Thursday, April 20, 2023

April patch set for TenFourFox

As promised, there are new changesets to pick up in the TenFourFox tree. (If you're new to rolling your own TenFourFox build, these instructions still generally apply.) I've tried to limit their scope so that people with a partial build can just pull the changes (git pull) and gmake -f client.mk build without having to "clobber" the tree (completely erase and start over). You'll have to do that for the new ESR when that comes out in a couple months, but I'll spare you that today. Most of these patches are security-related, including one that prevents naughty cookies which would affect us as well, though the rest are mostly crash-preventers and would require PowerPC-specific attacks to be exploitable. There is also an update to the ATSUI font blacklist. As always, if you find problematic fonts that need to be suppressed, post them to issue 566 or in the comments, but read this first.

However, there is one feature update in this patchset: a CSS grid whitelist. Firefox 45, which is the heavily patched underpinning of TenFourFox FPR, has a partially working implementation of CSS grid as explained in this MDN article. CSS grid layout is a more flexible and more generalized way of putting elements on a page than the earlier tables method. Go ahead and try to read that article with the current build before you pull the changes and you'll notice that the page has weirdly scrunched up elements (before a script runs and blanks the whole page with an error). After you build with the updates, you'll notice that while the page still doesn't lay out perfectly right, you can now actually read things. That's because there's a whitelist entry now in TenFourFox that allows grid automatically on developer.mozilla.org (a new layout.css.grid.host.developer.mozilla.org preference defaults to true which is checked for by new code in the CSS parser, and there is also an entry in the problematic scripts filter to block the script that ends up blanking the page when it bugs out). The other issues on that page are unrelated to CSS grid.

This will change things for people who set the global pref layout.css.grid.enabled to true, which we have never shipped in TenFourFox because of (at times significant) bugs in the implementation. This pref is now true, but unless the URL hostname is in the whitelist, CSS grid will still be disabled dynamically and is never enabled for chrome resources. If you set the global pref to false, however, then CSS grid is disabled everywhere. If you were using this for a particular site that lays out better with grid on, post the URL to issue 659 or in the comments and I'll consider adding it to the default set (or add it yourself in about:config).

The next ESR (Firefox 115) comes out end of June-early July, and we'll do the usual root updates then.

6 comments:

  1. [ChrisT.] Also better with layout.css.grid.enabled = true:

    www.w3schools.com (e.g. https://www.w3schools.com/cssref/tryit.php?filename=trycss_grid , even though that shows the implementation is incomplete)

    compendion.net

    www.wolframalpha.com

    www.thesaurus.com

    apple.com

    www.stadtbild-deutschland.org

    Different with layout.css.grid.enabled = true but not consistently better:

    www.imdb.com

    www.maz-online.de

    flexikon.doccheck.com

    www.washingtonpost.com

    correctiv.org

    BTW: apple.com crashes the (as of today newly built) browser as long as JS is enabled (baselinejit/ion make no difference), both on 10.4 and 10.5. Previous version from September 2022 also crashes.

    ReplyDelete
    Replies
    1. Thanks for those. I'll add some defaults for them. I suspect we have another candidate for the problematic script block also, but I'll evaluate the crash.

      Delete
    2. and from my limited testing, apple.com can crash my old 2018 firefox45+tff build (plain firefox45esr build is fine)

      Delete
    3. so possible guilty commit range is https://github.com/classilla/tenfourfox/compare/e1ade9f2de87f65e8422378aa6f40f117efddad8%5E...25579eb769f822b3fbc3758c7f0cbdef8ae3b5ca (which is squashed into https://github.com/roytam1/mozilla45esr/commit/1a65205c5b44e9cc412afabc0381ac8d56cca763 in my tree)

      Delete
    4. so #488 causes the crash. https://github.com/classilla/tenfourfox/issues/488#issuecomment-1543542856

      Delete
  2. Hi fans of TTF - nice to see activity and updates to our beloved browser!

    ReplyDelete

Due to an increased frequency of spam, comments are now subject to moderation.