- Revision
- 255151
- Author
- [email protected]
- Date
- 2020-01-27 09:40:42 -0800 (Mon, 27 Jan 2020)
Log Message
Correct VTT Cue Style handling to match the specification
https://bugs.webkit.org/show_bug.cgi?id=201086
<rdar://problem/54658121>
Reviewed by Brent Fulgham.
The VTT specification requires that only data-URLs are permitted in STYLE blocks.
* css/CSSSelector.cpp:
(WebCore::CSSSelector::selectorText const):
Fix selectorText for function version of ::cue().
* css/parser/CSSParserContext.cpp:
(WebCore::CSSParserContext::completeURL const):
Don't allow non-data URLs in WebVTT parser mode.
* css/parser/CSSParserContext.h:
(WebCore::CSSParserContext::completeURL const): Deleted.
* css/parser/CSSParserMode.h:
(WebCore::isStrictParserMode):
* html/track/WebVTTParser.cpp:
(WebCore::WebVTTParser::collectStyleSheet):
(WebCore::WebVTTParser::checkAndStoreStyleSheet):
Instead of simply validating the original stylesheet, build a new sanitized stylesheet text
from the stylesheet parsed in WebVTT mode. This sanitized stylesheet is then used as the
input for the style system.
* html/track/WebVTTParser.h:
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (255150 => 255151)
--- trunk/Source/WebCore/ChangeLog 2020-01-27 17:26:07 UTC (rev 255150)
+++ trunk/Source/WebCore/ChangeLog 2020-01-27 17:40:42 UTC (rev 255151)
@@ -1,3 +1,37 @@
+2020-01-27 Antti Koivisto <[email protected]>
+
+ Correct VTT Cue Style handling to match the specification
+ https://bugs.webkit.org/show_bug.cgi?id=201086
+ <rdar://problem/54658121>
+
+ Reviewed by Brent Fulgham.
+
+ The VTT specification requires that only data-URLs are permitted in STYLE blocks.
+
+ * css/CSSSelector.cpp:
+ (WebCore::CSSSelector::selectorText const):
+
+ Fix selectorText for function version of ::cue().
+
+ * css/parser/CSSParserContext.cpp:
+ (WebCore::CSSParserContext::completeURL const):
+
+ Don't allow non-data URLs in WebVTT parser mode.
+
+ * css/parser/CSSParserContext.h:
+ (WebCore::CSSParserContext::completeURL const): Deleted.
+ * css/parser/CSSParserMode.h:
+ (WebCore::isStrictParserMode):
+ * html/track/WebVTTParser.cpp:
+ (WebCore::WebVTTParser::collectStyleSheet):
+ (WebCore::WebVTTParser::checkAndStoreStyleSheet):
+
+ Instead of simply validating the original stylesheet, build a new sanitized stylesheet text
+ from the stylesheet parsed in WebVTT mode. This sanitized stylesheet is then used as the
+ input for the style system.
+
+ * html/track/WebVTTParser.h:
+
2020-01-27 Ryan Haddad <[email protected]>
Unreviewed, rolling out r255131.
Modified: trunk/Source/WebCore/css/CSSSelector.cpp (255150 => 255151)
--- trunk/Source/WebCore/css/CSSSelector.cpp 2020-01-27 17:26:07 UTC (rev 255150)
+++ trunk/Source/WebCore/css/CSSSelector.cpp 2020-01-27 17:40:42 UTC (rev 255151)
@@ -736,6 +736,15 @@
if (cs->value() == "placeholder")
builder.appendLiteral("::-webkit-input-placeholder");
break;
+ case CSSSelector::PseudoElementCue: {
+ if (auto* selectorList = cs->selectorList()) {
+ builder.appendLiteral("::cue(");
+ selectorList->buildSelectorsText(builder);
+ builder.append(')');
+ } else
+ builder.appendLiteral("::cue");
+ break;
+ }
default:
builder.appendLiteral("::");
builder.append(cs->serializingValue());
Modified: trunk/Source/WebCore/css/parser/CSSParserContext.cpp (255150 => 255151)
--- trunk/Source/WebCore/css/parser/CSSParserContext.cpp 2020-01-27 17:26:07 UTC (rev 255150)
+++ trunk/Source/WebCore/css/parser/CSSParserContext.cpp 2020-01-27 17:40:42 UTC (rev 255151)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2018 Apple Inc. All rights reserved.
+ * Copyright (C) 2018-2020 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -105,4 +105,22 @@
&& a.useSystemAppearance == b.useSystemAppearance;
}
+URL CSSParserContext::completeURL(const String& url) const
+{
+ auto completedURL = [&] {
+ if (url.isNull())
+ return URL();
+ if (charset.isEmpty())
+ return URL(baseURL, url);
+ TextEncoding encoding(charset);
+ auto& encodingForURLParsing = encoding.encodingForFormSubmissionOrURLParsing();
+ return URL(baseURL, url, encodingForURLParsing == UTF8Encoding() ? nullptr : &encodingForURLParsing);
+ }();
+
+ if (mode == WebVTTMode && !completedURL.protocolIsData())
+ return URL();
+
+ return completedURL;
}
+
+}
Modified: trunk/Source/WebCore/css/parser/CSSParserContext.h (255150 => 255151)
--- trunk/Source/WebCore/css/parser/CSSParserContext.h 2020-01-27 17:26:07 UTC (rev 255150)
+++ trunk/Source/WebCore/css/parser/CSSParserContext.h 2020-01-27 17:40:42 UTC (rev 255151)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2018 Apple Inc. All rights reserved.
+ * Copyright (C) 2018-2020 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -72,16 +72,7 @@
bool useSystemAppearance { false };
- URL completeURL(const String& url) const
- {
- if (url.isNull())
- return URL();
- if (charset.isEmpty())
- return URL(baseURL, url);
- TextEncoding encoding(charset);
- auto& encodingForURLParsing = encoding.encodingForFormSubmissionOrURLParsing();
- return URL(baseURL, url, encodingForURLParsing == UTF8Encoding() ? nullptr : &encodingForURLParsing);
- }
+ URL completeURL(const String& url) const;
bool isContentOpaque { false };
};
Modified: trunk/Source/WebCore/css/parser/CSSParserMode.h (255150 => 255151)
--- trunk/Source/WebCore/css/parser/CSSParserMode.h 2020-01-27 17:26:07 UTC (rev 255150)
+++ trunk/Source/WebCore/css/parser/CSSParserMode.h 2020-01-27 17:40:42 UTC (rev 255151)
@@ -1,6 +1,6 @@
/*
* Copyright (C) 2012 Adobe Systems Incorporated. All rights reserved.
- * Copyright (C) 2012 Apple Inc. All rights reserved.
+ * Copyright (C) 2012-2020 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -42,7 +42,9 @@
// must call parseViewportProperties so needs a special mode.
CSSViewportRuleMode,
// User agent stylesheets are parsed in standards mode but also allows internal properties and values.
- UASheetMode
+ UASheetMode,
+ // WebVTT places limitations on external resources.
+ WebVTTMode
};
inline bool isQuirksModeBehavior(CSSParserMode mode)
@@ -73,7 +75,18 @@
inline bool isStrictParserMode(CSSParserMode cssParserMode)
{
- return cssParserMode == UASheetMode || cssParserMode == HTMLStandardMode || cssParserMode == SVGAttributeMode;
+ switch (cssParserMode) {
+ case UASheetMode:
+ case HTMLStandardMode:
+ case SVGAttributeMode:
+ case WebVTTMode:
+ return true;
+ case HTMLQuirksMode:
+ case CSSViewportRuleMode:
+ return false;
+ }
+ ASSERT_NOT_REACHED();
+ return false;
}
} // namespace WebCore
Modified: trunk/Source/WebCore/html/track/WebVTTParser.cpp (255150 => 255151)
--- trunk/Source/WebCore/html/track/WebVTTParser.cpp 2020-01-27 17:26:07 UTC (rev 255150)
+++ trunk/Source/WebCore/html/track/WebVTTParser.cpp 2020-01-27 17:40:42 UTC (rev 255151)
@@ -1,7 +1,7 @@
/*
* Copyright (C) 2011, 2013 Google Inc. All rights reserved.
* Copyright (C) 2013 Cable Television Labs, Inc.
- * Copyright (C) 2011-2014 Apple Inc. All rights reserved.
+ * Copyright (C) 2011-2020 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are
@@ -315,7 +315,7 @@
if (checkAndStoreStyleSheet(line))
return checkAndRecoverCue(line);
- m_currentStyleSheet.append(line);
+ m_currentSourceStyleSheet.append(line);
return Style;
}
@@ -371,10 +371,11 @@
if (!line.isEmpty() && !line.contains("-->"))
return false;
- auto styleSheet = WTFMove(m_currentStyleSheet);
-
- auto contents = StyleSheetContents::create();
- if (!contents->parseString(styleSheet))
+ auto styleSheetText = WTFMove(m_currentSourceStyleSheet);
+
+ // WebVTTMode disallows non-data URLs.
+ auto contents = StyleSheetContents::create(CSSParserContext(WebVTTMode));
+ if (!contents->parseString(styleSheetText))
return true;
auto& namespaceRules = contents->namespaceRules();
@@ -388,21 +389,37 @@
auto& childRules = contents->childRules();
if (!childRules.size())
return true;
+
+ StringBuilder sanitizedStyleSheetBuilder;
for (const auto& rule : childRules) {
if (!rule->isStyleRule())
return true;
- const auto& styleRule = downcast<StyleRule>(rule.get());
+ const auto& styleRule = downcast<StyleRule>(*rule);
- const auto& selectorList = styleRule->selectorList();
+ const auto& selectorList = styleRule.selectorList();
if (selectorList.listSize() != 1)
return true;
auto selector = selectorList.selectorAt(0);
- if (selector->selectorText() != "::cue")
+ auto selectorText = selector->selectorText();
+
+ bool isCue = selectorText == "::cue" || selectorText.startsWith("::cue(");
+ if (!isCue)
return true;
+
+ if (styleRule.properties().isEmpty())
+ continue;
+
+ sanitizedStyleSheetBuilder.append(selectorText);
+ sanitizedStyleSheetBuilder.appendLiteral(" { ");
+ sanitizedStyleSheetBuilder.append(styleRule.properties().asText());
+ sanitizedStyleSheetBuilder.appendLiteral(" }\n");
}
- m_styleSheets.append(styleSheet);
+ // It would be more stylish to parse the stylesheet only once instead of serializing a sanitized version.
+ if (!sanitizedStyleSheetBuilder.isEmpty())
+ m_styleSheets.append(sanitizedStyleSheetBuilder.toString());
+
return true;
}
Modified: trunk/Source/WebCore/html/track/WebVTTParser.h (255150 => 255151)
--- trunk/Source/WebCore/html/track/WebVTTParser.h 2020-01-27 17:26:07 UTC (rev 255150)
+++ trunk/Source/WebCore/html/track/WebVTTParser.h 2020-01-27 17:40:42 UTC (rev 255151)
@@ -194,7 +194,7 @@
String m_previousLine;
String m_currentSettings;
RefPtr<VTTRegion> m_currentRegion;
- String m_currentStyleSheet;
+ String m_currentSourceStyleSheet;
WebVTTParserClient* m_client;
