[CSS Parser] Miscellaneous bug fixes
authorhyatt@apple.com <hyatt@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 31 Oct 2016 15:01:18 +0000 (15:01 +0000)
committerhyatt@apple.com <hyatt@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 31 Oct 2016 15:01:18 +0000 (15:01 +0000)
https://bugs.webkit.org/show_bug.cgi?id=164211

Reviewed by Darin Adler.

* css/parser/CSSPropertyParser.cpp:
(WebCore::CSSPropertyParser::consumeTransformOrigin):
Make sure to properly reject invalid transform-origin-z values.

* css/parser/CSSSelectorParser.cpp:
(WebCore::CSSSelectorParser::consumeAttribute):
Make attribute selector parsing strict about requiring a ] to end
the selector.

(WebCore::CSSSelectorParser::consumePseudo):
Force the nth-child "of" syntax to have whitespace after "of" but
before the selector. It is unclear if this should be a requirement
or not (spec is ambiguous), but for now we match the old parser.

(WebCore::CSSSelectorParser::consumeCombinator):
Fix a bug that caused the double child combinator to match even
when there was whitespace between the two > symbols.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@208142 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebCore/ChangeLog
Source/WebCore/css/parser/CSSPropertyParser.cpp
Source/WebCore/css/parser/CSSSelectorParser.cpp

index 02bd37c..f562737 100644 (file)
@@ -1,3 +1,28 @@
+2016-10-30  Dave Hyatt  <hyatt@apple.com>
+
+        [CSS Parser] Miscellaneous bug fixes
+        https://bugs.webkit.org/show_bug.cgi?id=164211
+
+        Reviewed by Darin Adler.
+
+        * css/parser/CSSPropertyParser.cpp:
+        (WebCore::CSSPropertyParser::consumeTransformOrigin):
+        Make sure to properly reject invalid transform-origin-z values.
+
+        * css/parser/CSSSelectorParser.cpp:
+        (WebCore::CSSSelectorParser::consumeAttribute):
+        Make attribute selector parsing strict about requiring a ] to end
+        the selector.
+
+        (WebCore::CSSSelectorParser::consumePseudo):
+        Force the nth-child "of" syntax to have whitespace after "of" but
+        before the selector. It is unclear if this should be a requirement
+        or not (spec is ambiguous), but for now we match the old parser.
+
+        (WebCore::CSSSelectorParser::consumeCombinator):
+        Fix a bug that caused the double child combinator to match even
+        when there was whitespace between the two > symbols.
+
 2016-10-31  Youenn Fablet  <youenn@apple.com>
 
         RTCOfferAnswerOptions does not need to be refcounted
index 0e438a0..ce63b85 100644 (file)
@@ -364,7 +364,11 @@ bool CSSPropertyParser::consumeTransformOrigin(bool important)
     RefPtr<CSSPrimitiveValue> resultX;
     RefPtr<CSSPrimitiveValue> resultY;
     if (consumeOneOrTwoValuedPosition(m_range, m_context.mode, UnitlessQuirk::Forbid, resultX, resultY)) {
+        m_range.consumeWhitespace();
+        bool atEnd = m_range.atEnd();
         RefPtr<CSSPrimitiveValue> resultZ = consumeLength(m_range, m_context.mode, ValueRangeAll);
+        if (!resultZ && !atEnd)
+            return false;
         if (!resultZ)
             resultZ = CSSValuePool::singleton().createValue(0, CSSPrimitiveValue::UnitTypes::CSS_PX);
         addProperty(CSSPropertyTransformOriginX, CSSPropertyTransformOrigin, resultX.releaseNonNull(), important);
index 70b77fa..726d8dc 100644 (file)
@@ -420,6 +420,9 @@ std::unique_ptr<CSSParserSelector> CSSSelectorParser::consumeAttribute(CSSParser
 {
     ASSERT(range.peek().type() == LeftBracketToken);
     CSSParserTokenRange block = range.consumeBlock();
+    if (block.end() == range.end())
+        return nullptr; // No ] was found. Be strict about this.
+
     block.consumeWhitespace();
 
     AtomicString namespacePrefix;
@@ -572,6 +575,8 @@ std::unique_ptr<CSSParserSelector> CSSSelectorParser::consumePseudo(CSSParserTok
                 const CSSParserToken& ident = block.consume();
                 if (!equalIgnoringASCIICase(ident.value(), "of"))
                     return nullptr;
+                if (block.peek().type() != WhitespaceToken)
+                    return nullptr;
                 DisallowPseudoElementsScope scope(this);
                 block.consumeWhitespace();
                 std::unique_ptr<CSSSelectorList> selectorList = std::unique_ptr<CSSSelectorList>(new CSSSelectorList());
@@ -671,16 +676,25 @@ CSSSelector::RelationType CSSSelectorParser::consumeCombinator(CSSParserTokenRan
     UChar delimiter = range.peek().delimiter();
 
     if (delimiter == '+' || delimiter == '~' || delimiter == '>') {
-        range.consumeIncludingWhitespace();
-        if (delimiter == '+')
+        if (delimiter == '+') {
+            range.consumeIncludingWhitespace();
             return CSSSelector::DirectAdjacent;
-        if (delimiter == '~')
+        }
+        
+        if (delimiter == '~') {
+            range.consumeIncludingWhitespace();
             return CSSSelector::IndirectAdjacent;
+        }
+        
 #if ENABLE_CSS_SELECTORS_LEVEL4
-        if (delimiter == '>' && range.peek().type() == DelimiterToken && range.peek().delimiter() == '>') {
+        range.consume();
+        if (range.peek().type() == DelimiterToken && range.peek().delimiter() == '>') {
             range.consumeIncludingWhitespace();
             return CSSSelector::DescendantDoubleChild;
         }
+        range.consumeWhitespace();
+#else
+        range.consumeIncludingWhitespace();
 #endif
         return CSSSelector::Child;
     }