[webkit-changes] [WebKit/WebKit] 15b690: jsc_fuz/wktr: ASSERT_WITH_SECURITY_IMPLICATION(pos...
lericaa
noreply at github.com
Wed Dec 20 14:52:33 PST 2023
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 15b690620471d2779fb7c994a689178d3db1dc68
https://github.com/WebKit/WebKit/commit/15b690620471d2779fb7c994a689178d3db1dc68
Author: Erica Li <lerica at apple.com>
Date: 2023-12-20 (Wed, 20 Dec 2023)
Changed paths:
A LayoutTests/fast/css/delete-namespace-rule-when-child-rule-exists-expected.txt
A LayoutTests/fast/css/delete-namespace-rule-when-child-rule-exists.html
M LayoutTests/imported/w3c/web-platform-tests/css/cssom/delete-namespace-rule-when-child-rule-exists-expected.txt
M Source/WebCore/css/CSSStyleSheet.cpp
M Source/WebCore/css/StyleSheetContents.cpp
M Source/WebCore/css/StyleSheetContents.h
Log Message:
-----------
jsc_fuz/wktr: ASSERT_WITH_SECURITY_IMPLICATION(position <= size()); in CSSStyleSheet::insertRule(...) CSSStyleSheet.cpp:365
https://bugs.webkit.org/show_bug.cgi?id=263950
rdar://117469266
Reviewed by Antti Koivisto and Darin Adler.
Based on specification, we should return early and throw InvalidStateError exception when attempting to delete @namespace rule, and list contains anything other than @import or @namespace rules.
* LayoutTests/fast/css/delete-namespace-rule-when-child-rule-exists-expected.txt: Added.
* LayoutTests/fast/css/delete-namespace-rule-when-child-rule-exists.html: Added.
* LayoutTests/imported/w3c/web-platform-tests/css/cssom/delete-namespace-rule-when-child-rule-exists-expected.txt: Added.
* LayoutTests/imported/w3c/web-platform-tests/css/cssom/delete-namespace-rule-when-child-rule-exists.html: Added.
* Source/WebCore/css/CSSStyleSheet.cpp:
(WebCore::CSSStyleSheet::deleteRule):
* Source/WebCore/css/StyleSheetContents.cpp:
(WebCore::StyleSheetContents::wrapperDeleteRule):
* Source/WebCore/css/StyleSheetContents.h:
Originally-landed-as: 267815.506 at safari-7617-branch (40098636b478). rdar://119598025
Canonical link: https://commits.webkit.org/272384@main
More information about the webkit-changes
mailing list