Changeset 153627 in webkit

Timestamp:

Aug 1, 2013 5:02:25 PM (11 years ago)

Author:

dino@apple.com

Message:

srcset algorithm breaks base64 src attributes
​https://bugs.webkit.org/show_bug.cgi?id=119413

Reviewed by Darin Adler.

Source/WebCore:

Base64 encoded src attributes typically have a COMMA
character which was breaking in the candidate matching
algorithm. Make sure to handle that case, and to unescape
any incoming URLs.

Slight cleanup of the srcset matching algorithm. The
candidates are now gathered from a single update
method. I've renamed the methods in the process.
This means we now reparse the srcset attribute if
only the src changes, but I think the code is
cleaner this way.

Tests: fast/hidpi/image-srcset-data-src.html

fast/hidpi/image-srcset-data-srcset.html
fast/hidpi/image-srcset-nomodifier.html
fast/hidpi/image-srcset-viewport-modifiers.html

• html/HTMLImageElement.cpp:

(WebCore::HTMLImageElement::HTMLImageElement): No need to initialise m_bestFitImageURL.
(WebCore::HTMLImageElement::imageSourceURL): Use isEmpty() rather than checking for nullAtom.
(WebCore::HTMLImageElement::determineBestImageForScaleFactor): New renamed method that selects the best
candidate for the image source.
(WebCore::HTMLImageElement::collectImageCandidatesFromSrcSet): Gather the srcset images. Changes include
simplifying the whitespace and skipping candidates that we don't yet support.
(WebCore::HTMLImageElement::collectImageCandidateFromSrc): Add the src attribute to the list of candidates.
(WebCore::HTMLImageElement::parseAttribute): Now both attributes call determineBestImageForScaleFactor.

• html/HTMLImageElement.h: No need for m_srcImageIndex any more.

LayoutTests:

Four new tests that exercise candidate matching. In particular:

• base64 encoded src attributes
• base64 encoded srcset attributes that are escaped
• attributes without scale modifiers
• attributes that have modifiers other than scale

• fast/hidpi/image-srcset-change-dynamically-from-js.html: Minor change to add scale modifier.
• fast/hidpi/image-srcset-data-src.html: Added.
• fast/hidpi/image-srcset-data-srcset.html: Added.
• fast/hidpi/image-srcset-nomodifier.html: Added.
• fast/hidpi/image-srcset-viewport-modifiers.html: Added.
• platform/mac/fast/hidpi/image-srcset-data-src-expected.png: Added.
• platform/mac/fast/hidpi/image-srcset-data-src-expected.txt: Added.
• platform/mac/fast/hidpi/image-srcset-data-srcset-expected.png: Added.
• platform/mac/fast/hidpi/image-srcset-data-srcset-expected.txt: Added.
• platform/mac/fast/hidpi/image-srcset-nomodifier-expected.png: Added.
• platform/mac/fast/hidpi/image-srcset-nomodifier-expected.txt: Added.
• platform/mac/fast/hidpi/image-srcset-viewport-modifiers-expected.png: Added.
• platform/mac/fast/hidpi/image-srcset-viewport-modifiers-expected.txt: Added.

Location:

trunk

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/fast/hidpi/image-srcset-change-dynamically-from-js.html (modified) (1 diff)
• LayoutTests/fast/hidpi/image-srcset-data-src.html (added)
• LayoutTests/fast/hidpi/image-srcset-data-srcset.html (added)
• LayoutTests/fast/hidpi/image-srcset-nomodifier.html (added)
• LayoutTests/fast/hidpi/image-srcset-viewport-modifiers.html (added)
• LayoutTests/platform/mac/fast/hidpi/image-srcset-data-src-expected.png (added)
• LayoutTests/platform/mac/fast/hidpi/image-srcset-data-src-expected.txt (added)
• LayoutTests/platform/mac/fast/hidpi/image-srcset-data-srcset-expected.png (added)
• LayoutTests/platform/mac/fast/hidpi/image-srcset-data-srcset-expected.txt (added)
• LayoutTests/platform/mac/fast/hidpi/image-srcset-nomodifier-expected.png (added)
• LayoutTests/platform/mac/fast/hidpi/image-srcset-nomodifier-expected.txt (added)
• LayoutTests/platform/mac/fast/hidpi/image-srcset-viewport-modifiers-expected.png (added)
• LayoutTests/platform/mac/fast/hidpi/image-srcset-viewport-modifiers-expected.txt (added)
• Source/WebCore/ChangeLog (modified) (1 diff)
• Source/WebCore/html/HTMLImageElement.cpp (modified) (4 diffs)
• Source/WebCore/html/HTMLImageElement.h (modified) (2 diffs)

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2013-08-01  Dean Jackson  <dino@apple.com>
+
+        srcset algorithm breaks base64 src attributes
+        https://bugs.webkit.org/show_bug.cgi?id=119413
+
+        Reviewed by Darin Adler.
+
+        Four new tests that exercise candidate matching. In particular:
+        - base64 encoded src attributes
+        - base64 encoded srcset attributes that are escaped
+        - attributes without scale modifiers
+        - attributes that have modifiers other than scale
+
+        * fast/hidpi/image-srcset-change-dynamically-from-js.html: Minor change to add scale modifier.
+        * fast/hidpi/image-srcset-data-src.html: Added.
+        * fast/hidpi/image-srcset-data-srcset.html: Added.
+        * fast/hidpi/image-srcset-nomodifier.html: Added.
+        * fast/hidpi/image-srcset-viewport-modifiers.html: Added.
+        * platform/mac/fast/hidpi/image-srcset-data-src-expected.png: Added.
+        * platform/mac/fast/hidpi/image-srcset-data-src-expected.txt: Added.
+        * platform/mac/fast/hidpi/image-srcset-data-srcset-expected.png: Added.
+        * platform/mac/fast/hidpi/image-srcset-data-srcset-expected.txt: Added.
+        * platform/mac/fast/hidpi/image-srcset-nomodifier-expected.png: Added.
+        * platform/mac/fast/hidpi/image-srcset-nomodifier-expected.txt: Added.
+        * platform/mac/fast/hidpi/image-srcset-viewport-modifiers-expected.png: Added.
+        * platform/mac/fast/hidpi/image-srcset-viewport-modifiers-expected.txt: Added.
+
 2013-08-01  Dean Jackson  <dino@apple.com>
 

trunk/LayoutTests/fast/hidpi/image-srcset-change-dynamically-from-js.html

@@ -5 +5 @@
         var img = document.getElementById("foo");
         img.src = "resources/blue-100-px-square.png"
-        img.srcset = "resources/green-200-px-square.png";
+        img.srcset = "resources/green-200-px-square.png 1x";
     }
 

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2013-08-01  Dean Jackson  <dino@apple.com>
+
+        srcset algorithm breaks base64 src attributes
+        https://bugs.webkit.org/show_bug.cgi?id=119413
+
+        Reviewed by Darin Adler.
+
+        Base64 encoded src attributes typically have a COMMA
+        character which was breaking in the candidate matching
+        algorithm. Make sure to handle that case, and to unescape
+        any incoming URLs.
+
+        Slight cleanup of the srcset matching algorithm. The
+        candidates are now gathered from a single update
+        method. I've renamed the methods in the process.
+        This means we now reparse the srcset attribute if
+        only the src changes, but I think the code is
+        cleaner this way.
+
+        Tests: fast/hidpi/image-srcset-data-src.html
+               fast/hidpi/image-srcset-data-srcset.html
+               fast/hidpi/image-srcset-nomodifier.html
+               fast/hidpi/image-srcset-viewport-modifiers.html
+
+        * html/HTMLImageElement.cpp:
+        (WebCore::HTMLImageElement::HTMLImageElement): No need to initialise m_bestFitImageURL.
+        (WebCore::HTMLImageElement::imageSourceURL): Use isEmpty() rather than checking for nullAtom.
+        (WebCore::HTMLImageElement::determineBestImageForScaleFactor): New renamed method that selects the best
+        candidate for the image source.
+        (WebCore::HTMLImageElement::collectImageCandidatesFromSrcSet): Gather the srcset images. Changes include
+        simplifying the whitespace and skipping candidates that we don't yet support.
+        (WebCore::HTMLImageElement::collectImageCandidateFromSrc): Add the src attribute to the list of candidates.
+        (WebCore::HTMLImageElement::parseAttribute): Now both attributes call determineBestImageForScaleFactor.
+        * html/HTMLImageElement.h: No need for m_srcImageIndex any more.
+
 2013-08-01  Romain Perier  <romain.perier@gmail.com>
 

trunk/Source/WebCore/html/HTMLImageElement.cpp

@@ -50 +50 @@
     , m_form(form)
     , m_compositeOperator(CompositeSourceOver)
-    , m_bestFitImageURL(nullAtom)
-    , m_srcImageIndex(notFound)
 {
     ASSERT(hasTagName(imgTag));
@@ -115 +113 @@
 const AtomicString& HTMLImageElement::imageSourceURL() const
 {
-    return m_bestFitImageURL == nullAtom ? getAttribute(srcAttr) : m_bestFitImageURL;
-}
-
-void HTMLImageElement::updateBestImageForScaleFactor()
-{
+    return m_bestFitImageURL.isEmpty() ? fastGetAttribute(srcAttr) : m_bestFitImageURL;
+}
+
+void HTMLImageElement::determineBestImageForScaleFactor()
+{
+    m_imagesWithScale.clear();
+    m_bestFitImageURL = nullAtom;
+
+    collectImageCandidatesFromSrcSet();
+    collectImageCandidateFromSrc();
+    stable_sort(m_imagesWithScale.begin(), m_imagesWithScale.end(), compareByScaleFactor);
+
+    for (size_t i = 1; i < m_imagesWithScale.size(); ++i) {
+        if (m_imagesWithScale[i-1].scaleFactor == m_imagesWithScale[i].scaleFactor) {
+            m_imagesWithScale.remove(i);
+            i--;
+        }
+    }
+
     float pageScaleFactor = 1.0;
-
-    m_bestFitImageURL = nullAtom;
     if (Page* page = document()->page())
         pageScaleFactor = page->deviceScaleFactor();
+
     for (size_t i = 0; i < m_imagesWithScale.size(); ++i) {
         if (m_imagesWithScale[i].scaleFactor >= pageScaleFactor) {
@@ -133 +144 @@
 }
 
-void HTMLImageElement::updateImagesFromSrcSet(const AtomicString& srcset)
-{
-    const String& string = static_cast<const String&>(srcset);
-    Vector<String> srcSet;
-
-    string.split(',', srcSet);
-    for (size_t i = 0; i < srcSet.size(); ++i) {
+void HTMLImageElement::collectImageCandidatesFromSrcSet()
+{
+    const String& srcSetAttributeValue = fastGetAttribute(srcsetAttr).string().simplifyWhiteSpace(isHTMLSpace);
+    Vector<String> srcSetTokens;
+
+    srcSetAttributeValue.split(',', srcSetTokens);
+    for (size_t i = 0; i < srcSetTokens.size(); ++i) {
         Vector<String> data;
         float imgScaleFactor = 1.0;
         bool validScaleFactor = false;
 
-        srcSet[i].stripWhiteSpace().split(' ', data);
-        if (data.size() > 0 && data.last().endsWith('x')) {
-            imgScaleFactor = data.last().substring(0, data.last().length() - 1).toFloat(&validScaleFactor);
-            if (!validScaleFactor)
-                imgScaleFactor = 1.0;
-        }
-        if (!data.size() || (data.size() == 1 && validScaleFactor))
+        srcSetTokens[i].stripWhiteSpace().split(' ', data);
+        // There must be at least one candidate descriptor, and the last one must
+        // be a scale factor. Since we don't support descriptors other than scale,
+        // it's better to discard any rule with such descriptors rather than accept
+        // only the scale data.
+        if (data.size() != 2)
             continue;
+        if (!data.last().endsWith('x'))
+            continue;
+
+        imgScaleFactor = data.last().substring(0, data.last().length() - 1).toFloat(&validScaleFactor);
+        if (!validScaleFactor)
+            continue;
+
         ImageWithScale image;
-        image.imageURL = data[0];
+        image.imageURL = decodeURLEscapeSequences(data[0]);
         image.scaleFactor = imgScaleFactor;
+
         m_imagesWithScale.append(image);
     }
-    const AtomicString& src = getAttribute(srcAttr);
+}
+
+void HTMLImageElement::collectImageCandidateFromSrc()
+{
+    const AtomicString& src = fastGetAttribute(srcAttr);
     ImageWithScale image;
     if (!src.isEmpty()) {
-        image.imageURL = getAttribute(srcAttr);
+        image.imageURL = decodeURLEscapeSequences(src);
         image.scaleFactor = 1.0;
         m_imagesWithScale.append(image);
     }
-    stable_sort(m_imagesWithScale.begin(), m_imagesWithScale.end(), compareByScaleFactor);
-
-    for (size_t i = 1; i < m_imagesWithScale.size(); ++i) {
-        if (m_imagesWithScale[i-1].scaleFactor == m_imagesWithScale[i].scaleFactor) {
-            m_imagesWithScale.remove(i);
-            i--;
-        }
-    }
-    if (!src.isEmpty())
-        m_srcImageIndex = m_imagesWithScale.find(image);
 }
 
@@ -181 +193 @@
         if (renderer() && renderer()->isImage())
             toRenderImage(renderer())->updateAltText();
-    } else if (name == srcAttr) {
-        if (m_srcImageIndex != notFound)
-            m_imagesWithScale.remove(m_srcImageIndex);
-        updateImagesFromSrcSet(value);
-        updateBestImageForScaleFactor();
-        m_imageLoader.updateFromElementIgnoringPreviousError();
-    } else if (name == srcsetAttr) {
-        m_imagesWithScale.clear();
-        updateImagesFromSrcSet(value);
-        updateBestImageForScaleFactor();
+    } else if (name == srcAttr || name == srcsetAttr) {
+        determineBestImageForScaleFactor();
         m_imageLoader.updateFromElementIgnoringPreviousError();
     }

trunk/Source/WebCore/html/HTMLImageElement.h

@@ -110 +110 @@
 #endif
 
-    void updateImagesFromSrcSet(const AtomicString& srcset);
-
-    void updateBestImageForScaleFactor();
+    void collectImageCandidateFromSrc();
+    void collectImageCandidatesFromSrcSet();
+    void determineBestImageForScaleFactor();
 
     struct ImageWithScale {
@@ -132 +132 @@
     CompositeOperator m_compositeOperator;
     AtomicString m_bestFitImageURL;
-    size_t m_srcImageIndex;
     Vector<ImageWithScale> m_imagesWithScale;
 };