Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 808edf62942c254bd4fab37f78369061fa53d320
https://github.com/WebKit/WebKit/commit/808edf62942c254bd4fab37f78369061fa53d320
Author: Ahmad Saleem <[email protected]>
Date: 2026-01-01 (Thu, 01 Jan 2026)
Changed paths:
A LayoutTests/svg/parser/whitespace-number-expected.txt
A LayoutTests/svg/parser/whitespace-number.html
M Source/WebCore/svg/SVGStopElement.cpp
Log Message:
-----------
SVG <stop> offset attribute incorrectly accepts invalid values with trailing
garbage
https://bugs.webkit.org/show_bug.cgi?id=304794
rdar://167356988
Reviewed by Nikolas Zimmermann.
The offset attribute parser was using String::toFloat() which silently ignores
trailing garbage. Per the SVG specification, attribute values with trailing
non-numeric characters should be treated as invalid and fall back to the
default value of 0.
Fixed by using parseNumber() from SVGParserUtilities which properly validates
the entire string. Also optimized to use StringView to avoid unnecessary string
copies.
* Source/WebCore/svg/SVGStopElement.cpp:
(WebCore::SVGStopElement::attributeChanged):
* LayoutTests/svg/parser/whitespace-number.html: Added.
* LayoutTests/svg/parser/whitespace-number-expected.txt: Added.
Canonical link: https://commits.webkit.org/305036@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
