(nsPresContext* aPresContext,
// smaller than the default one. This prevents <input type=text
// style="font-size: .5em"> from keeping a ridiculously large size, for
// example.
- const gfxFloat fieldFontSizeInCSSPixels = [] {
+ const gfxFloat fieldFontSizeInCSSPixels = [aPresContext] {
+ const bool rfp = (aPresContext && aPresContext->Document())
+ ? nsContentUtils::ShouldResistFingerprinting(
+ aPresContext->Document())
+ : nsContentUtils::ShouldResistFingerprinting();
gfxFontStyle fieldFontStyle;
nsAutoString unusedFontName;
DebugOnly<bool> result = LookAndFeel::GetFont(
- LookAndFeel::FontID::MozField, unusedFontName, fieldFontStyle);
+ LookAndFeel::FontID::MozField, unusedFontName, fieldFontStyle, rfp);
MOZ_ASSERT(result, "GTK look and feel supports the field font");
// NOTE: GetFont returns font sizes in CSS pixels, and we want just
// that.
diff --git a/widget/nsXPLookAndFeel.cpp b/widget/nsXPLookAndFeel.cpp
index 3cc2c561dbc5..51901844ba62 100644
--- a/widget/nsXPLookAndFeel.cpp
+++ b/widget/nsXPLookAndFeel.cpp
@@ -999,7 +999,18 @@ widget::LookAndFeelFont nsXPLookAndFeel::StyleToLookAndFeelFont(
}
bool nsXPLookAndFeel::GetFontValue(FontID aID, nsString& aName,
- gfxFontStyle& aStyle) {
+ gfxFontStyle& aStyle, bool aRFP) {
+ if (aRFP) {
+#ifdef XP_MACOSX
+ aName = u"-apple-system"_ns;
+#else
+ aName = u"sans-serif"_ns;
+#endif
+ aStyle = gfxFontStyle();
+ aStyle.size = 12;
+ return true;
+ }
+
if (const LookAndFeelFont* cached = sFontCache.Get(aID)) {
return LookAndFeelFontToStyle(*cached, aName, aStyle);
}
@@ -1350,8 +1361,9 @@ nsresult LookAndFeel::GetFloat(FloatID aID, float* aResult) {
}
// static
-bool LookAndFeel::GetFont(FontID aID, nsString& aName, gfxFontStyle& aStyle) {
- return nsLookAndFeel::GetInstance()->GetFontValue(aID, aName, aStyle);
+bool LookAndFeel::GetFont(FontID aID, nsString& aName, gfxFontStyle& aStyle,
+ bool aRFP) {
+ return nsLookAndFeel::GetInstance()->GetFontValue(aID, aName, aStyle, aRFP);
}
// static
diff --git a/widget/nsXPLookAndFeel.h b/widget/nsXPLookAndFeel.h
index 3218c9c7bd02..35421e0e4fb4 100644
--- a/widget/nsXPLookAndFeel.h
+++ b/widget/nsXPLookAndFeel.h
@@ -40,7 +40,8 @@ class nsXPLookAndFeel : public mozilla::LookAndFeel {
nsresult GetFloatValue(FloatID aID, float& aResult);
// Same, but returns false if there is no platform-specific value.
// (There are no override prefs for font values.)
- bool GetFontValue(FontID aID, nsString& aName, gfxFontStyle& aStyle);
+ bool GetFontValue(FontID aID, nsString& aName, gfxFontStyle& aStyle,
+ bool aRFP);
virtual nsresult NativeGetInt(IntID aID, int32_t& aResult) = 0;
virtual nsresult NativeGetFloat(FloatID aID, float& aResult) = 0;
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
More information about the tor-commits
mailing list