[webkit-changes] [149151] trunk

Thu, 25 Apr 2013 15:49:23 -0700

Title: [149151] trunk
Revision
149151
Author
[email protected]
Date
2013-04-25 15:51:08 -0700 (Thu, 25 Apr 2013)

Log Message

Ignore invalid regular expressions for input[pattern].
https://bugs.webkit.org/show_bug.cgi?id=115204

Reviewed by Darin Adler.

Source/WebCore:

According to the specification, we should not proceed regular _expression_
matching if a pattern attribute value is an invalid regular
_expression_. We had a bug that invalid expressions such as
pattern=")foo(" made RegularExpression objects successfully.

http://www.whatwg.org/specs/web-apps/current-work/multipage/common-input-element-attributes.html#the-pattern-attribute
> If an input element has a pattern attribute specified, and the
> attribute's value, when compiled as a _javascript_ regular _expression_ with
> the global, ignoreCase, and multiline flags disabled (see ECMA262
> Edition 5, sections 15.10.7.2 through 15.10.7.4), compiles successfully,
> then the resulting regular _expression_ is the element's compiled pattern
> regular _expression_. If the element has no such attribute, or if the
> value doesn't compile successfully, then the element has no compiled
> pattern regular _expression_.

This imports a part of Blink r148951.

Tests: Update fast/forms/ValidityState-patternMismatch.html

* html/BaseTextInputType.cpp:
(WebCore::BaseTextInputType::patternMismatch):
Check correctness of pattern attribute value before wrapping with parentheses.
* platform/text/RegularExpression.cpp:
(WebCore::RegularExpression::isValid): Added.
* platform/text/RegularExpression.h:
(RegularExpression): Declare isValid.

LayoutTests:

* fast/forms/ValidityState-patternMismatch-expected.txt:
* fast/forms/ValidityState-patternMismatch.html:

Modified Paths

Diff

Modified: trunk/LayoutTests/ChangeLog (149150 => 149151)


--- trunk/LayoutTests/ChangeLog	2013-04-25 22:50:07 UTC (rev 149150)
+++ trunk/LayoutTests/ChangeLog	2013-04-25 22:51:08 UTC (rev 149151)
@@ -1,3 +1,13 @@
+2013-04-25  Kent Tamura  <[email protected]>
+
+        Ignore invalid regular expressions for input[pattern].
+        https://bugs.webkit.org/show_bug.cgi?id=115204
+
+        Reviewed by Darin Adler.
+
+        * fast/forms/ValidityState-patternMismatch-expected.txt:
+        * fast/forms/ValidityState-patternMismatch.html:
+
 2013-04-25  Alexey Proskuryakov  <[email protected]>
 
         Update a comment, mentioning a newly filed bug.

Modified: trunk/LayoutTests/fast/forms/ValidityState-patternMismatch-expected.txt (149150 => 149151)


--- trunk/LayoutTests/fast/forms/ValidityState-patternMismatch-expected.txt	2013-04-25 22:50:07 UTC (rev 149150)
+++ trunk/LayoutTests/fast/forms/ValidityState-patternMismatch-expected.txt	2013-04-25 22:51:08 UTC (rev 149151)
@@ -55,6 +55,12 @@
 PASS patternMismatchFor("mismatch-21") is true
 PASS patternMismatchFor("empty-pattern-match") is false
 PASS patternMismatchFor("empty-pattern-mismatch") is true
+PASS patternMismatchFor("invalid-01") is false
+PASS patternMismatchFor("invalid-02") is false
+PASS patternMismatchFor("invalid-03") is false
+PASS patternMismatchFor("invalid-04") is false
+PASS patternMismatchFor("invalid-05") is false
+PASS patternMismatchFor("invalid-06") is false
 PASS patternMismatchFor("disabled") is false
 PASS successfullyParsed is true

Modified: trunk/LayoutTests/fast/forms/ValidityState-patternMismatch.html (149150 => 149151)


--- trunk/LayoutTests/fast/forms/ValidityState-patternMismatch.html	2013-04-25 22:50:07 UTC (rev 149150)
+++ trunk/LayoutTests/fast/forms/ValidityState-patternMismatch.html	2013-04-25 22:51:08 UTC (rev 149151)
@@ -57,8 +57,16 @@
 /><input id="mismatch-18" type="text" pattern="foo\\" value="food"
 /><input id="mismatch-19" type="text" pattern="^" value="wrong"
 /><input id="mismatch-20" type="text" pattern="$" value="wrong"
-/><input id="mismatch-21" type="text" pattern="f(o|e)\1" value="foe"
-/><input id="empty-pattern-mismatch" type="text" pattern="" value="Lorem Ipsum"
+/><input id="mismatch-21" type="text" pattern="f(o|e)\1" value="foe"/>
+
+<input id="invalid-01" type="text" pattern=")foo(" value="foo"/>
+<input id="invalid-02" type="text" pattern=")foo(" value="foobar"/>
+<input id="invalid-03" type="text" pattern=")foo(" value=")foo"/>
+<input id="invalid-04" type="text" pattern="foo\" value="foo\"/>
+<input id="invalid-05" type="text" pattern="[0-9" value="1"/>
+<input id="invalid-06" type="text" pattern="[0-9" value="a"/>
+
+<input id="empty-pattern-mismatch" type="text" pattern="" value="Lorem Ipsum"
 /><input id="disabled" pattern="[0-9][A-Z]{3}" value="00AA" disabled /></div>
 <script language="_javascript_" type="text/_javascript_">
 function patternMismatchFor(id) {
@@ -124,6 +132,13 @@
 shouldBeFalse('patternMismatchFor("empty-pattern-match")');
 shouldBeTrue('patternMismatchFor("empty-pattern-mismatch")');
 
+shouldBeFalse('patternMismatchFor("invalid-01")');
+shouldBeFalse('patternMismatchFor("invalid-02")');
+shouldBeFalse('patternMismatchFor("invalid-03")');
+shouldBeFalse('patternMismatchFor("invalid-04")');
+shouldBeFalse('patternMismatchFor("invalid-05")');
+shouldBeFalse('patternMismatchFor("invalid-06")');
+
 shouldBeFalse('patternMismatchFor("disabled")');
 
 document.body.removeChild(document.getElementById('container'));

Modified: trunk/Source/WebCore/ChangeLog (149150 => 149151)


--- trunk/Source/WebCore/ChangeLog	2013-04-25 22:50:07 UTC (rev 149150)
+++ trunk/Source/WebCore/ChangeLog	2013-04-25 22:51:08 UTC (rev 149151)
@@ -1,3 +1,37 @@
+2013-04-25  Kent Tamura  <[email protected]>
+
+        Ignore invalid regular expressions for input[pattern].
+        https://bugs.webkit.org/show_bug.cgi?id=115204
+
+        Reviewed by Darin Adler.
+
+        According to the specification, we should not proceed regular _expression_
+        matching if a pattern attribute value is an invalid regular
+        _expression_. We had a bug that invalid expressions such as
+        pattern=")foo(" made RegularExpression objects successfully.
+
+        http://www.whatwg.org/specs/web-apps/current-work/multipage/common-input-element-attributes.html#the-pattern-attribute
+        > If an input element has a pattern attribute specified, and the
+        > attribute's value, when compiled as a _javascript_ regular _expression_ with
+        > the global, ignoreCase, and multiline flags disabled (see ECMA262
+        > Edition 5, sections 15.10.7.2 through 15.10.7.4), compiles successfully,
+        > then the resulting regular _expression_ is the element's compiled pattern
+        > regular _expression_. If the element has no such attribute, or if the
+        > value doesn't compile successfully, then the element has no compiled
+        > pattern regular _expression_.
+
+        This imports a part of Blink r148951.
+
+        Tests: Update fast/forms/ValidityState-patternMismatch.html
+
+        * html/BaseTextInputType.cpp:
+        (WebCore::BaseTextInputType::patternMismatch):
+        Check correctness of pattern attribute value before wrapping with parentheses.
+        * platform/text/RegularExpression.cpp:
+        (WebCore::RegularExpression::isValid): Added.
+        * platform/text/RegularExpression.h:
+        (RegularExpression): Declare isValid.
+
 2013-04-25  Antoine Quint  <[email protected]>
 
         Glyphs may fail to render when using SVG font

Modified: trunk/Source/WebCore/html/BaseTextInputType.cpp (149150 => 149151)


--- trunk/Source/WebCore/html/BaseTextInputType.cpp	2013-04-25 22:50:07 UTC (rev 149150)
+++ trunk/Source/WebCore/html/BaseTextInputType.cpp	2013-04-25 22:51:08 UTC (rev 149151)
@@ -40,8 +40,7 @@
 bool BaseTextInputType::patternMismatch(const String& value) const
 {
     const AtomicString& rawPattern = element()->fastGetAttribute(patternAttr);
-    // Empty values can't be mismatched
-    if (rawPattern.isNull() || value.isEmpty())
+    if (rawPattern.isNull() || value.isEmpty() || !RegularExpression(rawPattern, TextCaseSensitive).isValid())
         return false;
     String pattern = "^(?:" + rawPattern + ")$";
     int matchLength = 0;

Modified: trunk/Source/WebCore/platform/text/RegularExpression.cpp (149150 => 149151)


--- trunk/Source/WebCore/platform/text/RegularExpression.cpp	2013-04-25 22:50:07 UTC (rev 149150)
+++ trunk/Source/WebCore/platform/text/RegularExpression.cpp	2013-04-25 22:51:08 UTC (rev 149151)
@@ -176,4 +176,9 @@
     }
 }
 
+bool RegularExpression::isValid() const
+{
+    return d->m_regExpByteCode;
+}
+
 } // namespace WebCore

Modified: trunk/Source/WebCore/platform/text/RegularExpression.h (149150 => 149151)


--- trunk/Source/WebCore/platform/text/RegularExpression.h	2013-04-25 22:50:07 UTC (rev 149150)
+++ trunk/Source/WebCore/platform/text/RegularExpression.h	2013-04-25 22:51:08 UTC (rev 149151)
@@ -48,6 +48,7 @@
     int searchRev(const String&) const;
 
     int matchedLength() const;
+    bool isValid() const;
 
 private:
     class Private;    

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to