Changeset 225808 in webkit
- Timestamp:
- Dec 12, 2017, 2:51:02 PM (8 years ago)
- Location:
- trunk
- Files:
-
- 2 added
- 4 edited
-
LayoutTests/ChangeLog (modified) (1 diff)
-
LayoutTests/svg/text/font-style-keyword-expected.txt (added)
-
LayoutTests/svg/text/font-style-keyword.html (added)
-
Source/WebCore/ChangeLog (modified) (1 diff)
-
Source/WebCore/css/CSSValue.h (modified) (1 diff)
-
Source/WebCore/svg/SVGFontFaceElement.cpp (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r225807 r225808 1 2017-12-12 Myles C. Maxfield <mmaxfield@apple.com> 2 3 REGRESSION (Safari 11): custom <font-face> tag crashes a page 4 https://bugs.webkit.org/show_bug.cgi?id=177848 5 6 Reviewed by Darin Adler. 7 8 * svg/text/font-style-keyword-expected.txt: Added. 9 * svg/text/font-style-keyword.html: Added. 10 1 11 2017-12-12 Antoine Quint <graouts@apple.com> 2 12 -
trunk/Source/WebCore/ChangeLog
r225807 r225808 1 2017-12-12 Myles C. Maxfield <mmaxfield@apple.com> 2 3 REGRESSION (Safari 11): custom <font-face> tag crashes a page 4 https://bugs.webkit.org/show_bug.cgi?id=177848 5 6 Reviewed by Darin Adler. 7 8 We currently use the CSS property parsers to parse SVG's <font-face> element attributes. Instead, 9 we should be using the CSS descriptor parsers to parse these attributes. However, this is a 10 fairly involved task, so until I can finish that, this patch fixes the crash. The crash is simple; 11 the descriptors shouldn't accept the universal keywords ("initial", "inherit", etc.) and our 12 font-face machinery assumes this. So the fix is just detect these keywords and explicitly disallow 13 them. 14 15 Test: svg/text/font-style-keyword.html 16 17 * svg/SVGFontFaceElement.cpp: 18 (WebCore::SVGFontFaceElement::parseAttribute): 19 1 20 2017-12-12 Antoine Quint <graouts@apple.com> 2 21 -
trunk/Source/WebCore/css/CSSValue.h
r224165 r225808 92 92 bool isUnsetValue() const { return m_classType == UnsetClass; } 93 93 bool isRevertValue() const { return m_classType == RevertClass; } 94 bool isGlobalKeyword() const { return isInheritedValue() || isInitialValue() || isUnsetValue() || isRevertValue(); } 94 95 bool treatAsInitialValue(CSSPropertyID) const; 95 96 bool treatAsInheritedValue(CSSPropertyID) const; -
trunk/Source/WebCore/svg/SVGFontFaceElement.cpp
r224615 r225808 64 64 void SVGFontFaceElement::parseAttribute(const QualifiedName& name, const AtomicString& value) 65 65 { 66 CSSPropertyID prop Id = cssPropertyIdForSVGAttributeName(name);67 if (prop Id > 0) {66 CSSPropertyID propertyId = cssPropertyIdForSVGAttributeName(name); 67 if (propertyId > 0) { 68 68 // FIXME: Parse using the @font-face descriptor grammars, not the property grammars. 69 m_fontFaceRule->mutableProperties().setProperty(propId, value, false); 69 auto& properties = m_fontFaceRule->mutableProperties(); 70 bool valueChanged = properties.setProperty(propertyId, value); 71 72 if (valueChanged) { 73 // The above parser is designed for the font-face properties, not descriptors, and the properties accept the global keywords, but descriptors don't. 74 // Rather than invasively modifying the parser for the properties to have a special mode, we can simply detect the error condition after-the-fact and 75 // avoid it explicitly. 76 if (auto parsedValue = properties.getPropertyCSSValue(propertyId)) { 77 if (parsedValue->isGlobalKeyword()) 78 properties.removeProperty(propertyId); 79 } 80 } 81 70 82 rebuildFontFace(); 71 83 return;
Note:
See TracChangeset
for help on using the changeset viewer.
