[webkit-changes] [246991] releases/WebKitGTK/webkit-2.24

[carlosgc]

Title: [246991] releases/WebKitGTK/webkit-2.24

Revision

246991

Author

carlo...@webkit.org

Date

2019-07-01 04:03:22 -0700 (Mon, 01 Jul 2019)

Log Message

Merge r245664 - Subselectors not searched when determining property whitelist for selector
https://bugs.webkit.org/show_bug.cgi?id=198147
<rdar://problem/50405208>

Reviewed by Zalan Bujtas.

Source/WebCore:

This can cause marker elements get style they shouldn't.

Test: fast/lists/marker-style-subselector-whitelist.html

* css/RuleSet.cpp:
(WebCore::determinePropertyWhitelistType):

Check subselectors too.

LayoutTests:

* fast/lists/marker-style-subselector-whitelist-expected.txt: Added.
* fast/lists/marker-style-subselector-whitelist.html: Added.

Modified Paths

• releases/WebKitGTK/webkit-2.24/LayoutTests/ChangeLog
• releases/WebKitGTK/webkit-2.24/Source/WebCore/ChangeLog
• releases/WebKitGTK/webkit-2.24/Source/WebCore/css/RuleSet.cpp

Added Paths

• releases/WebKitGTK/webkit-2.24/LayoutTests/fast/lists/marker-style-subselector-whitelist-expected.txt
• releases/WebKitGTK/webkit-2.24/LayoutTests/fast/lists/marker-style-subselector-whitelist.html

Diff

Modified: releases/WebKitGTK/webkit-2.24/LayoutTests/ChangeLog (246990 => 246991)

--- releases/WebKitGTK/webkit-2.24/LayoutTests/ChangeLog	2019-07-01 11:03:17 UTC (rev 246990)
+++ releases/WebKitGTK/webkit-2.24/LayoutTests/ChangeLog	2019-07-01 11:03:22 UTC (rev 246991)
@@ -1,3 +1,14 @@
+2019-05-22  Antti Koivisto  <an...@apple.com>
+
+        Subselectors not searched when determining property whitelist for selector
+        https://bugs.webkit.org/show_bug.cgi?id=198147
+        <rdar://problem/50405208>
+
+        Reviewed by Zalan Bujtas.
+
+        * fast/lists/marker-style-subselector-whitelist-expected.txt: Added.
+        * fast/lists/marker-style-subselector-whitelist.html: Added.
+
 2019-05-19  Brent Fulgham  <bfulg...@apple.com>
 
         Wait to get frame until after layout has been run

Added: releases/WebKitGTK/webkit-2.24/LayoutTests/fast/lists/marker-style-subselector-whitelist-expected.txt (0 => 246991)

--- releases/WebKitGTK/webkit-2.24/LayoutTests/fast/lists/marker-style-subselector-whitelist-expected.txt	                        (rev 0)
+++ releases/WebKitGTK/webkit-2.24/LayoutTests/fast/lists/marker-style-subselector-whitelist-expected.txt	2019-07-01 11:03:22 UTC (rev 246991)
@@ -0,0 +1 @@
+List item marker should not be blockified. This test passes if it doesn't assert.

Added: releases/WebKitGTK/webkit-2.24/LayoutTests/fast/lists/marker-style-subselector-whitelist.html (0 => 246991)

--- releases/WebKitGTK/webkit-2.24/LayoutTests/fast/lists/marker-style-subselector-whitelist.html	                        (rev 0)
+++ releases/WebKitGTK/webkit-2.24/LayoutTests/fast/lists/marker-style-subselector-whitelist.html	2019-07-01 11:03:22 UTC (rev 246991)
@@ -0,0 +1,16 @@
+<li><span>List item marker should not be blockified. This test passes if it doesn't assert.</span></li>
+<script>
+if (window.testRunner) {
+    testRunner.dumpAsText();
+    testRunner.waitUntilDone();
+}
+setTimeout(function() {
+    let css = document.createElement("style");
+    css.type = 'text/css';
+	css.appendChild(document.createTextNode(":matches(::marker) { display: block; }"));
+    document.getElementsByTagName("head")[0].appendChild(css);
+
+    if (window.testRunner)
+        testRunner.notifyDone();
+    }, 0);
+</script>

Modified: releases/WebKitGTK/webkit-2.24/Source/WebCore/ChangeLog (246990 => 246991)

--- releases/WebKitGTK/webkit-2.24/Source/WebCore/ChangeLog	2019-07-01 11:03:17 UTC (rev 246990)
+++ releases/WebKitGTK/webkit-2.24/Source/WebCore/ChangeLog	2019-07-01 11:03:22 UTC (rev 246991)
@@ -1,3 +1,20 @@
+2019-05-22  Antti Koivisto  <an...@apple.com>
+
+        Subselectors not searched when determining property whitelist for selector
+        https://bugs.webkit.org/show_bug.cgi?id=198147
+        <rdar://problem/50405208>
+
+        Reviewed by Zalan Bujtas.
+
+        This can cause marker elements get style they shouldn't.
+
+        Test: fast/lists/marker-style-subselector-whitelist.html
+
+        * css/RuleSet.cpp:
+        (WebCore::determinePropertyWhitelistType):
+
+        Check subselectors too.
+
 2019-05-19  Brent Fulgham  <bfulg...@apple.com>
 
         Wait to get frame until after layout has been run

Modified: releases/WebKitGTK/webkit-2.24/Source/WebCore/css/RuleSet.cpp (246990 => 246991)

--- releases/WebKitGTK/webkit-2.24/Source/WebCore/css/RuleSet.cpp	2019-07-01 11:03:17 UTC (rev 246990)
+++ releases/WebKitGTK/webkit-2.24/Source/WebCore/css/RuleSet.cpp	2019-07-01 11:03:22 UTC (rev 246991)
@@ -144,6 +144,14 @@
 #endif
         if (component->match() == CSSSelector::PseudoElement && component->pseudoElementType() == CSSSelector::PseudoElementMarker)
             return PropertyWhitelistMarker;
+
+        if (const auto* selectorList = selector->selectorList()) {
+            for (const auto* subSelector = selectorList->first(); subSelector; subSelector = CSSSelectorList::next(subSelector)) {
+                auto whitelistType = determinePropertyWhitelistType(subSelector);
+                if (whitelistType != PropertyWhitelistNone)
+                    return whitelistType;
+            }
+        }
     }
     return PropertyWhitelistNone;
 }

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes