<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"

"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />

<title>[170933] trunk</title>

</head>

<body>

<style type="text/css"><!--

#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }

#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }

#msg dt:after { content:':';}

#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt;  }

#msg dl a { font-weight: bold}

#msg dl a:link    { color:#fc3; }

#msg dl a:active  { color:#ff0; }

#msg dl a:visited { color:#cc6; }

h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }

#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }

#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }

#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }

#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }

#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }

#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }

#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }

#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }

#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }

#logmsg pre { background: #eee; padding: 1em; }

#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}

#logmsg dl { margin: 0; }

#logmsg dt { font-weight: bold; }

#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }

#logmsg dd:before { content:'\00bb';}

#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }

#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }

#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }

#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }

#logmsg table th.Corner { text-align: left; }

#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }

#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }

#patch { width: 100%; }

#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}

#patch .propset h4, #patch .binary h4 {margin:0;}

#patch pre {padding:0;line-height:1.2em;margin:0;}

#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}

#patch .propset .diff, #patch .binary .diff  {padding:10px 0;}

#patch span {display:block;padding:0 10px;}

#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}

#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}

#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}

#patch .lines, .info {color:#888;background:#fff;}

--></style>

<div id="msg">

<dl class="meta">

<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/170933">170933</a></dd>

<dt>Author</dt> <dd>jfernandez@igalia.com</dd>

<dt>Date</dt> <dd>2014-07-09 14:56:05 -0700 (Wed, 09 Jul 2014)</dd>

</dl>

<h3>Log Message</h3>

<pre>CSS canvas color parsing accepts invalid color identifiers

https://bugs.webkit.org/show_bug.cgi?id=134661

Reviewed by Benjamin Poulain.

Source/WebCore:

Current implementation of the CSSParser::parseSystemColor assumes

that if a valid cssValueKeywordID is got then it has to be a valid

color. Such assumption is wrong and lead to many bugs and layout

test failures.

The parseSystemFunction determines now whether the parsed color is

valid or not.

Addtionally, a new method has been added to share the logic of

determining whether a CSSValueID is a valid primitive values for

colors or not. Generally, we should avoid passing invalid color

identifiers to the theming API.

No new tests, but added additional cases to the

canvas-color-serialization.html, test-setting-canvas-color and

rgb-color-parse test.

* css/CSSParser.cpp:

(WebCore::validPrimitiveValueColor): Added.

(WebCore::parseColorValue):

(WebCore::CSSParser::parseSystemColor):

LayoutTests:

The parseSystemFunction determines now whether the parsed color is

valid or not.

The rgb-color-parser covers css style color parsing cases, which

already provide coverage for invalid color identifiers. I've added

a few more, though.

* fast/canvas/canvas-color-serialization-expected.txt:

* fast/canvas/script-tests/canvas-color-serialization.js:

* fast/css/test-setting-canvas-color-expected.txt:

* fast/css/test-setting-canvas-color.html:

* svg/dom/rgb-color-parser-expected.txt:

* svg/dom/rgb-color-parser.html:</pre>

<h3>Modified Paths</h3>

<ul>

<li><a href="#trunkLayoutTestsChangeLog">trunk/LayoutTests/ChangeLog</a></li>

<li><a href="#trunkLayoutTestsfastcanvascanvascolorserializationexpectedtxt">trunk/LayoutTests/fast/canvas/canvas-color-serialization-expected.txt</a></li>

<li><a href="#trunkLayoutTestsfastcanvasscripttestscanvascolorserializationjs">trunk/LayoutTests/fast/canvas/script-tests/canvas-color-serialization.js</a></li>

<li><a href="#trunkLayoutTestsfastcsstestsettingcanvascolorexpectedtxt">trunk/LayoutTests/fast/css/test-setting-canvas-color-expected.txt</a></li>

<li><a href="#trunkLayoutTestsfastcsstestsettingcanvascolorhtml">trunk/LayoutTests/fast/css/test-setting-canvas-color.html</a></li>

<li><a href="#trunkLayoutTestssvgdomrgbcolorparserexpectedtxt">trunk/LayoutTests/svg/dom/rgb-color-parser-expected.txt</a></li>

<li><a href="#trunkLayoutTestssvgdomrgbcolorparserhtml">trunk/LayoutTests/svg/dom/rgb-color-parser.html</a></li>

<li><a href="#trunkSourceWebCoreChangeLog">trunk/Source/WebCore/ChangeLog</a></li>

<li><a href="#trunkSourceWebCorecssCSSParsercpp">trunk/Source/WebCore/css/CSSParser.cpp</a></li>

</ul>

</div>

<div id="patch">

<h3>Diff</h3>

<a id="trunkLayoutTestsChangeLog"></a>

<div class="modfile"><h4>Modified: trunk/LayoutTests/ChangeLog (170932 => 170933)</h4>

<pre class="diff"><span>

<span class="info">--- trunk/LayoutTests/ChangeLog        2014-07-09 21:37:17 UTC (rev 170932)

+++ trunk/LayoutTests/ChangeLog        2014-07-09 21:56:05 UTC (rev 170933)

</span><span class="lines">@@ -1,3 +1,24 @@

</span><ins>+2014-07-09  Javier Fernandez  &lt;jfernandez@igalia.com&gt;

+

+        CSS canvas color parsing accepts invalid color identifiers

+        https://bugs.webkit.org/show_bug.cgi?id=134661

+

+        Reviewed by Benjamin Poulain.

+

+        The parseSystemFunction determines now whether the parsed color is

+        valid or not.

+

+        The rgb-color-parser covers css style color parsing cases, which

+        already provide coverage for invalid color identifiers. I've added

+        a few more, though.

+

+        * fast/canvas/canvas-color-serialization-expected.txt:

+        * fast/canvas/script-tests/canvas-color-serialization.js:

+        * fast/css/test-setting-canvas-color-expected.txt:

+        * fast/css/test-setting-canvas-color.html:

+        * svg/dom/rgb-color-parser-expected.txt:

+        * svg/dom/rgb-color-parser.html:

+

</ins><span class="cx"> 2014-06-28  Jer Noble  &lt;jer.noble@apple.com&gt;

</span><span class="cx"> 

<span class="cx">         [MSE] http/tests/media/media-source/mediasource-remove.html is failing.

</span></span></pre></div>

<a id="trunkLayoutTestsfastcanvascanvascolorserializationexpectedtxt"></a>

<div class="modfile"><h4>Modified: trunk/LayoutTests/fast/canvas/canvas-color-serialization-expected.txt (170932 => 170933)</h4>

<pre class="diff"><span>

<span class="info">--- trunk/LayoutTests/fast/canvas/canvas-color-serialization-expected.txt        2014-07-09 21:37:17 UTC (rev 170932)

+++ trunk/LayoutTests/fast/canvas/canvas-color-serialization-expected.txt        2014-07-09 21:56:05 UTC (rev 170933)

</span><span class="lines">@@ -129,6 +129,30 @@

</span><span class="cx"> PASS trySettingStrokeStyle(null) is '#666666'

</span><span class="cx"> PASS trySettingFillStyle(null) is '#666666'

</span><span class="cx"> PASS trySettingShadowColor(null) is '#666666'

</span><ins>+PASS trySettingStrokeStyle('left') is '#666666'

+PASS trySettingFillStyle('left') is '#666666'

+PASS trySettingShadowColor('left') is '#666666'

+PASS trySettingStrokeStyle('right') is '#666666'

+PASS trySettingFillStyle('right') is '#666666'

+PASS trySettingShadowColor('right') is '#666666'

+PASS trySettingStrokeStyle('center') is '#666666'

+PASS trySettingFillStyle('center') is '#666666'

+PASS trySettingShadowColor('center') is '#666666'

+PASS trySettingStrokeStyle('border') is '#666666'

+PASS trySettingFillStyle('border') is '#666666'

+PASS trySettingShadowColor('border') is '#666666'

+PASS trySettingStrokeStyle('border-box') is '#666666'

+PASS trySettingFillStyle('border-box') is '#666666'

+PASS trySettingShadowColor('border-box') is '#666666'

+PASS trySettingStrokeStyle('content') is '#666666'

+PASS trySettingFillStyle('content') is '#666666'

+PASS trySettingShadowColor('content') is '#666666'

+PASS trySettingStrokeStyle('logical') is '#666666'

+PASS trySettingFillStyle('logical') is '#666666'

+PASS trySettingShadowColor('logical') is '#666666'

+PASS trySettingStrokeStyle('visual') is '#666666'

+PASS trySettingFillStyle('visual') is '#666666'

+PASS trySettingShadowColor('visual') is '#666666'

</ins><span class="cx"> PASS trySettingStrokeColorWithSetter('transparent') is 'rgba(0, 0, 0, 0)'

</span><span class="cx"> PASS trySettingFillColorWithSetter('transparent') is 'rgba(0, 0, 0, 0)'

</span><span class="cx"> PASS trySettingShadowWithSetter('transparent') is 'rgba(0, 0, 0, 0)'

</span></span></pre></div>

<a id="trunkLayoutTestsfastcanvasscripttestscanvascolorserializationjs"></a>

<div class="modfile"><h4>Modified: trunk/LayoutTests/fast/canvas/script-tests/canvas-color-serialization.js (170932 => 170933)</h4>

<pre class="diff"><span>

<span class="info">--- trunk/LayoutTests/fast/canvas/script-tests/canvas-color-serialization.js        2014-07-09 21:37:17 UTC (rev 170932)

+++ trunk/LayoutTests/fast/canvas/script-tests/canvas-color-serialization.js        2014-07-09 21:56:05 UTC (rev 170933)

</span><span class="lines">@@ -230,6 +230,14 @@

</span><span class="cx"> trySettingColor(&quot;NaN&quot;, &quot;'#666666'&quot;);

</span><span class="cx"> trySettingColor(&quot;Infinity&quot;, &quot;'#666666'&quot;);

</span><span class="cx"> trySettingColor(&quot;null&quot;, &quot;'#666666'&quot;);

</span><ins>+trySettingColor(&quot;'left'&quot;, &quot;'#666666'&quot;);

+trySettingColor(&quot;'right'&quot;, &quot;'#666666'&quot;);

+trySettingColor(&quot;'center'&quot;, &quot;'#666666'&quot;);

+trySettingColor(&quot;'border'&quot;, &quot;'#666666'&quot;);

+trySettingColor(&quot;'border-box'&quot;, &quot;'#666666'&quot;);

+trySettingColor(&quot;'content'&quot;, &quot;'#666666'&quot;);

+trySettingColor(&quot;'logical'&quot;, &quot;'#666666'&quot;);

+trySettingColor(&quot;'visual'&quot;, &quot;'#666666'&quot;);

</ins><span class="cx"> 

</span><span class="cx"> trySettingColorWithSetter(&quot;'transparent'&quot;, &quot;'rgba(0, 0, 0, 0)'&quot;);

</span><span class="cx"> trySettingColorWithSetter(&quot;'red'&quot;, &quot;'#ff0000'&quot;);

</span></span></pre></div>

<a id="trunkLayoutTestsfastcsstestsettingcanvascolorexpectedtxt"></a>

<div class="modfile"><h4>Modified: trunk/LayoutTests/fast/css/test-setting-canvas-color-expected.txt (170932 => 170933)</h4>

<pre class="diff"><span>

<span class="info">--- trunk/LayoutTests/fast/css/test-setting-canvas-color-expected.txt        2014-07-09 21:37:17 UTC (rev 170932)

+++ trunk/LayoutTests/fast/css/test-setting-canvas-color-expected.txt        2014-07-09 21:56:05 UTC (rev 170933)

</span><span class="lines">@@ -214,6 +214,14 @@

<span class="cx"> PASS Setting color to #100% was not set (as expected).

<span class="cx"> PASS Setting color to #100px was not set (as expected).

<span class="cx"> PASS Setting color to -webkit-var(&quot;test&quot;) was not set (as expected).

<ins>+PASS Setting color to left was not set (as expected).

+PASS Setting color to right was not set (as expected).

+PASS Setting color to center was not set (as expected).

+PASS Setting color to border was not set (as expected).

+PASS Setting color to border was not set (as expected).

+PASS Setting color to content was not set (as expected).

+PASS Setting color to logical was not set (as expected).

+PASS Setting color to visual was not set (as expected).

</ins><span class="cx"> PASS successfullyParsed is true

</span><span class="cx"> 

</span><span class="cx"> TEST COMPLETE

</span></span></pre></div>

<a id="trunkLayoutTestsfastcsstestsettingcanvascolorhtml"></a>

<div class="modfile"><h4>Modified: trunk/LayoutTests/fast/css/test-setting-canvas-color.html (170932 => 170933)</h4>

<pre class="diff"><span>

<span class="info">--- trunk/LayoutTests/fast/css/test-setting-canvas-color.html        2014-07-09 21:37:17 UTC (rev 170932)

+++ trunk/LayoutTests/fast/css/test-setting-canvas-color.html        2014-07-09 21:56:05 UTC (rev 170933)

</span><span class="lines">@@ -242,6 +242,14 @@

</span><span class="cx"> shouldNotSuccessfullyParse(&quot;#100%&quot;);

</span><span class="cx"> shouldNotSuccessfullyParse(&quot;#100px&quot;);

</span><span class="cx"> shouldNotSuccessfullyParse('-webkit-var(&quot;test&quot;)');

</span><ins>+shouldNotSuccessfullyParse('left');

+shouldNotSuccessfullyParse('right');

+shouldNotSuccessfullyParse('center');

+shouldNotSuccessfullyParse('border');

+shouldNotSuccessfullyParse('border');

+shouldNotSuccessfullyParse('content');

+shouldNotSuccessfullyParse('logical');

+shouldNotSuccessfullyParse('visual');

</ins><span class="cx"> &lt;/script&gt;

</span><span class="cx"> &lt;script src=&quot;../../resources/js-test-post.js&quot;&gt;&lt;/script&gt;

</span><span class="cx"> &lt;/html&gt;

</span></span></pre></div>

<a id="trunkLayoutTestssvgdomrgbcolorparserexpectedtxt"></a>

<div class="modfile"><h4>Modified: trunk/LayoutTests/svg/dom/rgb-color-parser-expected.txt (170932 => 170933)</h4>

<pre class="diff"><span>

<span class="info">--- trunk/LayoutTests/svg/dom/rgb-color-parser-expected.txt        2014-07-09 21:37:17 UTC (rev 170932)

+++ trunk/LayoutTests/svg/dom/rgb-color-parser-expected.txt        2014-07-09 21:56:05 UTC (rev 170933)

</span><span class="lines">@@ -5,6 +5,152 @@

</span><span class="cx"> 

</span><span class="cx"> Parsed as rgb(0,0,255): blue

</span><span class="cx"> Parsed as rgb(0,255,0): rgb(0, 255, 0)

</span><ins>+Parsed as rgb(240,248,255): aliceblue

+Parsed as rgb(250,235,215): antiquewhite

+Parsed as rgb(0,255,255): aqua

+Parsed as rgb(127,255,212): aquamarine

+Parsed as rgb(240,255,255): azure

+Parsed as rgb(245,245,220): beige

+Parsed as rgb(255,228,196): bisque

+Parsed as rgb(0,0,0): black

+Parsed as rgb(255,235,205): blanchedalmond

+Parsed as rgb(0,0,255): blue

+Parsed as rgb(138,43,226): blueviolet

+Parsed as rgb(165,42,42): brown

+Parsed as rgb(222,184,135): burlywood

+Parsed as rgb(95,158,160): cadetblue

+Parsed as rgb(127,255,0): chartreuse

+Parsed as rgb(210,105,30): chocolate

+Parsed as rgb(255,127,80): coral

+Parsed as rgb(100,149,237): cornflowerblue

+Parsed as rgb(255,248,220): cornsilk

+Parsed as rgb(220,20,60): crimson

+Parsed as rgb(0,255,255): cyan

+Parsed as rgb(0,0,139): darkblue

+Parsed as rgb(0,139,139): darkcyan

+Parsed as rgb(184,134,11): darkgoldenrod

+Parsed as rgb(169,169,169): darkgray

+Parsed as rgb(0,100,0): darkgreen

+Parsed as rgb(169,169,169): darkgrey

+Parsed as rgb(189,183,107): darkkhaki

+Parsed as rgb(139,0,139): darkmagenta

+Parsed as rgb(85,107,47): darkolivegreen

+Parsed as rgb(255,140,0): darkorange

+Parsed as rgb(153,50,204): darkorchid

+Parsed as rgb(139,0,0): darkred

+Parsed as rgb(233,150,122): darksalmon

+Parsed as rgb(143,188,143): darkseagreen

+Parsed as rgb(72,61,139): darkslateblue

+Parsed as rgb(47,79,79): darkslategray

+Parsed as rgb(47,79,79): darkslategrey

+Parsed as rgb(0,206,209): darkturquoise

+Parsed as rgb(148,0,211): darkviolet

+Parsed as rgb(255,20,147): deeppink

+Parsed as rgb(0,191,255): deepskyblue

+Parsed as rgb(105,105,105): dimgray

+Parsed as rgb(105,105,105): dimgrey

+Parsed as rgb(30,144,255): dodgerblue

+Parsed as rgb(178,34,34): firebrick

+Parsed as rgb(255,250,240): floralwhite

+Parsed as rgb(34,139,34): forestgreen

+Parsed as rgb(255,0,255): fuchsia

+Parsed as rgb(220,220,220): gainsboro

+Parsed as rgb(248,248,255): ghostwhite

+Parsed as rgb(255,215,0): gold

+Parsed as rgb(218,165,32): goldenrod

+Parsed as rgb(128,128,128): gray

+Parsed as rgb(0,128,0): green

+Parsed as rgb(173,255,47): greenyellow

+Parsed as rgb(128,128,128): grey

+Parsed as rgb(240,255,240): honeydew

+Parsed as rgb(255,105,180): hotpink

+Parsed as rgb(205,92,92): indianred

+Parsed as rgb(75,0,130): indigo

+Parsed as rgb(255,255,240): ivory

+Parsed as rgb(240,230,140): khaki

+Parsed as rgb(230,230,250): lavender

+Parsed as rgb(255,240,245): lavenderblush

+Parsed as rgb(124,252,0): lawngreen

+Parsed as rgb(255,250,205): lemonchiffon

+Parsed as rgb(173,216,230): lightblue

+Parsed as rgb(240,128,128): lightcoral

+Parsed as rgb(224,255,255): lightcyan

+Parsed as rgb(250,250,210): lightgoldenrodyellow

+Parsed as rgb(211,211,211): lightgray

+Parsed as rgb(144,238,144): lightgreen

+Parsed as rgb(211,211,211): lightgrey

+Parsed as rgb(255,182,193): lightpink

+Parsed as rgb(255,160,122): lightsalmon

+Parsed as rgb(32,178,170): lightseagreen

+Parsed as rgb(135,206,250): lightskyblue

+Parsed as rgb(119,136,153): lightslategray

+Parsed as rgb(119,136,153): lightslategrey

+Parsed as rgb(176,196,222): lightsteelblue

+Parsed as rgb(255,255,224): lightyellow

+Parsed as rgb(0,255,0): lime

+Parsed as rgb(50,205,50): limegreen

+Parsed as rgb(250,240,230): linen

+Parsed as rgb(255,0,255): magenta

+Parsed as rgb(128,0,0): maroon

+Parsed as rgb(102,205,170): mediumaquamarine

+Parsed as rgb(0,0,205): mediumblue

+Parsed as rgb(186,85,211): mediumorchid

+Parsed as rgb(147,112,219): mediumpurple

+Parsed as rgb(60,179,113): mediumseagreen

+Parsed as rgb(123,104,238): mediumslateblue

+Parsed as rgb(0,250,154): mediumspringgreen

+Parsed as rgb(72,209,204): mediumturquoise

+Parsed as rgb(199,21,133): mediumvioletred

+Parsed as rgb(25,25,112): midnightblue

+Parsed as rgb(245,255,250): mintcream

+Parsed as rgb(255,228,225): mistyrose

+Parsed as rgb(255,228,181): moccasin

+Parsed as rgb(255,222,173): navajowhite

+Parsed as rgb(0,0,128): navy

+Parsed as rgb(253,245,230): oldlace

+Parsed as rgb(128,128,0): olive

+Parsed as rgb(107,142,35): olivedrab

+Parsed as rgb(255,165,0): orange

+Parsed as rgb(255,69,0): orangered

+Parsed as rgb(218,112,214): orchid

+Parsed as rgb(238,232,170): palegoldenrod

+Parsed as rgb(152,251,152): palegreen

+Parsed as rgb(175,238,238): paleturquoise

+Parsed as rgb(219,112,147): palevioletred

+Parsed as rgb(255,239,213): papayawhip

+Parsed as rgb(255,218,185): peachpuff

+Parsed as rgb(205,133,63): peru

+Parsed as rgb(255,192,203): pink

+Parsed as rgb(221,160,221): plum

+Parsed as rgb(176,224,230): powderblue

+Parsed as rgb(128,0,128): purple

+Parsed as rgb(188,143,143): rosybrown

+Parsed as rgb(65,105,225): royalblue

+Parsed as rgb(139,69,19): saddlebrown

+Parsed as rgb(250,128,114): salmon

+Parsed as rgb(244,164,96): sandybrown

+Parsed as rgb(46,139,87): seagreen

+Parsed as rgb(255,245,238): seashell

+Parsed as rgb(160,82,45): sienna

+Parsed as rgb(192,192,192): silver

+Parsed as rgb(135,206,235): skyblue

+Parsed as rgb(106,90,205): slateblue

+Parsed as rgb(112,128,144): slategray

+Parsed as rgb(112,128,144): slategrey

+Parsed as rgb(255,250,250): snow

+Parsed as rgb(0,255,127): springgreen

+Parsed as rgb(70,130,180): steelblue

+Parsed as rgb(210,180,140): tan

+Parsed as rgb(0,128,128): teal

+Parsed as rgb(216,191,216): thistle

+Parsed as rgb(255,99,71): tomato

+Parsed as rgb(64,224,208): turquoise

+Parsed as rgb(238,130,238): violet

+Parsed as rgb(245,222,179): wheat

+Parsed as rgb(255,255,255): white

+Parsed as rgb(245,245,245): whitesmoke

+Parsed as rgb(255,255,0): yellow

+Parsed as rgb(154,205,50): yellowgreen

</ins><span class="cx"> Failed to parse: rgb(100%,100%,0%

</span><span class="cx"> Failed to parse: rgba(100%,100%,0%

</span><span class="cx"> Failed to parse: rgb(100%,100%,r)

</span><span class="lines">@@ -21,6 +167,14 @@

</span><span class="cx"> Failed to parse: #fffff

</span><span class="cx"> Failed to parse: #fffffff

</span><span class="cx"> Failed to parse: green,

</span><ins>+Failed to parse: 'left'

+Failed to parse: 'right'

+Failed to parse: 'center'

+Failed to parse: 'border'

+Failed to parse: 'border-

+Failed to parse: 'content'

+Failed to parse: 'logical'

+Failed to parse: 'visual'

</ins><span class="cx"> Parsed as rgb(0,10,20): rgb(0, 10, 20)

</span><span class="cx"> Parsed as rgb(255,255,255): #fff

</span><span class="cx"> Parsed as rgb(255,255,255): #ffffff

</span></span></pre></div>

<a id="trunkLayoutTestssvgdomrgbcolorparserhtml"></a>

<div class="modfile"><h4>Modified: trunk/LayoutTests/svg/dom/rgb-color-parser.html (170932 => 170933)</h4>

<pre class="diff"><span>

<span class="info">--- trunk/LayoutTests/svg/dom/rgb-color-parser.html        2014-07-09 21:37:17 UTC (rev 170932)

+++ trunk/LayoutTests/svg/dom/rgb-color-parser.html        2014-07-09 21:56:05 UTC (rev 170933)

</span><span class="lines">@@ -54,12 +54,165 @@

</span><span class="cx">         }

</span><span class="cx">     }

</span><span class="cx"> 

<ins>+    // Taken from CSS 3 color.

+    var svgColors = [

+        &quot;aliceblue&quot;,

+        &quot;antiquewhite&quot;,

+        &quot;aqua&quot;,

+        &quot;aquamarine&quot;,

+        &quot;azure&quot;,

+        &quot;beige&quot;,

+        &quot;bisque&quot;,

+        &quot;black&quot;,

+        &quot;blanchedalmond&quot;,

+        &quot;blue&quot;,

+        &quot;blueviolet&quot;,

+        &quot;brown&quot;,

+        &quot;burlywood&quot;,

+        &quot;cadetblue&quot;,

+        &quot;chartreuse&quot;,

+        &quot;chocolate&quot;,

+        &quot;coral&quot;,

+        &quot;cornflowerblue&quot;,

+        &quot;cornsilk&quot;,

+        &quot;crimson&quot;,

+        &quot;cyan&quot;,

+        &quot;darkblue&quot;,

+        &quot;darkcyan&quot;,

+        &quot;darkgoldenrod&quot;,

+        &quot;darkgray&quot;,

+        &quot;darkgreen&quot;,

+        &quot;darkgrey&quot;,

+        &quot;darkkhaki&quot;,

+        &quot;darkmagenta&quot;,

+        &quot;darkolivegreen&quot;,

+        &quot;darkorange&quot;,

+        &quot;darkorchid&quot;,

+        &quot;darkred&quot;,

+        &quot;darksalmon&quot;,

+        &quot;darkseagreen&quot;,

+        &quot;darkslateblue&quot;,

+        &quot;darkslategray&quot;,

+        &quot;darkslategrey&quot;,

+        &quot;darkturquoise&quot;,

+        &quot;darkviolet&quot;,

+        &quot;deeppink&quot;,

+        &quot;deepskyblue&quot;,

+        &quot;dimgray&quot;,

+        &quot;dimgrey&quot;,

+        &quot;dodgerblue&quot;,

+        &quot;firebrick&quot;,

+        &quot;floralwhite&quot;,

+        &quot;forestgreen&quot;,

+        &quot;fuchsia&quot;,

+        &quot;gainsboro&quot;,

+        &quot;ghostwhite&quot;,

+        &quot;gold&quot;,

+        &quot;goldenrod&quot;,

+        &quot;gray&quot;,

+        &quot;green&quot;,

+        &quot;greenyellow&quot;,

+        &quot;grey&quot;,

+        &quot;honeydew&quot;,

+        &quot;hotpink&quot;,

+        &quot;indianred&quot;,

+        &quot;indigo&quot;,

+        &quot;ivory&quot;,

+        &quot;khaki&quot;,

+        &quot;lavender&quot;,

+        &quot;lavenderblush&quot;,

+        &quot;lawngreen&quot;,

+        &quot;lemonchiffon&quot;,

+        &quot;lightblue&quot;,

+        &quot;lightcoral&quot;,

+        &quot;lightcyan&quot;,

+        &quot;lightgoldenrodyellow&quot;,

+        &quot;lightgray&quot;,

+        &quot;lightgreen&quot;,

+        &quot;lightgrey&quot;,

+        &quot;lightpink&quot;,

+        &quot;lightsalmon&quot;,

+        &quot;lightseagreen&quot;,

+        &quot;lightskyblue&quot;,

+        &quot;lightslategray&quot;,

+        &quot;lightslategrey&quot;,

+        &quot;lightsteelblue&quot;,

+        &quot;lightyellow&quot;,

+        &quot;lime&quot;,

+        &quot;limegreen&quot;,

+        &quot;linen&quot;,

+        &quot;magenta&quot;,

+        &quot;maroon&quot;,

+        &quot;mediumaquamarine&quot;,

+        &quot;mediumblue&quot;,

+        &quot;mediumorchid&quot;,

+        &quot;mediumpurple&quot;,

+        &quot;mediumseagreen&quot;,

+        &quot;mediumslateblue&quot;,

+        &quot;mediumspringgreen&quot;,

+        &quot;mediumturquoise&quot;,

+        &quot;mediumvioletred&quot;,

+        &quot;midnightblue&quot;,

+        &quot;mintcream&quot;,

+        &quot;mistyrose&quot;,

+        &quot;moccasin&quot;,

+        &quot;navajowhite&quot;,

+        &quot;navy&quot;,

+        &quot;oldlace&quot;,

+        &quot;olive&quot;,

+        &quot;olivedrab&quot;,

+        &quot;orange&quot;,

+        &quot;orangered&quot;,

+        &quot;orchid&quot;,

+        &quot;palegoldenrod&quot;,

+        &quot;palegreen&quot;,

+        &quot;paleturquoise&quot;,

+        &quot;palevioletred&quot;,

+        &quot;papayawhip&quot;,

+        &quot;peachpuff&quot;,

+        &quot;peru&quot;,

+        &quot;pink&quot;,

+        &quot;plum&quot;,

+        &quot;powderblue&quot;,

+        &quot;purple&quot;,

+        // We do not test red.

+        &quot;rosybrown&quot;,

+        &quot;royalblue&quot;,

+        &quot;saddlebrown&quot;,

+        &quot;salmon&quot;,

+        &quot;sandybrown&quot;,

+        &quot;seagreen&quot;,

+        &quot;seashell&quot;,

+        &quot;sienna&quot;,

+        &quot;silver&quot;,

+        &quot;skyblue&quot;,

+        &quot;slateblue&quot;,

+        &quot;slategray&quot;,

+        &quot;slategrey&quot;,

+        &quot;snow&quot;,

+        &quot;springgreen&quot;,

+        &quot;steelblue&quot;,

+        &quot;tan&quot;,

+        &quot;teal&quot;,

+        &quot;thistle&quot;,

+        &quot;tomato&quot;,

+        &quot;turquoise&quot;,

+        &quot;violet&quot;,

+        &quot;wheat&quot;,

+        &quot;white&quot;,

+        &quot;whitesmoke&quot;,

+        &quot;yellow&quot;,

+        &quot;yellowgreen&quot;

+    ];

+

</ins><span class="cx">     function fuzz()

</span><span class="cx">     {

<span class="cx">         // Some valid values.

</span><span class="cx">         parseRGBColor(&quot;blue&quot;);

</span><span class="cx">         parseRGBColor(&quot;rgb(0, 255, 0)&quot;);

</span><del>-        

</del><ins>+        for (var i = 0; i &lt; svgColors.length; ++i)

+            parseRGBColor(svgColors[i]);

+

</ins><span class="cx">         // Some invalid ones.

</span><span class="cx">         parseRGBColor(&quot;rgb(100%,100%,0%&quot;);

</span><span class="cx">         parseRGBColor(&quot;rgba(100%,100%,0%&quot;);

</span><span class="lines">@@ -77,6 +230,14 @@

</span><span class="cx">         parseRGBColor(&quot;#fffff&quot;);

</span><span class="cx">         parseRGBColor(&quot;#fffffff&quot;);

</span><span class="cx">         parseRGBColor(&quot;green,&quot;);

</span><ins>+        parseRGBColor(&quot;'left'&quot;);

+        parseRGBColor(&quot;'right'&quot;);

+        parseRGBColor(&quot;'center'&quot;);

+        parseRGBColor(&quot;'border'&quot;);

+        parseRGBColor(&quot;'border-&quot;);

+        parseRGBColor(&quot;'content'&quot;);

+        parseRGBColor(&quot;'logical'&quot;);

+        parseRGBColor(&quot;'visual'&quot;);

</ins><span class="cx"> 

<span class="cx">         // Some more valid ones.

</span><span class="cx">         parseRGBColor(&quot;rgb(0, 10, 20)&quot;);

</span></span></pre></div>

<a id="trunkSourceWebCoreChangeLog"></a>

<div class="modfile"><h4>Modified: trunk/Source/WebCore/ChangeLog (170932 => 170933)</h4>

<pre class="diff"><span>

<span class="info">--- trunk/Source/WebCore/ChangeLog        2014-07-09 21:37:17 UTC (rev 170932)

+++ trunk/Source/WebCore/ChangeLog        2014-07-09 21:56:05 UTC (rev 170933)

</span><span class="lines">@@ -1,3 +1,31 @@

</span><ins>+2014-07-09  Javier Fernandez  &lt;jfernandez@igalia.com&gt;

+        CSS canvas color parsing accepts invalid color identifiers

+        https://bugs.webkit.org/show_bug.cgi?id=134661

+

+        Reviewed by Benjamin Poulain.

+

+        Current implementation of the CSSParser::parseSystemColor assumes

+        that if a valid cssValueKeywordID is got then it has to be a valid

+        color. Such assumption is wrong and lead to many bugs and layout

+        test failures.

+

+        The parseSystemFunction determines now whether the parsed color is

+        valid or not.

+

+        Addtionally, a new method has been added to share the logic of

+        determining whether a CSSValueID is a valid primitive values for

+        colors or not. Generally, we should avoid passing invalid color

+        identifiers to the theming API.

+

+        No new tests, but added additional cases to the

+        canvas-color-serialization.html, test-setting-canvas-color and

+        rgb-color-parse test.

+

+        * css/CSSParser.cpp:

+        (WebCore::validPrimitiveValueColor): Added.

+        (WebCore::parseColorValue):

+        (WebCore::CSSParser::parseSystemColor):

+

</ins><span class="cx"> 2014-06-28  Jer Noble  &lt;jer.noble@apple.com&gt;

</span><span class="cx"> 

</span><span class="cx">         [MSE] http/tests/media/media-source/mediasource-remove.html is failing

</span></span></pre></div>

<a id="trunkSourceWebCorecssCSSParsercpp"></a>

<div class="modfile"><h4>Modified: trunk/Source/WebCore/css/CSSParser.cpp (170932 => 170933)</h4>

<pre class="diff"><span>

<span class="info">--- trunk/Source/WebCore/css/CSSParser.cpp        2014-07-09 21:37:17 UTC (rev 170932)

+++ trunk/Source/WebCore/css/CSSParser.cpp        2014-07-09 21:56:05 UTC (rev 170933)

</span><span class="lines">@@ -501,6 +501,13 @@

</span><span class="cx">     }

</span><span class="cx"> }

</span><span class="cx"> 

</span><ins>+static bool validPrimitiveValueColor(CSSValueID valueID, bool strict = false)

+{

+    return (valueID == CSSValueWebkitText || valueID == CSSValueCurrentcolor || valueID == CSSValueMenu

+        || (valueID &gt;= CSSValueAlpha &amp;&amp; valueID &lt;= CSSValueWindowtext)

+        || (valueID &gt;= CSSValueWebkitFocusRingColor &amp;&amp; valueID &lt; CSSValueWebkitText &amp;&amp; !strict));

+}

+

</ins><span class="cx"> static bool parseColorValue(MutableStyleProperties* declaration, CSSPropertyID propertyId, const String&amp; string, bool important, CSSParserMode cssParserMode)

</span><span class="cx"> {

</span><span class="cx">     ASSERT(!string.isEmpty());

</span><span class="lines">@@ -510,17 +517,7 @@

</span><span class="cx">     CSSParserString cssString;

</span><span class="cx">     cssString.init(string);

</span><span class="cx">     CSSValueID valueID = cssValueKeywordID(cssString);

</span><del>-    bool validPrimitive = false;

-    if (valueID == CSSValueWebkitText)

-        validPrimitive = true;

-    else if (valueID == CSSValueCurrentcolor)

-        validPrimitive = true;

-    else if ((valueID &gt;= CSSValueAqua &amp;&amp; valueID &lt;= CSSValueWindowtext) || valueID == CSSValueMenu

-             || (valueID &gt;= CSSValueWebkitFocusRingColor &amp;&amp; valueID &lt; CSSValueWebkitText &amp;&amp; !strict)) {

-        validPrimitive = true;

-    }

-

-    if (validPrimitive) {

</del><ins>+    if (validPrimitiveValueColor(valueID, strict)) {

</ins><span class="cx">         RefPtr&lt;CSSValue&gt; value = cssValuePool().createIdentifierValue(valueID);

</span><span class="cx">         declaration-&gt;addParsedProperty(CSSProperty(propertyId, value.release(), important));

</span><span class="cx">         return true;

</span><span class="lines">@@ -1355,10 +1352,14 @@

</span><span class="cx">     CSSParserString cssColor;

</span><span class="cx">     cssColor.init(string);

</span><span class="cx">     CSSValueID id = cssValueKeywordID(cssColor);

</span><del>-    if (id &lt;= 0)

</del><ins>+    if (!validPrimitiveValueColor(id))

</ins><span class="cx">         return false;

</span><span class="cx"> 

</span><del>-    color = document-&gt;page()-&gt;theme().systemColor(id).rgb();

</del><ins>+    Color parsedColor = document-&gt;page()-&gt;theme().systemColor(id);

+    if (!parsedColor.isValid())

+        return false;

+

+    color = parsedColor.rgb();

</ins><span class="cx">     return true;

</span><span class="cx"> }

</span><span class="cx"> 

</span></span></pre>

</div>

</div>

</body>

</html>