[Webkit-unassigned] [Bug 216407] Safely handle overly-long CSS variable values
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sat Sep 12 15:51:14 PDT 2020
https://bugs.webkit.org/show_bug.cgi?id=216407
--- Comment #7 from Tyler Wilcock <twilco.o at protonmail.com> ---
Thanks for looking this over! I removed all of the `TestOptions`, `TestController`, etc. changes and simply made the test smaller so that it runs instantly, pass or fail.
> Should this be a WPT test instead of a WebKit-only test?
This is a good question. Quoting the spec (https://drafts.csswg.org/css-variables/#long-variables):
> To avoid this sort of attack, UAs must impose a UA-defined limit on the allowed length of the token stream that a var() function expands into.
> ...
> This specification does not define what size limit should be imposed. However, since there are valid use-cases for custom properties that contain a kilobyte or more of text, it’s recommended that the limit be set relatively high.
> ...
> Note: The general principle that UAs are allowed to violate standards due to resource constraints is still generally true here
The spec intentionally does not set an explicit limit, while making this a WPT would, in practice, be setting a limit. So I guess I think the answer to your question is no, but from an author's perspective I could see having a consistent limit being useful.
FWIW, the test as I have it in this latest patch would pass in Gecko and Chromium.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200912/372e78a3/attachment.htm>
More information about the webkit-unassigned
mailing list