Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: d8412a5c254e327317b095389fba0eaaaa6664c5
https://github.com/WebKit/WebKit/commit/d8412a5c254e327317b095389fba0eaaaa6664c5
Author: Ahmad Saleem <[email protected]>
Date: 2026-05-08 (Fri, 08 May 2026)
Changed paths:
M LayoutTests/TestExpectations
M
LayoutTests/imported/w3c/web-platform-tests/css/css-font-loading/font-face-reject-expected.txt
M LayoutTests/platform/glib/fast/css/font-face-multiple-faces-expected.txt
M Source/WebCore/css/CSSFontFace.cpp
Log Message:
-----------
[CSS Font Loading] FontFace.loaded promise never rejects for failed local()
font sources
https://bugs.webkit.org/show_bug.cgi?id=312121
rdar://174631384
Reviewed by Vitor Roriz and Brent Fulgham.
This patch aligns WebKit with Gecko / Firefox and Blink / Chromium.
In CSSFontFace::pump(), local() sources in the src descriptor of a
@font-face rule (as opposed to url() sources, including url() pointing
at a local file path) are correctly loaded even with Forbid download
policy, since they resolve against installed system fonts and don't
require external resources. However, the CSSFontFace status transition
from Pending to Loading was guarded by policy == Allow, so with Forbid
policy the status stayed Pending even after all local() sources failed
synchronously.
This meant fontStateChanged was never called with Failure, so the
FontFace.loaded promise never rejected. The font face was then skipped
entirely in CSSSegmentedFontFace::fontRanges() and never retried with
Allow policy, causing the promise to hang forever.
Note that ExternalResourceDownloadPolicy is a rendering-pipeline concern
(don't start network downloads mid-layout), not a security policy.
local() sources in the src descriptor are intentionally exempt because
they resolve against fonts already installed on the user's device. The
actual security gate for font loading is downloadableBinaryFontTrustedTypes,
checked at source-population time in appendSources(), which is unaffected
by this change. Hence, it does not impact anything related to Lockdown Mode.
The fix removes the redundant policy check in the inner conditional,
since the outer conditional already guards with the same condition.
This allows the Pending to Loading status transition for local() sources
regardless of download policy. (Thanks to Brent for highlighting)
* LayoutTests/TestExpectations: Unskip Test
*
LayoutTests/imported/w3c/web-platform-tests/css/css-font-loading/font-face-reject-expected.txt:
Progression
* Source/WebCore/css/CSSFontFace.cpp:
(WebCore::CSSFontFace::pump):
> Rebaseline (Platform Specific Expectation):
* LayoutTests/platform/glib/fast/css/font-face-multiple-faces-expected.txt:
Matches Chrome and Firefox now (also matching Safari on macOS now)
Canonical link: https://commits.webkit.org/312933@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
