Safari 3 Beta Updated, Security Problems Fixed

Llywelyn writes "Apple has released an update to the Windows Safari 3 Beta. According to Macworld the updates '...include correction for a command injection vulnerability, corrected with additional processing and validation of URLs that could otherwise lead to an unexpected termination of the browser; an out-of-bounds memory read issue; and a race condition that can allow cross-site scripting using a JavaSscript [sic] exploit.' It is available through either the Apple Safari download site or through Apple's Software Update."

Horrible International Language support

[Anonymous Coward]

Downloaded and tried to open websites in Chinese. The rendering is just horrible, unreadable and totally unacceptable. Texts are not where they should be. In this sense, this Safari is even not as good as IE 4, which could display such webpages well. I heard that, (didn't try), Safari could not open most webpages in non-western languages.

Re:Horrible International Language support

[nevali]

The issue there is that Mac OS X's own international character support does all the hard work for the applications: they don't generally need to worry about it. On Windows, it's a very different story, which means it'll take Apple more than a couple of days to make WebKit/Win32 deal with it all as elegantly as it does on OS X.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:not worth it

[nevali]

Er, you don't have to give an e-mail address to download it, just to sign up.

Leave the box blank and the check-box ticked and it still downloads.

Re:not worth it

[itcomesinwaves]

If you hate it so much why did you enter your email address? It's not required.

Now if they would fix the text problem...

[norminator]

Now if they would just fix the problem that some people (including myself) are having where no text shows up anywhere in the application and you can't type in any of the text input fields (kind of hard to use a browser when you can't type in an address).

Re:Now if they would fix the text problem...

[Henry V .009]

Yes, I've got this problem on my Vista install at work. Clicking the little spider icon to report the bug crashes the program.

Mini-review of Safari on my home Vista install: The non-standard Windows UI is annoying. If I wanted to resize only from the bottom right corner I would have bought a Mac. The lack of an advertisement blocker makes the software a poor alternative to Firefox. The bundling is annoying. I don't want Quicktime. Quicktime is ugly, ugly software. It makes Firefox crash, grabs all sorts of MIME types, throws its icon up on the desktop every time it updates no matter how many times you delete the icon, it installs a systray icon (for a media player?!? come on), and it won't play full screen videos. ITunes is only a good media player if you own a Ipod. Don't want that either. The Apple update service is annoying as well. Why a separate service? I want my apps to check for updates when I start them or not at all.

Good points? Well, Safari displays web pages, I guess. Good for Apple.

Re:Hosed fonts

[nevali]

Neither release was 3 nor 3.0.1, really.

It's a beta. Safari 3 hasn't been released yet. The only version number worth paying attention to is the build number (and that assumes it gets updated properly--I don't know what the updated version's is, but I assume it's not 522.11)

And also, did you report the issue to Apple?

Re:Semi-OT: is there a hotkey for tab-switching?

[nevali]

If they've carried the keystrokes over from the Mac version, it'll be Cmd+Shift+[ and Cmd+Shift+], which on windows would be Ctrl+Shift+[ and Ctrl+Shift+]

Re:Future recommendation?

[3.14159265]

But you already get simplicity, speed, and security with Opera.

Re:Horrible International Language support

[stephentyrone]

Works perfectly in safari 3 on a mac. Windows bug?

Re:Horrible International Language support

[Altus]

As another poseter pointed out, the handling of international character sets is different on windows than on the mac so its not surprising that something works properly in the mac version of safari and not in the windows beta. Obviously apple will need to fix these issues, but its not surprising.

Awesome, now I can read /. again!

[Jugalator]

No wait... [imageshack.us]

But maybe it's just as good to not have any sensationalist headlines to mislead you? :-p

Re:Now if they would fix the text problem...

[Goaway]

If you didn't want QuickTime bundled, why did you select to download the version that bundles it?

Re:Horrible International Language support

[nevali]

NT handles Unicode character storage and manipulation just fine, yes.

Unicode font rendering (automatically selecting the a font which contains a particular character, because generally no font contains all Unicode characters, and if one did exist, it probably wouldn't be the text font in use) is a different matter altogether.

Mac OS X does sane font substitution when faces don't include a particular character. On Windows, AFAIK, typing a Japanese glyph when using a font that doesn't support that code point will result in the square block--on the Mac, the type renderer will find the closest visual match (in terms of style) for a font that does include the code point and use that for those glyphs.

It's not a bug

[Overly Critical Guy]

Apple renders fonts to match the accuracy of the glyphs so that they resemble what they would look like in print, important for desktop publishing. Windows happily renders fonts inaccurately so that they're 1-pixel thin and packed into a pixel grid.

Re:Hosed fonts

[Casualjim]

The problem here lies in the XML file Safari generates for listing all your system fonts.

Look here (for XP): C:\Documents and Settings\YOUR NAME HERE\Local Settings\Application Data\Apple Computer\Safari\Fonts.plist

You can edit this file and hack in the basic Internet fonts you need, or try plugging in the Fonts.plist file from a machine that did display the fonts correctly.

The apple forums are saying if you have thousands of fonts installed it's probably the cause of the problem.

Here is my hacky solution file if you need a starting point.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Names</key>
<dict>
<key>Lucida Grande</key>
<string>C:\Program Files\Safari\Safari.resources\Lucida Grande.ttf</string>
<key>Lucida Grande Bold</key>
<string>C:\Program Files\Safari\Safari.resources\Lucida Grande Bold.ttf</string>
<key>Lucida Grande Bold.ttf</key>
<string>C:\Program Files\Safari\Safari.resources\Lucida Grande Bold.ttf</string>
<key>Arial</key>
<string>C:\WINDOWS\Fonts\arial.ttf</string>
<key>Arial Bold</key>
<string>C:\WINDOWS\Fonts\ARIALBD.TTF</string>
<key>Arial Italic</key>
<string>C:\WINDOWS\Fonts\ARIALI.TTF</string>
<key>Arial Bold Italic</key>
<string>C:\WINDOWS\Fonts\ARIALBI.TTF</string>
<key>Verdana</key>
<string>C:\WINDOWS\Fonts\verdana.ttf</string>
<key>Verdana Bold</key>
<string>C:\WINDOWS\Fonts\verdanab.TTF</string>
<key>Verdana Italic</key>
<string>C:\WINDOWS\Fonts\verdanai.TTF</string>
<key>Verdana Bold Italic</key>
<string>C:\WINDOWS\Fonts\verdanaz.TTF</string>
<key>Times New Roman</key>
<string>C:\WINDOWS\Fonts\times.ttf</string>
<key>Times New Roman Bold</key>
<string>C:\WINDOWS\Fonts\timesbd.ttf</string>
<key>Times New Roman Italic</key>
<string>C:\WINDOWS\Fonts\timesi.ttf</string>
<key>Times New Roman Bold Italic</key>
<string>C:\WINDOWS\Fonts\timesbi.ttf</string>
<key>Helvetica</key>
<string>C:\WINDOWS\Fonts\HVL_____.TTF</string>
<key>Courier New</key>
<string>C:\WINDOWS\Fonts\COUR.TTF</string>
<key>Tahoma</key>
<string>C:\WINDOWS\Fonts\tahoma.TTF</string>


</dict>
</dict>
</plist>

Re:Horrible International Language support

[brantondaveperson]

Mod parent up

That is absolutely correct. Internationalising applications for Windows is easy.... until you get to those tricky East Asian languages. Then you're in for a world of pain.

Re:Naturally

[jp10558]

Part of it seems to be that Safari has some bugs that break benchmarks:
http://www.howtocreate.co.uk/safaribenchmarks.html [howtocreate.co.uk]

Re:Naturally

[99BottlesOfBeerInMyF]

I doubt they'll be as quick in the future.

Sure they'll be this quick in the future, right up until it leaves beta, then they'll actually have to do full regression tests which will take longer and have a turn around time aout the same as the Mac version.

It always amazes me when I hear people complaining about bug fix times from vendors who take between one and six weeks to get a bug into production. Those are normal turn around times assuming the vendor starts work immediately on a development/testing cycle for a large, production software project. After reading the comments here, I get the impression most Slashdot posters have never worked in a real software development house. I doesn't take a genius to see the turn around for bug fixes for a beta that does not need to be tested other than a quick smoke test is going to be a hell of a lot faster than a final release.

Re:Controlling the media

[Anonymous Coward]

Windows Problem?
http://erratasec.blogspot.com/2007/06/niiiice.html [blogspot.com]

...but the bugs found in the beta copy of Safari on Windows work on the production copy on OSX as well (same code base for alot of stuff). The exploit is robust mostly thanks to the lack of any kind of adanced security features in OSX...

These dumb fanboys....