Title: [280316] trunk/Source/WebCore
- Revision
- 280316
- Author
- [email protected]
- Date
- 2021-07-26 14:39:55 -0700 (Mon, 26 Jul 2021)
Log Message
Don't allow descriptors to be set to CSS-wide keywords
https://bugs.webkit.org/show_bug.cgi?id=228218
<rdar://80675715>
Reviewed by Simon Fraser.
And store the parent rule type directly on
StyleRuleCSSStyleDeclaration so that we can still check it after
m_parentRule has been cleared.
* css/PropertySetCSSStyleDeclaration.cpp:
(WebCore::StyleRuleCSSStyleDeclaration::StyleRuleCSSStyleDeclaration):
(WebCore::StyleRuleCSSStyleDeclaration::cssParserContext const):
* css/PropertySetCSSStyleDeclaration.h:
* css/parser/CSSParserFastPaths.cpp:
(WebCore::parseKeywordValue):
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (280315 => 280316)
--- trunk/Source/WebCore/ChangeLog 2021-07-26 21:26:37 UTC (rev 280315)
+++ trunk/Source/WebCore/ChangeLog 2021-07-26 21:39:55 UTC (rev 280316)
@@ -1,3 +1,22 @@
+2021-07-26 Cameron McCormack <[email protected]>
+
+ Don't allow descriptors to be set to CSS-wide keywords
+ https://bugs.webkit.org/show_bug.cgi?id=228218
+ <rdar://80675715>
+
+ Reviewed by Simon Fraser.
+
+ And store the parent rule type directly on
+ StyleRuleCSSStyleDeclaration so that we can still check it after
+ m_parentRule has been cleared.
+
+ * css/PropertySetCSSStyleDeclaration.cpp:
+ (WebCore::StyleRuleCSSStyleDeclaration::StyleRuleCSSStyleDeclaration):
+ (WebCore::StyleRuleCSSStyleDeclaration::cssParserContext const):
+ * css/PropertySetCSSStyleDeclaration.h:
+ * css/parser/CSSParserFastPaths.cpp:
+ (WebCore::parseKeywordValue):
+
2021-07-26 Chris Dumez <[email protected]>
Rename activeWindow to incumbentWindow in the Location class
Modified: trunk/Source/WebCore/css/PropertySetCSSStyleDeclaration.cpp (280315 => 280316)
--- trunk/Source/WebCore/css/PropertySetCSSStyleDeclaration.cpp 2021-07-26 21:26:37 UTC (rev 280315)
+++ trunk/Source/WebCore/css/PropertySetCSSStyleDeclaration.cpp 2021-07-26 21:39:55 UTC (rev 280316)
@@ -364,6 +364,7 @@
StyleRuleCSSStyleDeclaration::StyleRuleCSSStyleDeclaration(MutableStyleProperties& propertySet, CSSRule& parentRule)
: PropertySetCSSStyleDeclaration(propertySet)
, m_refCount(1)
+ , m_parentRuleType(static_cast<StyleRuleType>(parentRule.type()))
, m_parentRule(&parentRule)
{
m_propertySet->ref();
@@ -418,8 +419,7 @@
return PropertySetCSSStyleDeclaration::cssParserContext();
auto context = styleSheet->parserContext();
- if (m_parentRule)
- context.enclosingRuleType = static_cast<StyleRuleType>(m_parentRule->type());
+ context.enclosingRuleType = m_parentRuleType;
return context;
}
Modified: trunk/Source/WebCore/css/PropertySetCSSStyleDeclaration.h (280315 => 280316)
--- trunk/Source/WebCore/css/PropertySetCSSStyleDeclaration.h 2021-07-26 21:26:37 UTC (rev 280315)
+++ trunk/Source/WebCore/css/PropertySetCSSStyleDeclaration.h 2021-07-26 21:39:55 UTC (rev 280316)
@@ -110,7 +110,7 @@
CSSStyleSheet* parentStyleSheet() const final;
- CSSRule* parentRule() const final { return m_parentRule; }
+ CSSRule* parentRule() const final { return m_parentRule; }
bool willMutate() final WARN_UNUSED_RETURN;
void didMutate(MutationType) final;
@@ -117,6 +117,7 @@
CSSParserContext cssParserContext() const final;
unsigned m_refCount;
+ StyleRuleType m_parentRuleType;
CSSRule* m_parentRule;
};
Modified: trunk/Source/WebCore/css/parser/CSSParserFastPaths.cpp (280315 => 280316)
--- trunk/Source/WebCore/css/parser/CSSParserFastPaths.cpp 2021-07-26 21:26:37 UTC (rev 280315)
+++ trunk/Source/WebCore/css/parser/CSSParserFastPaths.cpp 2021-07-26 21:39:55 UTC (rev 280316)
@@ -1086,17 +1086,20 @@
{
ASSERT(!string.isEmpty());
+ bool parsingDescriptor = context.enclosingRuleType && *context.enclosingRuleType != StyleRuleType::Style;
+ ASSERT(!CSSProperty::isDescriptorOnly(propertyId) || parsingDescriptor);
+
if (!CSSParserFastPaths::isKeywordPropertyID(propertyId)) {
- // All properties accept the values of "initial" and "inherit".
+ // All properties, including non-keyword properties, accept the CSS-wide keywords.
if (!isUniversalKeyword(string))
return nullptr;
- // Parse initial/inherit shorthands using the CSSPropertyParser.
+ // Leave shorthands to parse CSS-wide keywords using CSSPropertyParser.
if (shorthandForProperty(propertyId).length())
return nullptr;
- // Descriptors do not support css wide keywords.
- if (CSSProperty::isDescriptorOnly(propertyId))
+ // Descriptors do not support the CSS-wide keywords.
+ if (parsingDescriptor)
return nullptr;
}
@@ -1105,14 +1108,16 @@
if (!valueID)
return nullptr;
- if (valueID == CSSValueInherit)
- return CSSValuePool::singleton().createInheritedValue();
- if (valueID == CSSValueInitial)
- return CSSValuePool::singleton().createExplicitInitialValue();
- if (valueID == CSSValueUnset)
- return CSSValuePool::singleton().createUnsetValue();
- if (valueID == CSSValueRevert)
- return CSSValuePool::singleton().createRevertValue();
+ if (!parsingDescriptor) {
+ if (valueID == CSSValueInherit)
+ return CSSValuePool::singleton().createInheritedValue();
+ if (valueID == CSSValueInitial)
+ return CSSValuePool::singleton().createExplicitInitialValue();
+ if (valueID == CSSValueUnset)
+ return CSSValuePool::singleton().createUnsetValue();
+ if (valueID == CSSValueRevert)
+ return CSSValuePool::singleton().createRevertValue();
+ }
if (CSSParserFastPaths::isValidKeywordPropertyAndValue(propertyId, valueID, context))
return CSSPrimitiveValue::createIdentifier(valueID);
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
