Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 8df46ae128e21639fa2613d4bb78d35a6c7bb5cf
https://github.com/WebKit/WebKit/commit/8df46ae128e21639fa2613d4bb78d35a6c7bb5cf
Author: Chris Dumez <[email protected]>
Date: 2026-04-06 (Mon, 06 Apr 2026)
Changed paths:
M LayoutTests/fast/css/attr-parsing-expected.txt
M LayoutTests/fast/css/attr-parsing.html
M
LayoutTests/imported/w3c/web-platform-tests/css/css-values/attr-security-expected.txt
A
LayoutTests/imported/w3c/web-platform-tests/css/css-variables/url-token-serialization-expected.txt
A
LayoutTests/imported/w3c/web-platform-tests/css/css-variables/url-token-serialization.html
M Source/WebCore/css/CSSImportRule.cpp
M Source/WebCore/css/CSSImportRule.h
M Source/WebCore/css/CSSMarkup.cpp
M Source/WebCore/css/CSSMarkup.h
M Source/WebCore/css/parser/CSSParserIdioms.h
M Source/WebCore/css/parser/CSSParserToken.cpp
M Source/WebCore/css/parser/CSSTokenizer.cpp
M Source/WebCore/css/parser/CSSTokenizer.h
M Source/WebCore/css/parser/CSSTokenizerInputStream.cpp
Log Message:
-----------
Fix url() token serialization in custom properties
https://bugs.webkit.org/show_bug.cgi?id=311414
Reviewed by Sam Weinig and Darin Adler.
CSSParserToken::serialize() was using serializeIdentifier() for
<url-token> values, which applies CSS identifier escaping rules.
This incorrectly escapes characters like ".", "/", ":", "?", and "#"
that are perfectly valid in URL tokens. For example, url(image.png)
would round-trip as url(image\.png).
This violates the CSS custom property serialization requirement that
specified values be serialized exactly as specified by the author.
https://drafts.csswg.org/css-variables-2/#serializing-custom-props
Fix this by adding serializeURLTokenValue() which implements
<url-token> serialization that only escapes non-printable code points,
quotes, parentheses, and backslashes -- the characters that the CSS
tokenizer rejects in unquoted URL values.
https://drafts.csswg.org/css-syntax-3/#consume-url-token
Test:
imported/w3c/web-platform-tests/css/css-variables/url-token-serialization.html
* LayoutTests/fast/css/attr-parsing-expected.txt:
* LayoutTests/fast/css/attr-parsing.html:
*
LayoutTests/imported/w3c/web-platform-tests/css/css-values/attr-security-expected.txt:
*
LayoutTests/imported/w3c/web-platform-tests/css/css-variables/url-token-serialization-expected.txt:
Added.
*
LayoutTests/imported/w3c/web-platform-tests/css/css-variables/url-token-serialization.html:
Added.
* Source/WebCore/css/CSSImportRule.cpp:
(WebCore::CSSImportRule::cssTextInternal const):
(WebCore::CSSImportRule::cssText const):
* Source/WebCore/css/CSSImportRule.h:
* Source/WebCore/css/CSSMarkup.cpp:
(WebCore::isNonPrintableCodePoint):
(WebCore::serializeCharacterAsEscapeSequence):
(WebCore::serializeIdentifier):
(WebCore::serializeString):
(WebCore::serializeURLTokenValue):
(WebCore::serializeCharacterAsCodePoint): Deleted.
(WebCore::serializeURL): Deleted.
* Source/WebCore/css/CSSMarkup.h:
* Source/WebCore/css/parser/CSSParserIdioms.h:
(WebCore::isCSSNewline):
* Source/WebCore/css/parser/CSSParserToken.cpp:
(WebCore::CSSParserToken::serialize const):
* Source/WebCore/css/parser/CSSTokenizer.cpp:
(WebCore::CSSTokenizer::preprocessString):
(WebCore::twoCharsAreValidEscape):
(WebCore::CSSTokenizer::consumeStringTokenUntil):
(WebCore::CSSTokenizer::consumeEscape):
(WebCore::CSSTokenizer::isNewline): Deleted.
* Source/WebCore/css/parser/CSSTokenizer.h:
* Source/WebCore/css/parser/CSSTokenizerInputStream.cpp:
(WebCore::CSSTokenizerInputStream::advanceUntilNewlineOrNonWhitespace):
Canonical link: https://commits.webkit.org/310628@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
