While most code in Web Kit is cross-platform, there’s a large amount of platform-specific code as well, to improve the user and developer experience in different environments.Different “ports” run different platform-specific code. This is why two Web Kit-based browsers, say, Safari and Epiphany (GNOME Web), can display the same page slightly differently: they’re using different Web Kit ports.This is one reason why good email clients block all images by default: image rendering, like HTML rendering, is full of security vulnerabilities.(Another reason is that images hosted remotely can be used to determine when you read the email, violating your privacy.) To understand Web Kit security, you have to understand the concept of Web Kit ports, because different ports handle security updates differently.It also explains how a malicious email can gain control of your computer.Modern email clients render HTML mail using web engines, so malicious emails exploit many of the same vulnerabilities that a malicious web page might.But Linux users are dependent on their distributions to release updates.
There are some downstream ports as well; unlike the aforementioned ports, downstream ports are, well, downstream, and not part of the Web Kit project.If you know anything at all about the internet of things, you know these devices never get security updates, or if they do, the updates are superficial (updating only some vulnerable components and not others), or end a couple months after the product is purchased.Web Kit EFL does not bother with pretense here: like Win Cairo, it has never had security updates.These ports get frequent security updates from Apple to plug vulnerabilities, which users receive via regular updates. Since Web Kit is not a system library on Windows, Windows applications must bundle Web Kit, so each application using Web Kit must be updated individually, and updates are completely dependent on the application developers.i Tunes, which uses the Apple Windows port, does get regular updates from Apple, but beyond that, I suspect most applications never get any security updates.And again, it’s safe to assume few to no companies are handling security backports for their downstream branches.None of the above ports matter for most Linux users.Some cherry-picked examples of popular applications using Qt Web Kit are Amarok, Calligra, KDevelop, KMail, Kontact, KTorrent, Quassel, Rekonq, and Tomahawk.Qt Web Kit provides an excellent Qt API, so in the past it’s been the clear best web engine to use for Qt applications.The only one that matters for Linux users is Qt Web Kit.If you use Safari, you’re using the Mac or i OS port.