[webkit-dev] CSS Parse error in <link rel> element.

Yoav Weiss yoav at yoav.ws
Mon Feb 6 04:26:09 PST 2017 

Hi Atul,

I second Alex's suggestion (perhaps followed by HTMLLinkElement::process()
and other places in that file that refer to `hrefAttr`).
If you have a test case online, I could try to take a look and maybe
provide more guidance.

Cheers :)
Yoav

On Fri, Feb 3, 2017 at 9:19 PM Alex Christensen <achristensen at apple.com>
wrote:

> I would start looking at HTMLLinkElement::parseAttribute.
> LinkHeader.cpp contains parsers for link headers, which are related.  Yoav
> knows more about those.  Those parsers ought to be united more.
>
> On Feb 3, 2017, at 1:17 AM, Atul Sowani <sowani at gmail.com> wrote:
>
> At present I am focusing on CSSParser::findURI() particularly
> and CSSParser::realLex() other related functionality in CSSParser.cpp
> - hope I am on right track. ;-)
>
> Please let me know if I should be looking at some other functionality as
> well to resolve this issue.
>
> Thanks!
> Atul.
>
> On Fri, Feb 3, 2017 at 2:33 PM, Atul Sowani <sowani at gmail.com> wrote:
>
> Hi,
>
> I came across an issue in qtwebkit CSS parser while working on a PhantomJS
> crash. The issue seems to be with parsing of <link rel="..." href="...">
> type elements in an HTML page. What I observed is that the parser is trying
> to interpret the value for href given inside double-quotes. The value
> contains a "-" (e.g. "http://some.domain.com/some-page-etc-etc"). The "-"
> sign is being interpreted as minus and then things go wrong. In another
> case I found that "\g" embedded in the value (e.g. "
> http://some.domain.com/some-page/global/something") is also creating
> issues. In essence, the parser is trying to interpret the value, which I
> believe, it should not.
>
> I am willing to dive further into it to debug and fix the issue, but
> looking at the complexity and size of WebCore, I think I would benefit a
> lot to expedite a fix, if I could get some tips about which code
> area/functionality I should specifically focus in the WebCore. Looking
> forward to some help in this regard.
>
> Thanks,
> Atul.
>
>
> _______________________________________________
> webkit-dev mailing list
> webkit-dev at lists.webkit.org
> https://lists.webkit.org/mailman/listinfo/webkit-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-dev/attachments/20170206/a92c739d/attachment.html>

More information about the webkit-dev mailing list