Changeset 170933 in webkit


Ignore:
Timestamp:
Jul 9, 2014 2:56:05 PM (10 years ago)
Author:
jfernandez@igalia.com
Message:

CSS canvas color parsing accepts invalid color identifiers
https://bugs.webkit.org/show_bug.cgi?id=134661

Reviewed by Benjamin Poulain.

Source/WebCore:
Current implementation of the CSSParser::parseSystemColor assumes
that if a valid cssValueKeywordID is got then it has to be a valid
color. Such assumption is wrong and lead to many bugs and layout
test failures.

The parseSystemFunction determines now whether the parsed color is
valid or not.

Addtionally, a new method has been added to share the logic of
determining whether a CSSValueID is a valid primitive values for
colors or not. Generally, we should avoid passing invalid color
identifiers to the theming API.

No new tests, but added additional cases to the
canvas-color-serialization.html, test-setting-canvas-color and
rgb-color-parse test.

  • css/CSSParser.cpp:

(WebCore::validPrimitiveValueColor): Added.
(WebCore::parseColorValue):
(WebCore::CSSParser::parseSystemColor):

LayoutTests:
The parseSystemFunction determines now whether the parsed color is
valid or not.

The rgb-color-parser covers css style color parsing cases, which
already provide coverage for invalid color identifiers. I've added
a few more, though.

  • fast/canvas/canvas-color-serialization-expected.txt:
  • fast/canvas/script-tests/canvas-color-serialization.js:
  • fast/css/test-setting-canvas-color-expected.txt:
  • fast/css/test-setting-canvas-color.html:
  • svg/dom/rgb-color-parser-expected.txt:
  • svg/dom/rgb-color-parser.html:
Location:
trunk
Files:
9 edited

Legend:

Unmodified
Added
Removed

  • trunk/LayoutTests/ChangeLog

    r170932 r170933  
     12014-07-09  Javier Fernandez  <jfernandez@igalia.com>
     2
     3        CSS canvas color parsing accepts invalid color identifiers
     4        https://bugs.webkit.org/show_bug.cgi?id=134661
     5
     6        Reviewed by Benjamin Poulain.
     7
     8        The parseSystemFunction determines now whether the parsed color is
     9        valid or not.
     10
     11        The rgb-color-parser covers css style color parsing cases, which
     12        already provide coverage for invalid color identifiers. I've added
     13        a few more, though.
     14
     15        * fast/canvas/canvas-color-serialization-expected.txt:
     16        * fast/canvas/script-tests/canvas-color-serialization.js:
     17        * fast/css/test-setting-canvas-color-expected.txt:
     18        * fast/css/test-setting-canvas-color.html:
     19        * svg/dom/rgb-color-parser-expected.txt:
     20        * svg/dom/rgb-color-parser.html:
     21
    1222014-06-28  Jer Noble  <jer.noble@apple.com>
    223

  • trunk/LayoutTests/fast/canvas/canvas-color-serialization-expected.txt

    r87512 r170933  
    130130PASS trySettingFillStyle(null) is '#666666'
    131131PASS trySettingShadowColor(null) is '#666666'
     132PASS trySettingStrokeStyle('left') is '#666666'
     133PASS trySettingFillStyle('left') is '#666666'
     134PASS trySettingShadowColor('left') is '#666666'
     135PASS trySettingStrokeStyle('right') is '#666666'
     136PASS trySettingFillStyle('right') is '#666666'
     137PASS trySettingShadowColor('right') is '#666666'
     138PASS trySettingStrokeStyle('center') is '#666666'
     139PASS trySettingFillStyle('center') is '#666666'
     140PASS trySettingShadowColor('center') is '#666666'
     141PASS trySettingStrokeStyle('border') is '#666666'
     142PASS trySettingFillStyle('border') is '#666666'
     143PASS trySettingShadowColor('border') is '#666666'
     144PASS trySettingStrokeStyle('border-box') is '#666666'
     145PASS trySettingFillStyle('border-box') is '#666666'
     146PASS trySettingShadowColor('border-box') is '#666666'
     147PASS trySettingStrokeStyle('content') is '#666666'
     148PASS trySettingFillStyle('content') is '#666666'
     149PASS trySettingShadowColor('content') is '#666666'
     150PASS trySettingStrokeStyle('logical') is '#666666'
     151PASS trySettingFillStyle('logical') is '#666666'
     152PASS trySettingShadowColor('logical') is '#666666'
     153PASS trySettingStrokeStyle('visual') is '#666666'
     154PASS trySettingFillStyle('visual') is '#666666'
     155PASS trySettingShadowColor('visual') is '#666666'
    132156PASS trySettingStrokeColorWithSetter('transparent') is 'rgba(0, 0, 0, 0)'
    133157PASS trySettingFillColorWithSetter('transparent') is 'rgba(0, 0, 0, 0)'

  • trunk/LayoutTests/fast/canvas/script-tests/canvas-color-serialization.js

    r98407 r170933  
    231231trySettingColor("Infinity", "'#666666'");
    232232trySettingColor("null", "'#666666'");
     233trySettingColor("'left'", "'#666666'");
     234trySettingColor("'right'", "'#666666'");
     235trySettingColor("'center'", "'#666666'");
     236trySettingColor("'border'", "'#666666'");
     237trySettingColor("'border-box'", "'#666666'");
     238trySettingColor("'content'", "'#666666'");
     239trySettingColor("'logical'", "'#666666'");
     240trySettingColor("'visual'", "'#666666'");
    233241
    234242trySettingColorWithSetter("'transparent'", "'rgba(0, 0, 0, 0)'");

  • trunk/LayoutTests/fast/css/test-setting-canvas-color-expected.txt

    r78442 r170933  
    215215PASS Setting color to #100px was not set (as expected).
    216216PASS Setting color to -webkit-var("test") was not set (as expected).
     217PASS Setting color to left was not set (as expected).
     218PASS Setting color to right was not set (as expected).
     219PASS Setting color to center was not set (as expected).
     220PASS Setting color to border was not set (as expected).
     221PASS Setting color to border was not set (as expected).
     222PASS Setting color to content was not set (as expected).
     223PASS Setting color to logical was not set (as expected).
     224PASS Setting color to visual was not set (as expected).
    217225PASS successfullyParsed is true
    218226

  • trunk/LayoutTests/fast/css/test-setting-canvas-color.html

    r155263 r170933  
    243243shouldNotSuccessfullyParse("#100px");
    244244shouldNotSuccessfullyParse('-webkit-var("test")');
     245shouldNotSuccessfullyParse('left');
     246shouldNotSuccessfullyParse('right');
     247shouldNotSuccessfullyParse('center');
     248shouldNotSuccessfullyParse('border');
     249shouldNotSuccessfullyParse('border');
     250shouldNotSuccessfullyParse('content');
     251shouldNotSuccessfullyParse('logical');
     252shouldNotSuccessfullyParse('visual');
    245253</script>
    246254<script src="../../resources/js-test-post.js"></script>

  • trunk/LayoutTests/svg/dom/rgb-color-parser-expected.txt

    r99757 r170933  
    66Parsed as rgb(0,0,255): blue
    77Parsed as rgb(0,255,0): rgb(0, 255, 0)
     8Parsed as rgb(240,248,255): aliceblue
     9Parsed as rgb(250,235,215): antiquewhite
     10Parsed as rgb(0,255,255): aqua
     11Parsed as rgb(127,255,212): aquamarine
     12Parsed as rgb(240,255,255): azure
     13Parsed as rgb(245,245,220): beige
     14Parsed as rgb(255,228,196): bisque
     15Parsed as rgb(0,0,0): black
     16Parsed as rgb(255,235,205): blanchedalmond
     17Parsed as rgb(0,0,255): blue
     18Parsed as rgb(138,43,226): blueviolet
     19Parsed as rgb(165,42,42): brown
     20Parsed as rgb(222,184,135): burlywood
     21Parsed as rgb(95,158,160): cadetblue
     22Parsed as rgb(127,255,0): chartreuse
     23Parsed as rgb(210,105,30): chocolate
     24Parsed as rgb(255,127,80): coral
     25Parsed as rgb(100,149,237): cornflowerblue
     26Parsed as rgb(255,248,220): cornsilk
     27Parsed as rgb(220,20,60): crimson
     28Parsed as rgb(0,255,255): cyan
     29Parsed as rgb(0,0,139): darkblue
     30Parsed as rgb(0,139,139): darkcyan
     31Parsed as rgb(184,134,11): darkgoldenrod
     32Parsed as rgb(169,169,169): darkgray
     33Parsed as rgb(0,100,0): darkgreen
     34Parsed as rgb(169,169,169): darkgrey
     35Parsed as rgb(189,183,107): darkkhaki
     36Parsed as rgb(139,0,139): darkmagenta
     37Parsed as rgb(85,107,47): darkolivegreen
     38Parsed as rgb(255,140,0): darkorange
     39Parsed as rgb(153,50,204): darkorchid
     40Parsed as rgb(139,0,0): darkred
     41Parsed as rgb(233,150,122): darksalmon
     42Parsed as rgb(143,188,143): darkseagreen
     43Parsed as rgb(72,61,139): darkslateblue
     44Parsed as rgb(47,79,79): darkslategray
     45Parsed as rgb(47,79,79): darkslategrey
     46Parsed as rgb(0,206,209): darkturquoise
     47Parsed as rgb(148,0,211): darkviolet
     48Parsed as rgb(255,20,147): deeppink
     49Parsed as rgb(0,191,255): deepskyblue
     50Parsed as rgb(105,105,105): dimgray
     51Parsed as rgb(105,105,105): dimgrey
     52Parsed as rgb(30,144,255): dodgerblue
     53Parsed as rgb(178,34,34): firebrick
     54Parsed as rgb(255,250,240): floralwhite
     55Parsed as rgb(34,139,34): forestgreen
     56Parsed as rgb(255,0,255): fuchsia
     57Parsed as rgb(220,220,220): gainsboro
     58Parsed as rgb(248,248,255): ghostwhite
     59Parsed as rgb(255,215,0): gold
     60Parsed as rgb(218,165,32): goldenrod
     61Parsed as rgb(128,128,128): gray
     62Parsed as rgb(0,128,0): green
     63Parsed as rgb(173,255,47): greenyellow
     64Parsed as rgb(128,128,128): grey
     65Parsed as rgb(240,255,240): honeydew
     66Parsed as rgb(255,105,180): hotpink
     67Parsed as rgb(205,92,92): indianred
     68Parsed as rgb(75,0,130): indigo
     69Parsed as rgb(255,255,240): ivory
     70Parsed as rgb(240,230,140): khaki
     71Parsed as rgb(230,230,250): lavender
     72Parsed as rgb(255,240,245): lavenderblush
     73Parsed as rgb(124,252,0): lawngreen
     74Parsed as rgb(255,250,205): lemonchiffon
     75Parsed as rgb(173,216,230): lightblue
     76Parsed as rgb(240,128,128): lightcoral
     77Parsed as rgb(224,255,255): lightcyan
     78Parsed as rgb(250,250,210): lightgoldenrodyellow
     79Parsed as rgb(211,211,211): lightgray
     80Parsed as rgb(144,238,144): lightgreen
     81Parsed as rgb(211,211,211): lightgrey
     82Parsed as rgb(255,182,193): lightpink
     83Parsed as rgb(255,160,122): lightsalmon
     84Parsed as rgb(32,178,170): lightseagreen
     85Parsed as rgb(135,206,250): lightskyblue
     86Parsed as rgb(119,136,153): lightslategray
     87Parsed as rgb(119,136,153): lightslategrey
     88Parsed as rgb(176,196,222): lightsteelblue
     89Parsed as rgb(255,255,224): lightyellow
     90Parsed as rgb(0,255,0): lime
     91Parsed as rgb(50,205,50): limegreen
     92Parsed as rgb(250,240,230): linen
     93Parsed as rgb(255,0,255): magenta
     94Parsed as rgb(128,0,0): maroon
     95Parsed as rgb(102,205,170): mediumaquamarine
     96Parsed as rgb(0,0,205): mediumblue
     97Parsed as rgb(186,85,211): mediumorchid
     98Parsed as rgb(147,112,219): mediumpurple
     99Parsed as rgb(60,179,113): mediumseagreen
     100Parsed as rgb(123,104,238): mediumslateblue
     101Parsed as rgb(0,250,154): mediumspringgreen
     102Parsed as rgb(72,209,204): mediumturquoise
     103Parsed as rgb(199,21,133): mediumvioletred
     104Parsed as rgb(25,25,112): midnightblue
     105Parsed as rgb(245,255,250): mintcream
     106Parsed as rgb(255,228,225): mistyrose
     107Parsed as rgb(255,228,181): moccasin
     108Parsed as rgb(255,222,173): navajowhite
     109Parsed as rgb(0,0,128): navy
     110Parsed as rgb(253,245,230): oldlace
     111Parsed as rgb(128,128,0): olive
     112Parsed as rgb(107,142,35): olivedrab
     113Parsed as rgb(255,165,0): orange
     114Parsed as rgb(255,69,0): orangered
     115Parsed as rgb(218,112,214): orchid
     116Parsed as rgb(238,232,170): palegoldenrod
     117Parsed as rgb(152,251,152): palegreen
     118Parsed as rgb(175,238,238): paleturquoise
     119Parsed as rgb(219,112,147): palevioletred
     120Parsed as rgb(255,239,213): papayawhip
     121Parsed as rgb(255,218,185): peachpuff
     122Parsed as rgb(205,133,63): peru
     123Parsed as rgb(255,192,203): pink
     124Parsed as rgb(221,160,221): plum
     125Parsed as rgb(176,224,230): powderblue
     126Parsed as rgb(128,0,128): purple
     127Parsed as rgb(188,143,143): rosybrown
     128Parsed as rgb(65,105,225): royalblue
     129Parsed as rgb(139,69,19): saddlebrown
     130Parsed as rgb(250,128,114): salmon
     131Parsed as rgb(244,164,96): sandybrown
     132Parsed as rgb(46,139,87): seagreen
     133Parsed as rgb(255,245,238): seashell
     134Parsed as rgb(160,82,45): sienna
     135Parsed as rgb(192,192,192): silver
     136Parsed as rgb(135,206,235): skyblue
     137Parsed as rgb(106,90,205): slateblue
     138Parsed as rgb(112,128,144): slategray
     139Parsed as rgb(112,128,144): slategrey
     140Parsed as rgb(255,250,250): snow
     141Parsed as rgb(0,255,127): springgreen
     142Parsed as rgb(70,130,180): steelblue
     143Parsed as rgb(210,180,140): tan
     144Parsed as rgb(0,128,128): teal
     145Parsed as rgb(216,191,216): thistle
     146Parsed as rgb(255,99,71): tomato
     147Parsed as rgb(64,224,208): turquoise
     148Parsed as rgb(238,130,238): violet
     149Parsed as rgb(245,222,179): wheat
     150Parsed as rgb(255,255,255): white
     151Parsed as rgb(245,245,245): whitesmoke
     152Parsed as rgb(255,255,0): yellow
     153Parsed as rgb(154,205,50): yellowgreen
    8154Failed to parse: rgb(100%,100%,0%
    9155Failed to parse: rgba(100%,100%,0%
     
    22168Failed to parse: #fffffff
    23169Failed to parse: green,
     170Failed to parse: 'left'
     171Failed to parse: 'right'
     172Failed to parse: 'center'
     173Failed to parse: 'border'
     174Failed to parse: 'border-
     175Failed to parse: 'content'
     176Failed to parse: 'logical'
     177Failed to parse: 'visual'
    24178Parsed as rgb(0,10,20): rgb(0, 10, 20)
    25179Parsed as rgb(255,255,255): #fff

  • trunk/LayoutTests/svg/dom/rgb-color-parser.html

    r155284 r170933  
    5555    }
    5656
     57    // Taken from CSS 3 color.
     58    var svgColors = [
     59        "aliceblue",
     60        "antiquewhite",
     61        "aqua",
     62        "aquamarine",
     63        "azure",
     64        "beige",
     65        "bisque",
     66        "black",
     67        "blanchedalmond",
     68        "blue",
     69        "blueviolet",
     70        "brown",
     71        "burlywood",
     72        "cadetblue",
     73        "chartreuse",
     74        "chocolate",
     75        "coral",
     76        "cornflowerblue",
     77        "cornsilk",
     78        "crimson",
     79        "cyan",
     80        "darkblue",
     81        "darkcyan",
     82        "darkgoldenrod",
     83        "darkgray",
     84        "darkgreen",
     85        "darkgrey",
     86        "darkkhaki",
     87        "darkmagenta",
     88        "darkolivegreen",
     89        "darkorange",
     90        "darkorchid",
     91        "darkred",
     92        "darksalmon",
     93        "darkseagreen",
     94        "darkslateblue",
     95        "darkslategray",
     96        "darkslategrey",
     97        "darkturquoise",
     98        "darkviolet",
     99        "deeppink",
     100        "deepskyblue",
     101        "dimgray",
     102        "dimgrey",
     103        "dodgerblue",
     104        "firebrick",
     105        "floralwhite",
     106        "forestgreen",
     107        "fuchsia",
     108        "gainsboro",
     109        "ghostwhite",
     110        "gold",
     111        "goldenrod",
     112        "gray",
     113        "green",
     114        "greenyellow",
     115        "grey",
     116        "honeydew",
     117        "hotpink",
     118        "indianred",
     119        "indigo",
     120        "ivory",
     121        "khaki",
     122        "lavender",
     123        "lavenderblush",
     124        "lawngreen",
     125        "lemonchiffon",
     126        "lightblue",
     127        "lightcoral",
     128        "lightcyan",
     129        "lightgoldenrodyellow",
     130        "lightgray",
     131        "lightgreen",
     132        "lightgrey",
     133        "lightpink",
     134        "lightsalmon",
     135        "lightseagreen",
     136        "lightskyblue",
     137        "lightslategray",
     138        "lightslategrey",
     139        "lightsteelblue",
     140        "lightyellow",
     141        "lime",
     142        "limegreen",
     143        "linen",
     144        "magenta",
     145        "maroon",
     146        "mediumaquamarine",
     147        "mediumblue",
     148        "mediumorchid",
     149        "mediumpurple",
     150        "mediumseagreen",
     151        "mediumslateblue",
     152        "mediumspringgreen",
     153        "mediumturquoise",
     154        "mediumvioletred",
     155        "midnightblue",
     156        "mintcream",
     157        "mistyrose",
     158        "moccasin",
     159        "navajowhite",
     160        "navy",
     161        "oldlace",
     162        "olive",
     163        "olivedrab",
     164        "orange",
     165        "orangered",
     166        "orchid",
     167        "palegoldenrod",
     168        "palegreen",
     169        "paleturquoise",
     170        "palevioletred",
     171        "papayawhip",
     172        "peachpuff",
     173        "peru",
     174        "pink",
     175        "plum",
     176        "powderblue",
     177        "purple",
     178        // We do not test red.
     179        "rosybrown",
     180        "royalblue",
     181        "saddlebrown",
     182        "salmon",
     183        "sandybrown",
     184        "seagreen",
     185        "seashell",
     186        "sienna",
     187        "silver",
     188        "skyblue",
     189        "slateblue",
     190        "slategray",
     191        "slategrey",
     192        "snow",
     193        "springgreen",
     194        "steelblue",
     195        "tan",
     196        "teal",
     197        "thistle",
     198        "tomato",
     199        "turquoise",
     200        "violet",
     201        "wheat",
     202        "white",
     203        "whitesmoke",
     204        "yellow",
     205        "yellowgreen"
     206    ];
     207
    57208    function fuzz()
    58209    {
     
    60211        parseRGBColor("blue");
    61212        parseRGBColor("rgb(0, 255, 0)");
    62        
     213        for (var i = 0; i < svgColors.length; ++i)
     214            parseRGBColor(svgColors[i]);
     215
    63216        // Some invalid ones.
    64217        parseRGBColor("rgb(100%,100%,0%");
     
    78231        parseRGBColor("#fffffff");
    79232        parseRGBColor("green,");
     233        parseRGBColor("'left'");
     234        parseRGBColor("'right'");
     235        parseRGBColor("'center'");
     236        parseRGBColor("'border'");
     237        parseRGBColor("'border-");
     238        parseRGBColor("'content'");
     239        parseRGBColor("'logical'");
     240        parseRGBColor("'visual'");
    80241
    81242        // Some more valid ones.

  • trunk/Source/WebCore/ChangeLog

    r170932 r170933  
     12014-07-09  Javier Fernandez  <jfernandez@igalia.com>
     2        CSS canvas color parsing accepts invalid color identifiers
     3        https://bugs.webkit.org/show_bug.cgi?id=134661
     4
     5        Reviewed by Benjamin Poulain.
     6
     7        Current implementation of the CSSParser::parseSystemColor assumes
     8        that if a valid cssValueKeywordID is got then it has to be a valid
     9        color. Such assumption is wrong and lead to many bugs and layout
     10        test failures.
     11
     12        The parseSystemFunction determines now whether the parsed color is
     13        valid or not.
     14
     15        Addtionally, a new method has been added to share the logic of
     16        determining whether a CSSValueID is a valid primitive values for
     17        colors or not. Generally, we should avoid passing invalid color
     18        identifiers to the theming API.
     19
     20        No new tests, but added additional cases to the
     21        canvas-color-serialization.html, test-setting-canvas-color and
     22        rgb-color-parse test.
     23
     24        * css/CSSParser.cpp:
     25        (WebCore::validPrimitiveValueColor): Added.
     26        (WebCore::parseColorValue):
     27        (WebCore::CSSParser::parseSystemColor):
     28
    1292014-06-28  Jer Noble  <jer.noble@apple.com>
    230

  • trunk/Source/WebCore/css/CSSParser.cpp

    r170774 r170933  
    502502}
    503503
     504static bool validPrimitiveValueColor(CSSValueID valueID, bool strict = false)
     505{
     506    return (valueID == CSSValueWebkitText || valueID == CSSValueCurrentcolor || valueID == CSSValueMenu
     507        || (valueID >= CSSValueAlpha && valueID <= CSSValueWindowtext)
     508        || (valueID >= CSSValueWebkitFocusRingColor && valueID < CSSValueWebkitText && !strict));
     509}
     510
    504511static bool parseColorValue(MutableStyleProperties* declaration, CSSPropertyID propertyId, const String& string, bool important, CSSParserMode cssParserMode)
    505512{
     
    511518    cssString.init(string);
    512519    CSSValueID valueID = cssValueKeywordID(cssString);
    513     bool validPrimitive = false;
    514     if (valueID == CSSValueWebkitText)
    515         validPrimitive = true;
    516     else if (valueID == CSSValueCurrentcolor)
    517         validPrimitive = true;
    518     else if ((valueID >= CSSValueAqua && valueID <= CSSValueWindowtext) || valueID == CSSValueMenu
    519              || (valueID >= CSSValueWebkitFocusRingColor && valueID < CSSValueWebkitText && !strict)) {
    520         validPrimitive = true;
    521     }
    522 
    523     if (validPrimitive) {
     520    if (validPrimitiveValueColor(valueID, strict)) {
    524521        RefPtr<CSSValue> value = cssValuePool().createIdentifierValue(valueID);
    525522        declaration->addParsedProperty(CSSProperty(propertyId, value.release(), important));
     
    13561353    cssColor.init(string);
    13571354    CSSValueID id = cssValueKeywordID(cssColor);
    1358     if (id <= 0)
    1359         return false;
    1360 
    1361     color = document->page()->theme().systemColor(id).rgb();
     1355    if (!validPrimitiveValueColor(id))
     1356        return false;
     1357
     1358    Color parsedColor = document->page()->theme().systemColor(id);
     1359    if (!parsedColor.isValid())
     1360        return false;
     1361
     1362    color = parsedColor.rgb();
    13621363    return true;
    13631364}
Note: See TracChangeset for help on using the changeset viewer.