Font icons are not loaded in IE11 / Edge running on Windows 10

11 posts, 0 answers
  1. Telerik Admin
    Telerik Admin avatar
    1695 posts
    Member since:
    Oct 2004

    Posted 30 Mar Link to this post

    In Windows 10 there is a feature(and a policy that applies the feature), which blocks the so-called "untrusted fonts". Untrusted fonts mean any font not installed %windir%/fonts, including web fonts.

    With this feature enabled (or the policy applied) custom fonts, such as font icons will not be loaded regardless of the provider. Hence, font icons used by Kendo UI, Kendo UI for Angular and Telerik UI for ASP.NET AJAX, MVC, Core will not be loaded.

    More information about the Windows 10 feature that blocks the untrusted font icons could be found below:

    https://support.microsoft.com/en-us/help/3053676/windows-10-technical-preview-adds-a-feature-that-blocks-untrusted-fonts

  2. Alan
    Alan avatar
    16 posts
    Member since:
    Apr 2013

    Posted 11 May Link to this post

    So the unfortunate solution would be to use the last Kendo UI version (2016 version) that used images instead of font icons?

    I'm using Kendo UI on sites accessed by government persons and since we don't have control over how their networks may configure their machines, if they are blocking untrusted fonts (which can be done in Windows 7 as well) then there is no way we could ever use a Kendo UI version beyond the last 2016 ver.

    I like font icons, but can't justify paying for licenses for future versions when I know that portions of my user base may never be able to use font icons for the foreseeable future, thus making Kendo UI somewhat unusable in my world.

     

     

     

  3. Ivan Zhekov
    Admin
    Ivan Zhekov avatar
    600 posts

    Posted 15 May Link to this post

    Alan,

    as of now we don't really have an answer for that question.

    We are evaluating a couple of options, namely, providing an alternative stylesheet that uses image icons or employing svg icons, with both having their ups and downs.

    The ups for image icon alternative are that images are unlikely to be disabled as technology anytime soon, unless you are browsing in windows high contrast mode with a browser lower than Edge. The downs are that we need at least 3 sprites for the task and a workaround for the aforementioned high contrast mode.

    The ups for svg is that it doesn't suffer from the high contrast issue; it's scalable; controllable by css (if made the correct way)... The downs are higher markup payload; couple of browser issues to name a few.

    As soon as we have chosen a direction, we'll update this thread with our intended resolution.

    Regards,
    Ivan Zhekov
    Telerik by Progress
    Try our brand new, jQuery-free Angular 2 components built from ground-up which deliver the business app essential building blocks - a grid component, data visualization (charts) and form elements.
  4. Alan
    Alan avatar
    16 posts
    Member since:
    Apr 2013

    Posted 16 May in reply to Ivan Zhekov Link to this post

    Understand, and thanks for the reply. If I can supply any additional information regarding this kind of scenario, please let me know.
  5. EIMCM
    EIMCM avatar
    5 posts
    Member since:
    Nov 2010

    Posted 26 Jul in reply to Ivan Zhekov Link to this post

    Running into this issue as well.  In creating our workaround it would be good to know if this is something you are still looking at?  Any possibility of it being in a 2017 release?
  6. Ivan Zhekov
    Admin
    Ivan Zhekov avatar
    600 posts

    Posted 28 Jul Link to this post

    According to a recent Microsoft blog post -- https://blogs.technet.microsoft.com/secguide/2017/06/15/dropping-the-untrusted-font-blocking-setting/ -- Microsoft is dropping the setting (stated in the title), or removing the recommendation to enable this setting (stated later in the text).

    With that in mind it seems, that the policy will be either removed or needs to be disabled without any security consequences. Note: according to the last comment, disabling the policy does not enable font downloading (which is another security policy).

    We'll monitor closely the development of the issue and if need be, we'll provide a fix.

    Regards,
    Ivan Zhekov
    Progress Telerik
    Try our brand new, jQuery-free Angular 2 components built from ground-up which deliver the business app essential building blocks - a grid component, data visualization (charts) and form elements.
  7. Mathews
    Mathews avatar
    2 posts
    Member since:
    Dec 2013

    Posted 19 Sep Link to this post

    I have a production release on October, are we planning to get some fix soon?
  8. Ivan Zhekov
    Admin
    Ivan Zhekov avatar
    600 posts

    Posted 22 Sep Link to this post

    As of now we don't plan on providing a fix, as there is no need due to Microsoft re-evaluating their font blocking policy.

    Just to be on the same page, Untrusted font blocking policy differs from Allow font download policy. The former disabled use of fonts not located within windir/fonts directory (for any Microsoft app), while the latter simply doesn't download any fonts (in Internet Explorer and Edge).

    Regards,
    Ivan Zhekov
    Progress Telerik
    Try our brand new, jQuery-free Angular 2 components built from ground-up which deliver the business app essential building blocks - a grid component, data visualization (charts) and form elements.
  9. Alan
    Alan avatar
    16 posts
    Member since:
    Apr 2013

    Posted 25 Sep Link to this post

    I don't know if this applies to the other folks who have posted on this thread, but I can attest to the fact that government entities are usually much slower at adopting and implementing change; especially if there is any potential security risk (real or perceived) involved. So if they can still block font icons in any way, they probably will and if that is the case, then my original point still stands - using Kendo UI beyond 2016 version has an inherent use risk in this regard because of the sole reliance on font icons for visual cue, thus making it somewhat unusable to support government clients.

    I do understand that you have no plans for a fix at this time and that you would have to make product decisions looking forward, just wanted to express that, in the scenario of font icons, making them the only option causes some grief.

  10. Mathews
    Mathews avatar
    2 posts
    Member since:
    Dec 2013

    Posted 25 Sep Link to this post

    Looks like Kendoui for external website is not a good choice going forward. I would not recommend Kendoui to anybody. Many of my clients are not seeing any icons in the grid, dropdowns and so on. I had a fix for my personal icons with a .svg alternative, but kendo seems to be impossible to fix. I am not in a position to go back to a version before 2016 too.
    I wish Telerik will provide a work around at the earliest.

  11. Ivan Zhekov
    Admin
    Ivan Zhekov avatar
    600 posts

    Posted 27 Sep Link to this post

    Looking at the blog post I've referenced earlier -- https://blogs.technet.microsoft.com/secguide/2017/06/15/dropping-the-untrusted-font-blocking-setting/ -- it seems that the policy was made available with the first release of Windows 10 (v1507) is no longer applied with the so called Creators Update (v1703), which is available since August 17th, 2017.

    From the clarifications in the comments it also seems that the policy applies to IE 11 only, so another option would be to use Edge browser (comes with all windows 10 installations).

    The best way to resolve the issue would be to upgrade to that version, or if a newer is available.

    If that is not applicable at this time, there are other ways to resolve the issue: if the issue is happening in a controlled environment, apps can be excluded from the mitigation policy, as described in the Block untrusted font documentation (https://docs.microsoft.com/en-us/windows/threat-protection/block-untrusted-fonts-in-enterprise).

    It's worth noting that the MS staff is responding quite swiftly, so questions related to enabling / disabling the policies, as well as the scope of the policies could be directed at either at the blog post, or the documentation article.

    For the time being, it's not feasible to change our font icons to svg icons, because it's resource consuming and the benefit will be only for those affected e.g. the rest of the customers will not see almost any difference.

    Proving an image sprites is also not an option, because some themes don't have them at all; and all themes use font icons for certain controls.

    Regards,
    Ivan Zhekov
    Progress Telerik
    Try our brand new, jQuery-free Angular 2 components built from ground-up which deliver the business app essential building blocks - a grid component, data visualization (charts) and form elements.
Back to Top