Title: [246991] releases/WebKitGTK/webkit-2.24
- Revision
- 246991
- Author
- carlo...@webkit.org
- Date
- 2019-07-01 04:03:22 -0700 (Mon, 01 Jul 2019)
Log Message
Merge r245664 - Subselectors not searched when determining property whitelist for selector
https://bugs.webkit.org/show_bug.cgi?id=198147
<rdar://problem/50405208>
Reviewed by Zalan Bujtas.
Source/WebCore:
This can cause marker elements get style they shouldn't.
Test: fast/lists/marker-style-subselector-whitelist.html
* css/RuleSet.cpp:
(WebCore::determinePropertyWhitelistType):
Check subselectors too.
LayoutTests:
* fast/lists/marker-style-subselector-whitelist-expected.txt: Added.
* fast/lists/marker-style-subselector-whitelist.html: Added.
Modified Paths
Added Paths
Diff
Modified: releases/WebKitGTK/webkit-2.24/LayoutTests/ChangeLog (246990 => 246991)
--- releases/WebKitGTK/webkit-2.24/LayoutTests/ChangeLog 2019-07-01 11:03:17 UTC (rev 246990)
+++ releases/WebKitGTK/webkit-2.24/LayoutTests/ChangeLog 2019-07-01 11:03:22 UTC (rev 246991)
@@ -1,3 +1,14 @@
+2019-05-22 Antti Koivisto <an...@apple.com>
+
+ Subselectors not searched when determining property whitelist for selector
+ https://bugs.webkit.org/show_bug.cgi?id=198147
+ <rdar://problem/50405208>
+
+ Reviewed by Zalan Bujtas.
+
+ * fast/lists/marker-style-subselector-whitelist-expected.txt: Added.
+ * fast/lists/marker-style-subselector-whitelist.html: Added.
+
2019-05-19 Brent Fulgham <bfulg...@apple.com>
Wait to get frame until after layout has been run
Added: releases/WebKitGTK/webkit-2.24/LayoutTests/fast/lists/marker-style-subselector-whitelist-expected.txt (0 => 246991)
--- releases/WebKitGTK/webkit-2.24/LayoutTests/fast/lists/marker-style-subselector-whitelist-expected.txt (rev 0)
+++ releases/WebKitGTK/webkit-2.24/LayoutTests/fast/lists/marker-style-subselector-whitelist-expected.txt 2019-07-01 11:03:22 UTC (rev 246991)
@@ -0,0 +1 @@
+List item marker should not be blockified. This test passes if it doesn't assert.
Added: releases/WebKitGTK/webkit-2.24/LayoutTests/fast/lists/marker-style-subselector-whitelist.html (0 => 246991)
--- releases/WebKitGTK/webkit-2.24/LayoutTests/fast/lists/marker-style-subselector-whitelist.html (rev 0)
+++ releases/WebKitGTK/webkit-2.24/LayoutTests/fast/lists/marker-style-subselector-whitelist.html 2019-07-01 11:03:22 UTC (rev 246991)
@@ -0,0 +1,16 @@
+<li><span>List item marker should not be blockified. This test passes if it doesn't assert.</span></li>
+<script>
+if (window.testRunner) {
+ testRunner.dumpAsText();
+ testRunner.waitUntilDone();
+}
+setTimeout(function() {
+ let css = document.createElement("style");
+ css.type = 'text/css';
+ css.appendChild(document.createTextNode(":matches(::marker) { display: block; }"));
+ document.getElementsByTagName("head")[0].appendChild(css);
+
+ if (window.testRunner)
+ testRunner.notifyDone();
+ }, 0);
+</script>
Modified: releases/WebKitGTK/webkit-2.24/Source/WebCore/ChangeLog (246990 => 246991)
--- releases/WebKitGTK/webkit-2.24/Source/WebCore/ChangeLog 2019-07-01 11:03:17 UTC (rev 246990)
+++ releases/WebKitGTK/webkit-2.24/Source/WebCore/ChangeLog 2019-07-01 11:03:22 UTC (rev 246991)
@@ -1,3 +1,20 @@
+2019-05-22 Antti Koivisto <an...@apple.com>
+
+ Subselectors not searched when determining property whitelist for selector
+ https://bugs.webkit.org/show_bug.cgi?id=198147
+ <rdar://problem/50405208>
+
+ Reviewed by Zalan Bujtas.
+
+ This can cause marker elements get style they shouldn't.
+
+ Test: fast/lists/marker-style-subselector-whitelist.html
+
+ * css/RuleSet.cpp:
+ (WebCore::determinePropertyWhitelistType):
+
+ Check subselectors too.
+
2019-05-19 Brent Fulgham <bfulg...@apple.com>
Wait to get frame until after layout has been run
Modified: releases/WebKitGTK/webkit-2.24/Source/WebCore/css/RuleSet.cpp (246990 => 246991)
--- releases/WebKitGTK/webkit-2.24/Source/WebCore/css/RuleSet.cpp 2019-07-01 11:03:17 UTC (rev 246990)
+++ releases/WebKitGTK/webkit-2.24/Source/WebCore/css/RuleSet.cpp 2019-07-01 11:03:22 UTC (rev 246991)
@@ -144,6 +144,14 @@
#endif
if (component->match() == CSSSelector::PseudoElement && component->pseudoElementType() == CSSSelector::PseudoElementMarker)
return PropertyWhitelistMarker;
+
+ if (const auto* selectorList = selector->selectorList()) {
+ for (const auto* subSelector = selectorList->first(); subSelector; subSelector = CSSSelectorList::next(subSelector)) {
+ auto whitelistType = determinePropertyWhitelistType(subSelector);
+ if (whitelistType != PropertyWhitelistNone)
+ return whitelistType;
+ }
+ }
}
return PropertyWhitelistNone;
}
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes