- Revision
- 198004
- Author
- y...@yoav.ws
- Date
- 2016-03-11 03:13:25 -0800 (Fri, 11 Mar 2016)
Log Message
Avoid applying link tags with an invalid media attribute
https://bugs.webkit.org/show_bug.cgi?id=143262
Reviewed by Brent Fulgham.
Source/WebCore:
In current HTML spec, unlike HTML4, the UA must not apply <link> based resources
when the media attribute does not match:
https://html.spec.whatwg.org/multipage/semantics.html#attr-link-media
An invalid media attribute parsing creates a non-empty MediaQuerySet
containing a single query with no expressions and no media type.
(and with its m_ignored flag off)
In order to ignore such MediaQueries, I added an extra check that makes sure
that the queries handled by MediaQueryEvaluator::eval have either expressions
or a media type, and if not, they are ignored.
Test: fast/dom/HTMLLinkElement/link-stylesheet-invalid-media.html
* css/MediaQueryEvaluator.cpp:
(WebCore::MediaQueryEvaluator::eval):
LayoutTests:
These tests make sure that when <link rel=stylesheet> is present with an invalid
media attribute, the styles are not being applied.
* fast/dom/HTMLLinkElement/link-stylesheet-invalid-media-expected.txt: Added.
* fast/dom/HTMLLinkElement/link-stylesheet-invalid-media.html: Added.
* fast/dom/HTMLLinkElement/link-stylesheet-media-type-expected.txt: Added.
* fast/dom/HTMLLinkElement/link-stylesheet-media-type.html: Added.
These tests test the old HTML4 behavior and are no longer relevant.
* fast/media/media-descriptor-syntax-05.html: Removed.
* fast/media/media-descriptor-syntax-05-expected.html: Removed.
Modified Paths
Added Paths
Removed Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (198003 => 198004)
--- trunk/LayoutTests/ChangeLog 2016-03-11 10:04:35 UTC (rev 198003)
+++ trunk/LayoutTests/ChangeLog 2016-03-11 11:13:25 UTC (rev 198004)
@@ -1,3 +1,22 @@
+2016-03-11 Yoav Weiss <y...@yoav.ws>
+
+ Avoid applying link tags with an invalid media attribute
+ https://bugs.webkit.org/show_bug.cgi?id=143262
+
+ Reviewed by Brent Fulgham.
+
+ These tests make sure that when <link rel=stylesheet> is present with an invalid
+ media attribute, the styles are not being applied.
+
+ * fast/dom/HTMLLinkElement/link-stylesheet-invalid-media-expected.txt: Added.
+ * fast/dom/HTMLLinkElement/link-stylesheet-invalid-media.html: Added.
+ * fast/dom/HTMLLinkElement/link-stylesheet-media-type-expected.txt: Added.
+ * fast/dom/HTMLLinkElement/link-stylesheet-media-type.html: Added.
+
+ These tests test the old HTML4 behavior and are no longer relevant.
+ * fast/media/media-descriptor-syntax-05.html: Removed.
+ * fast/media/media-descriptor-syntax-05-expected.html: Removed.
+
2016-03-11 Frederic Wang <fw...@igalia.com>
Skip content-editable-as-textarea.html on GTK as it uses AX API.
Added: trunk/LayoutTests/fast/dom/HTMLLinkElement/link-stylesheet-invalid-media-expected.txt (0 => 198004)
--- trunk/LayoutTests/fast/dom/HTMLLinkElement/link-stylesheet-invalid-media-expected.txt (rev 0)
+++ trunk/LayoutTests/fast/dom/HTMLLinkElement/link-stylesheet-invalid-media-expected.txt 2016-03-11 11:13:25 UTC (rev 198004)
@@ -0,0 +1,2 @@
+SUCCESS
+
Added: trunk/LayoutTests/fast/dom/HTMLLinkElement/link-stylesheet-invalid-media.html (0 => 198004)
--- trunk/LayoutTests/fast/dom/HTMLLinkElement/link-stylesheet-invalid-media.html (rev 0)
+++ trunk/LayoutTests/fast/dom/HTMLLinkElement/link-stylesheet-invalid-media.html 2016-03-11 11:13:25 UTC (rev 198004)
@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<link rel=stylesheet href="" { width: 100px }" media="(width invalid)">
+<div id=result></div>
+<div id=test></div>
+<script>
+ if (window.testRunner)
+ testRunner.dumpAsText();
+ var test = document.getElementById("test");
+ var result = document.getElementById("result");
+ if (test.offsetWidth == 100)
+ result.innerHTML = "FAILURE";
+ else
+ result.innerHTML = "SUCCESS";
+</script>
Added: trunk/LayoutTests/fast/dom/HTMLLinkElement/link-stylesheet-media-type-expected.txt (0 => 198004)
--- trunk/LayoutTests/fast/dom/HTMLLinkElement/link-stylesheet-media-type-expected.txt (rev 0)
+++ trunk/LayoutTests/fast/dom/HTMLLinkElement/link-stylesheet-media-type-expected.txt 2016-03-11 11:13:25 UTC (rev 198004)
@@ -0,0 +1,2 @@
+SUCCESS
+
Added: trunk/LayoutTests/fast/dom/HTMLLinkElement/link-stylesheet-media-type.html (0 => 198004)
--- trunk/LayoutTests/fast/dom/HTMLLinkElement/link-stylesheet-media-type.html (rev 0)
+++ trunk/LayoutTests/fast/dom/HTMLLinkElement/link-stylesheet-media-type.html 2016-03-11 11:13:25 UTC (rev 198004)
@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<link rel=stylesheet href="" { width: 100px }" media="screen">
+<div id=result></div>
+<div id=test></div>
+<script>
+ if (window.testRunner)
+ testRunner.dumpAsText();
+ var test = document.getElementById("test");
+ var result = document.getElementById("result");
+ if (test.offsetWidth == 100)
+ result.innerHTML = "SUCCESS";
+ else
+ result.innerHTML = "FAILURE";
+</script>
Deleted: trunk/LayoutTests/fast/media/media-descriptor-syntax-05-expected.html (198003 => 198004)
--- trunk/LayoutTests/fast/media/media-descriptor-syntax-05-expected.html 2016-03-11 10:04:35 UTC (rev 198003)
+++ trunk/LayoutTests/fast/media/media-descriptor-syntax-05-expected.html 2016-03-11 11:13:25 UTC (rev 198004)
@@ -1,5 +0,0 @@
-<html>
-<body>
-<p style="color: green">This text should be green.</p>
-</body>
-</html>
Deleted: trunk/LayoutTests/fast/media/media-descriptor-syntax-05.html (198003 => 198004)
--- trunk/LayoutTests/fast/media/media-descriptor-syntax-05.html 2016-03-11 10:04:35 UTC (rev 198003)
+++ trunk/LayoutTests/fast/media/media-descriptor-syntax-05.html 2016-03-11 11:13:25 UTC (rev 198004)
@@ -1,13 +0,0 @@
-<html>
-<head>
-<title>HTML4 media descriptor test: parsing style element media attribute, forward-compatible syntax</title>
-<link rel="help" href="" />
-<style type="text/css" media="*****|{}- |[|">
-p { color: green }
-</style>
-
-</head>
-<body>
-<p> This text should be green.</p>
-</body>
-</html>
Modified: trunk/Source/WebCore/ChangeLog (198003 => 198004)
--- trunk/Source/WebCore/ChangeLog 2016-03-11 10:04:35 UTC (rev 198003)
+++ trunk/Source/WebCore/ChangeLog 2016-03-11 11:13:25 UTC (rev 198004)
@@ -1,3 +1,27 @@
+2016-03-11 Yoav Weiss <y...@yoav.ws>
+
+ Avoid applying link tags with an invalid media attribute
+ https://bugs.webkit.org/show_bug.cgi?id=143262
+
+ Reviewed by Brent Fulgham.
+
+ In current HTML spec, unlike HTML4, the UA must not apply <link> based resources
+ when the media attribute does not match:
+ https://html.spec.whatwg.org/multipage/semantics.html#attr-link-media
+
+ An invalid media attribute parsing creates a non-empty MediaQuerySet
+ containing a single query with no expressions and no media type.
+ (and with its m_ignored flag off)
+
+ In order to ignore such MediaQueries, I added an extra check that makes sure
+ that the queries handled by MediaQueryEvaluator::eval have either expressions
+ or a media type, and if not, they are ignored.
+
+ Test: fast/dom/HTMLLinkElement/link-stylesheet-invalid-media.html
+
+ * css/MediaQueryEvaluator.cpp:
+ (WebCore::MediaQueryEvaluator::eval):
+
2016-03-11 Youenn Fablet <youenn.fab...@crf.canon.fr>
[CallWith=ScriptExecutionContext] should pass ScriptExecutionContext to the implementation by reference
Modified: trunk/Source/WebCore/css/MediaQueryEvaluator.cpp (198003 => 198004)
--- trunk/Source/WebCore/css/MediaQueryEvaluator.cpp 2016-03-11 10:04:35 UTC (rev 198003)
+++ trunk/Source/WebCore/css/MediaQueryEvaluator.cpp 2016-03-11 11:13:25 UTC (rev 198004)
@@ -136,7 +136,7 @@
for (size_t i = 0; i < queries.size() && !result; ++i) {
MediaQuery* query = queries[i].get();
- if (query->ignored())
+ if (query->ignored() || (!query->expressions().size() && query->mediaType().isEmpty()))
continue;
if (mediaTypeMatch(query->mediaType())) {
