[webkit-changes] [286064] trunk

Fri, 19 Nov 2021 09:10:28 -0800

Title: [286064] trunk
Revision
286064
Author
an...@apple.com
Date
2021-11-19 09:09:32 -0800 (Fri, 19 Nov 2021)

Log Message

[CSS Cascade Layers] [Debug] ASSERTION FAILED: m_childRules.isEmpty() when using @import with layer name
https://bugs.webkit.org/show_bug.cgi?id=233283
<rdar://problem/85520733>

Reviewed by Antoine Quint.

Source/WebCore:

CSS parser is allowing rules in illegal order (@import rule following @layer block)

Test: fast/css/layer-illegal-import.html

* css/parser/CSSParserImpl.cpp:
(WebCore::computeNewAllowedRules):

Only stay in AllowLayerStatementRules state if the new layer is a statement, not a block.

LayoutTests:

* fast/css/layer-illegal-import-expected.html: Added.
* fast/css/layer-illegal-import.html: Added.

Modified Paths

Added Paths

Diff

Modified: trunk/LayoutTests/ChangeLog (286063 => 286064)


--- trunk/LayoutTests/ChangeLog	2021-11-19 16:53:01 UTC (rev 286063)
+++ trunk/LayoutTests/ChangeLog	2021-11-19 17:09:32 UTC (rev 286064)
@@ -1,5 +1,16 @@
 2021-11-19  Antti Koivisto  <an...@apple.com>
 
+        [CSS Cascade Layers] [Debug] ASSERTION FAILED: m_childRules.isEmpty() when using @import with layer name
+        https://bugs.webkit.org/show_bug.cgi?id=233283
+        <rdar://problem/85520733>
+
+        Reviewed by Antoine Quint.
+
+        * fast/css/layer-illegal-import-expected.html: Added.
+        * fast/css/layer-illegal-import.html: Added.
+
+2021-11-19  Antti Koivisto  <an...@apple.com>
+
         :hover with descendant selector not invalidated correctly in shadow tree
         https://bugs.webkit.org/show_bug.cgi?id=233354

Added: trunk/LayoutTests/fast/css/layer-illegal-import-expected.html (0 => 286064)


--- trunk/LayoutTests/fast/css/layer-illegal-import-expected.html	                        (rev 0)
+++ trunk/LayoutTests/fast/css/layer-illegal-import-expected.html	2021-11-19 17:09:32 UTC (rev 286064)
@@ -0,0 +1,11 @@
+<!DOCTYPE html>
+<html>
+<head>
+<style>
+div { color: green; }
+</style>
+</head>
+<body>
+<div>This should be green because the misplaced @import shouldn't parse</div>
+</body>
+</html>

Added: trunk/LayoutTests/fast/css/layer-illegal-import.html (0 => 286064)


--- trunk/LayoutTests/fast/css/layer-illegal-import.html	                        (rev 0)
+++ trunk/LayoutTests/fast/css/layer-illegal-import.html	2021-11-19 17:09:32 UTC (rev 286064)
@@ -0,0 +1,21 @@
+<!DOCTYPE html>
+<html>
+<head>
+<style>
+@layer imported {
+    div { color: blue; }
+}
+
+@layer imported, special;
+
+@import url("data:text/css,div{color:red}") layer(special);
+
+@layer imported {
+    div { color: green; }
+}
+</style>
+</head>
+<body>
+<div>This should be green because the misplaced @import shouldn't parse</div>
+</body>
+</html>

Modified: trunk/Source/WebCore/ChangeLog (286063 => 286064)


--- trunk/Source/WebCore/ChangeLog	2021-11-19 16:53:01 UTC (rev 286063)
+++ trunk/Source/WebCore/ChangeLog	2021-11-19 17:09:32 UTC (rev 286064)
@@ -1,5 +1,22 @@
 2021-11-19  Antti Koivisto  <an...@apple.com>
 
+        [CSS Cascade Layers] [Debug] ASSERTION FAILED: m_childRules.isEmpty() when using @import with layer name
+        https://bugs.webkit.org/show_bug.cgi?id=233283
+        <rdar://problem/85520733>
+
+        Reviewed by Antoine Quint.
+
+        CSS parser is allowing rules in illegal order (@import rule following @layer block)
+
+        Test: fast/css/layer-illegal-import.html
+
+        * css/parser/CSSParserImpl.cpp:
+        (WebCore::computeNewAllowedRules):
+
+        Only stay in AllowLayerStatementRules state if the new layer is a statement, not a block.
+
+2021-11-19  Antti Koivisto  <an...@apple.com>
+
         :hover with descendant selector not invalidated correctly in shadow tree
         https://bugs.webkit.org/show_bug.cgi?id=233354

Modified: trunk/Source/WebCore/css/parser/CSSParserImpl.cpp (286063 => 286064)


--- trunk/Source/WebCore/css/parser/CSSParserImpl.cpp	2021-11-19 16:53:01 UTC (rev 286063)
+++ trunk/Source/WebCore/css/parser/CSSParserImpl.cpp	2021-11-19 17:09:32 UTC (rev 286064)
@@ -343,9 +343,12 @@
 {
     if (!rule || allowedRules == CSSParserImpl::KeyframeRules || allowedRules == CSSParserImpl::CounterStyleRules || allowedRules == CSSParserImpl::NoRules)
         return allowedRules;
+    
     ASSERT(allowedRules <= CSSParserImpl::RegularRules);
-    if (allowedRules <= CSSParserImpl::AllowLayerStatementRules && (rule->isCharsetRule() || rule->isLayerRule()))
+    if (rule->isCharsetRule())
         return CSSParserImpl::AllowLayerStatementRules;
+    if (allowedRules <= CSSParserImpl::AllowLayerStatementRules && rule->isLayerRule() && downcast<StyleRuleLayer>(*rule).isStatement())
+        return CSSParserImpl::AllowLayerStatementRules;
     if (rule->isImportRule())
         return CSSParserImpl::AllowImportRules;
     if (rule->isNamespaceRule())

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to