[webkit-changes] [WebKit/WebKit] c467c1: [CSS] Fix bug when using a coalesced CSSValuePair ...
Matthieu Dubet
noreply at github.com
Thu May 16 15:34:37 PDT 2024
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: c467c1a956e52767b38eeb9a171e8856a28be94f
https://github.com/WebKit/WebKit/commit/c467c1a956e52767b38eeb9a171e8856a28be94f
Author: Matthieu Dubet <m_dubet at apple.com>
Date: 2024-05-16 (Thu, 16 May 2024)
Changed paths:
A LayoutTests/fast/css/css-typed-om-typeerror-coalescing-pair-expected.txt
A LayoutTests/fast/css/css-typed-om-typeerror-coalescing-pair.html
M Source/WebCore/css/CSSValuePair.cpp
M Source/WebCore/css/CSSValuePair.h
M Source/WebCore/css/typedom/StylePropertyMap.cpp
M Source/WebCore/style/StyleBuilderConverter.h
Log Message:
-----------
[CSS] Fix bug when using a coalesced CSSValuePair with Typed OM
rdar://115346002
Reviewed by Chris Dumez.
We use the CSSParser and the serialization of CSSValue to validate the input of Typed OM set().
Unfortunately, sometimes a CSSValuePair serializes to a single value while it
actually contains two values: this confuses the StyleBuilder.
If the pair has the same values twice "10px 10px", it serializes to only "10px",
thus pass our string-based check (inside setProperty), but then crash when the actual value is a
pair of length instead of a simple length.
The more frequent case when the two values are distincts, such as "10px 30px", is
already prevented by the string-based check.
A proper fix would be to have validation method which doesn't work
on the serialized string value but on the actual typed CSSValue.
For the moment, we avoid crashing and warn the user with an error.
* LayoutTests/fast/css/css-typed-om-typeerror-coalescing-pair-expected.txt: Added.
* LayoutTests/fast/css/css-typed-om-typeerror-coalescing-pair.html: Added.
* Source/WebCore/css/CSSValuePair.cpp:
(WebCore::CSSValuePair::canBeCoalesced const):
* Source/WebCore/css/CSSValuePair.h:
* Source/WebCore/css/typedom/StylePropertyMap.cpp:
(WebCore::StylePropertyMap::set):
* Source/WebCore/style/StyleBuilderConverter.h:
(WebCore::Style::BuilderConverter::convertLengthSizing):
Originally-landed-as: 272448.627 at safari-7618-branch (51293a58e9dd). rdar://128090952
Canonical link: https://commits.webkit.org/278891@main
To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications
More information about the webkit-changes
mailing list