Changeset 266989 in webkit
- Timestamp:
- Sep 12, 2020 11:39:34 PM (4 years ago)
- Location:
- trunk
- Files:
-
- 2 added
- 4 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r266988 r266989 1 2020-09-12 Tyler Wilcock <twilco.o@protonmail.com> 2 3 Safely handle overly-long CSS variable values 4 https://bugs.webkit.org/show_bug.cgi?id=216407 5 6 Reviewed by Darin Adler. 7 8 * fast/css/variables/invalidate-overly-long-variable-values.html: Added. 9 * fast/css/variables/invalidate-overly-long-variable-values-expected.html: Added. 10 1 11 2020-09-12 Darin Adler <darin@apple.com> 2 12 -
trunk/Source/WebCore/ChangeLog
r266987 r266989 1 2020-09-12 Tyler Wilcock <twilco.o@protonmail.com> 2 3 Safely handle overly-long CSS variable values 4 https://bugs.webkit.org/show_bug.cgi?id=216407 5 6 Reviewed by Darin Adler. 7 8 Per spec, treat overly long CSS variable values as invalid. 9 10 https://drafts.csswg.org/css-variables/#long-variables 11 12 Test: fast/css/variables/invalidate-overly-long-variable-values.html 13 14 * css/CSSVariableReferenceValue.cpp: 15 (WebCore::resolveVariableReference): 16 Return false for any variable values greater than `maxSubstitutionTokens` long. 17 * css/CSSVariableReferenceValue.h: 18 Add `maxSubstitutionTokens`. 19 1 20 2020-09-12 Darin Adler <darin@apple.com> 2 21 -
trunk/Source/WebCore/css/CSSVariableReferenceValue.cpp
r260340 r266989 103 103 104 104 if (!property || property->isInvalid()) { 105 if (fallbackResult.size() > CSSVariableReferenceValue::maxSubstitutionTokens) 106 return false; 107 105 108 if (fallbackReturn) 106 109 result.appendVector(fallbackResult); … … 109 112 110 113 ASSERT(property->isResolved()); 114 if (property->tokens().size() > CSSVariableReferenceValue::maxSubstitutionTokens) 115 return false; 116 111 117 result.appendVector(property->tokens()); 112 113 118 return true; 114 119 } -
trunk/Source/WebCore/css/CSSVariableReferenceValue.h
r259988 r266989 50 50 RefPtr<CSSVariableData> resolveVariableReferences(Style::BuilderState&) const; 51 51 52 // The maximum number of tokens that may be produced by a var() 53 // reference or var() fallback value. 54 // https://drafts.csswg.org/css-variables/#long-variables 55 static constexpr size_t maxSubstitutionTokens = 65536; 56 52 57 private: 53 58 explicit CSSVariableReferenceValue(Ref<CSSVariableData>&&);
Note: See TracChangeset
for help on using the changeset viewer.