Changeset 255151 in webkit


Ignore:
Timestamp:
Jan 27, 2020, 9:40:42 AM (5 years ago)
Author:
Antti Koivisto
Message:

Correct VTT Cue Style handling to match the specification
https://bugs.webkit.org/show_bug.cgi?id=201086
<rdar://problem/54658121>

Reviewed by Brent Fulgham.

The VTT specification requires that only data-URLs are permitted in STYLE blocks.

  • css/CSSSelector.cpp:

(WebCore::CSSSelector::selectorText const):

Fix selectorText for function version of ::cue().

  • css/parser/CSSParserContext.cpp:

(WebCore::CSSParserContext::completeURL const):

Don't allow non-data URLs in WebVTT parser mode.

  • css/parser/CSSParserContext.h:

(WebCore::CSSParserContext::completeURL const): Deleted.

  • css/parser/CSSParserMode.h:

(WebCore::isStrictParserMode):

  • html/track/WebVTTParser.cpp:

(WebCore::WebVTTParser::collectStyleSheet):
(WebCore::WebVTTParser::checkAndStoreStyleSheet):

Instead of simply validating the original stylesheet, build a new sanitized stylesheet text
from the stylesheet parsed in WebVTT mode. This sanitized stylesheet is then used as the
input for the style system.

  • html/track/WebVTTParser.h:
Location:
trunk/Source/WebCore
Files:
7 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/WebCore/ChangeLog

    r255150 r255151  
     12020-01-27  Antti Koivisto  <antti@apple.com>
     2
     3        Correct VTT Cue Style handling to match the specification
     4        https://bugs.webkit.org/show_bug.cgi?id=201086
     5        <rdar://problem/54658121>
     6
     7        Reviewed by Brent Fulgham.
     8
     9        The VTT specification requires that only data-URLs are permitted in STYLE blocks.
     10
     11        * css/CSSSelector.cpp:
     12        (WebCore::CSSSelector::selectorText const):
     13
     14        Fix selectorText for function version of ::cue().
     15
     16        * css/parser/CSSParserContext.cpp:
     17        (WebCore::CSSParserContext::completeURL const):
     18
     19        Don't allow non-data URLs in WebVTT parser mode.
     20
     21        * css/parser/CSSParserContext.h:
     22        (WebCore::CSSParserContext::completeURL const): Deleted.
     23        * css/parser/CSSParserMode.h:
     24        (WebCore::isStrictParserMode):
     25        * html/track/WebVTTParser.cpp:
     26        (WebCore::WebVTTParser::collectStyleSheet):
     27        (WebCore::WebVTTParser::checkAndStoreStyleSheet):
     28
     29        Instead of simply validating the original stylesheet, build a new sanitized stylesheet text
     30        from the stylesheet parsed in WebVTT mode. This sanitized stylesheet is then used as the
     31        input for the style system.
     32
     33        * html/track/WebVTTParser.h:
     34
    1352020-01-27  Ryan Haddad  <ryanhaddad@apple.com>
    236

  • trunk/Source/WebCore/css/CSSSelector.cpp

    r254087 r255151  
    737737                    builder.appendLiteral("::-webkit-input-placeholder");
    738738                break;
     739            case CSSSelector::PseudoElementCue: {
     740                if (auto* selectorList = cs->selectorList()) {
     741                    builder.appendLiteral("::cue(");
     742                    selectorList->buildSelectorsText(builder);
     743                    builder.append(')');
     744                } else
     745                    builder.appendLiteral("::cue");
     746                break;
     747            }
    739748            default:
    740749                builder.appendLiteral("::");

  • trunk/Source/WebCore/css/parser/CSSParserContext.cpp

    r254790 r255151  
    11/*
    2  * Copyright (C) 2018 Apple Inc. All rights reserved.
     2 * Copyright (C) 2018-2020 Apple Inc. All rights reserved.
    33 *
    44 * Redistribution and use in source and binary forms, with or without
     
    106106}
    107107
     108URL CSSParserContext::completeURL(const String& url) const
     109{
     110    auto completedURL = [&] {
     111        if (url.isNull())
     112            return URL();
     113        if (charset.isEmpty())
     114            return URL(baseURL, url);
     115        TextEncoding encoding(charset);
     116        auto& encodingForURLParsing = encoding.encodingForFormSubmissionOrURLParsing();
     117        return URL(baseURL, url, encodingForURLParsing == UTF8Encoding() ? nullptr : &encodingForURLParsing);
     118    }();
     119
     120    if (mode == WebVTTMode && !completedURL.protocolIsData())
     121        return URL();
     122
     123    return completedURL;
    108124}
     125
     126}

  • trunk/Source/WebCore/css/parser/CSSParserContext.h

    r254790 r255151  
    11/*
    2  * Copyright (C) 2018 Apple Inc. All rights reserved.
     2 * Copyright (C) 2018-2020 Apple Inc. All rights reserved.
    33 *
    44 * Redistribution and use in source and binary forms, with or without
     
    7373    bool useSystemAppearance { false };
    7474
    75     URL completeURL(const String& url) const
    76     {
    77         if (url.isNull())
    78             return URL();
    79         if (charset.isEmpty())
    80             return URL(baseURL, url);
    81         TextEncoding encoding(charset);
    82         auto& encodingForURLParsing = encoding.encodingForFormSubmissionOrURLParsing();
    83         return URL(baseURL, url, encodingForURLParsing == UTF8Encoding() ? nullptr : &encodingForURLParsing);
    84     }
     75    URL completeURL(const String& url) const;
    8576
    8677    bool isContentOpaque { false };

  • trunk/Source/WebCore/css/parser/CSSParserMode.h

    r253541 r255151  
    11/*
    22 * Copyright (C) 2012 Adobe Systems Incorporated. All rights reserved.
    3  * Copyright (C) 2012 Apple Inc. All rights reserved.
     3 * Copyright (C) 2012-2020 Apple Inc. All rights reserved.
    44 *
    55 * Redistribution and use in source and binary forms, with or without
     
    4343    CSSViewportRuleMode,
    4444    // User agent stylesheets are parsed in standards mode but also allows internal properties and values.
    45     UASheetMode
     45    UASheetMode,
     46    // WebVTT places limitations on external resources.
     47    WebVTTMode
    4648};
    4749
     
    7476inline bool isStrictParserMode(CSSParserMode cssParserMode)
    7577{
    76     return cssParserMode == UASheetMode || cssParserMode == HTMLStandardMode || cssParserMode == SVGAttributeMode;
     78    switch (cssParserMode) {
     79    case UASheetMode:
     80    case HTMLStandardMode:
     81    case SVGAttributeMode:
     82    case WebVTTMode:
     83        return true;
     84    case HTMLQuirksMode:
     85    case CSSViewportRuleMode:
     86        return false;
     87    }
     88    ASSERT_NOT_REACHED();
     89    return false;
    7790}
    7891

  • trunk/Source/WebCore/html/track/WebVTTParser.cpp

    r250201 r255151  
    22 * Copyright (C) 2011, 2013 Google Inc.  All rights reserved.
    33 * Copyright (C) 2013 Cable Television Labs, Inc.
    4  * Copyright (C) 2011-2014 Apple Inc.  All rights reserved.
     4 * Copyright (C) 2011-2020 Apple Inc.  All rights reserved.
    55 *
    66 * Redistribution and use in source and binary forms, with or without
     
    316316        return checkAndRecoverCue(line);
    317317
    318     m_currentStyleSheet.append(line);
     318    m_currentSourceStyleSheet.append(line);
    319319    return Style;
    320320}
     
    372372        return false;
    373373   
    374     auto styleSheet = WTFMove(m_currentStyleSheet);
    375    
    376     auto contents = StyleSheetContents::create();
    377     if (!contents->parseString(styleSheet))
     374    auto styleSheetText = WTFMove(m_currentSourceStyleSheet);
     375
     376    // WebVTTMode disallows non-data URLs.
     377    auto contents = StyleSheetContents::create(CSSParserContext(WebVTTMode));
     378    if (!contents->parseString(styleSheetText))
    378379        return true;
    379380
     
    389390    if (!childRules.size())
    390391        return true;
     392
     393    StringBuilder sanitizedStyleSheetBuilder;
    391394   
    392395    for (const auto& rule : childRules) {
    393396        if (!rule->isStyleRule())
    394397            return true;
    395         const auto& styleRule = downcast<StyleRule>(rule.get());
    396 
    397         const auto& selectorList = styleRule->selectorList();
     398        const auto& styleRule = downcast<StyleRule>(*rule);
     399
     400        const auto& selectorList = styleRule.selectorList();
    398401        if (selectorList.listSize() != 1)
    399402            return true;
    400403        auto selector = selectorList.selectorAt(0);
    401         if (selector->selectorText() != "::cue")
     404        auto selectorText = selector->selectorText();
     405       
     406        bool isCue = selectorText == "::cue" || selectorText.startsWith("::cue(");
     407        if (!isCue)
    402408            return true;
    403     }
    404 
    405     m_styleSheets.append(styleSheet);
     409
     410        if (styleRule.properties().isEmpty())
     411            continue;
     412
     413        sanitizedStyleSheetBuilder.append(selectorText);
     414        sanitizedStyleSheetBuilder.appendLiteral(" { ");
     415        sanitizedStyleSheetBuilder.append(styleRule.properties().asText());
     416        sanitizedStyleSheetBuilder.appendLiteral(" }\n");
     417    }
     418
     419    // It would be more stylish to parse the stylesheet only once instead of serializing a sanitized version.
     420    if (!sanitizedStyleSheetBuilder.isEmpty())
     421        m_styleSheets.append(sanitizedStyleSheetBuilder.toString());
     422
    406423    return true;
    407424}

  • trunk/Source/WebCore/html/track/WebVTTParser.h

    r246490 r255151  
    195195    String m_currentSettings;
    196196    RefPtr<VTTRegion> m_currentRegion;
    197     String m_currentStyleSheet;
     197    String m_currentSourceStyleSheet;
    198198   
    199199    WebVTTParserClient* m_client;
Note: See TracChangeset for help on using the changeset viewer.