Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: f0fba73ace0f5a4e31e0a16d3b824af0a396a6e9 https://github.com/WebKit/WebKit/commit/f0fba73ace0f5a4e31e0a16d3b824af0a396a6e9 Author: Said Abou-Hallawa <s...@apple.com> Date: 2024-05-21 (Tue, 21 May 2024)
Changed paths: M LayoutTests/css3/filters/filter-visited-links-expected.html M LayoutTests/css3/filters/filter-visited-links.html M Source/WebCore/rendering/InlineBoxPainter.cpp Log Message: ----------- Prevent SVG filters from leaking the background of visited hyperlinks https://bugs.webkit.org/show_bug.cgi?id=262337 rdar://116206368 Reviewed by Simon Fraser. We should prevent websites from learning which sites have been visited via SVG filters on hyperlinks, per the attack described in https://arxiv.org/abs/2305.12784. This is a follow up for 266683@main. The background color of the visited links should be ignored when an SVG filter is applied. * LayoutTests/css3/filters/filter-visited-links-expected.html: * LayoutTests/css3/filters/filter-visited-links.html: * Source/WebCore/rendering/InlineBoxPainter.cpp: (WebCore::InlineBoxPainter::paintDecorations): Originally-landed-as: 272448.560@safari-7618-branch (36df2fc04fb9). rdar://128502129 Canonical link: https://commits.webkit.org/279104@main Commit: 05b6b1285a302f82a9c133577cfad7433090f9b6 https://github.com/WebKit/WebKit/commit/05b6b1285a302f82a9c133577cfad7433090f9b6 Author: Scott Marcy <msc...@apple.com> Date: 2024-05-21 (Tue, 21 May 2024) Changed paths: A LayoutTests/fast/svg/mutual-recursion-test-expected.txt A LayoutTests/fast/svg/mutual-recursion-test.html M Source/WebCore/rendering/svg/legacy/SVGResources.cpp M Source/WebCore/rendering/svg/legacy/SVGResources.h Log Message: ----------- Break a mutual recursion cycle laying out SVG elements. https://bugs.webkit.org/show_bug.cgi?id=268556 rdar://118510445 Reviewed by shallawa (Said Abou-Hallawa). Breaks the recursion cycle by having the SVGResource object track if it is already doing layout for a different root. * LayoutTests/fast/svg/mutual-recursion-test-expected.txt: Added. * LayoutTests/fast/svg/mutual-recursion-test.html: Added. * Source/WebCore/rendering/svg/SVGResources.cpp: (WebCore::SVGResources::layoutDifferentRootIfNeeded): * Source/WebCore/rendering/svg/SVGResources.h: Originally-landed-as: 272448.561@safari-7618-branch (e14592228595). rdar://128502330 Canonical link: https://commits.webkit.org/279105@main Commit: c02295c8ab22b97721478d9e0abeb5c647ad29aa https://github.com/WebKit/WebKit/commit/c02295c8ab22b97721478d9e0abeb5c647ad29aa Author: Keith Miller <keith_mil...@apple.com> Date: 2024-05-21 (Tue, 21 May 2024) Changed paths: M Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp Log Message: ----------- [JSC] presenceConditionIfConsistent should check knownBase's structure is in the structure set https://bugs.webkit.org/show_bug.cgi?id=269220 rdar://122171551 Reviewed by Yusuke Suzuki. This patch rewrites ByteCodeParser::presenceConditionIfConsistent. Now it just checks that the presence condition we're trying to create is possible for the knownBase. Additionally, we have to check that the knownBase's structure was executed at least once before. This allows us to know if GetOwnPropertySlot ran successfully at least once for this structure. * Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp: (JSC::DFG::ByteCodeParser::presenceConditionIfConsistent): Originally-landed-as: 272448.563@safari-7618-branch (630351ee51ab). rdar://128502736 Canonical link: https://commits.webkit.org/279106@main Commit: a3161bf52b5e86b7a2acc0c8c196f918e0b4d902 https://github.com/WebKit/WebKit/commit/a3161bf52b5e86b7a2acc0c8c196f918e0b4d902 Author: David Kilzer <ddkil...@apple.com> Date: 2024-05-21 (Tue, 21 May 2024) Changed paths: M Source/WebCore/PAL/ThirdParty/libavif/ThirdParty/dav1d/src/thread_task.c Log Message: ----------- OSV-2022-674: dav1d: use of uninitialized value in cdef_filter_block_c https://bugs.webkit.org/show_bug.cgi?id=269405 <rdar://122849398> Reviewed by Youenn Fablet. Merge dav1d upstream commit a3a55b18494f5dd1e34f289298f78ffa4f32a25d. * Source/WebCore/PAL/ThirdParty/libavif/ThirdParty/dav1d/src/thread_task.c: (create_filter_sbrow): Originally-landed-as: 272448.565@safari-7618-branch (8547ba181fbb). rdar://128502897 Canonical link: https://commits.webkit.org/279107@main Compare: https://github.com/WebKit/WebKit/compare/00222bd02ce4...a3161bf52b5e To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications _______________________________________________ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes