[Webkit-unassigned] [Bug 246842] New: Clipboard sanitization corrupting visible contents

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Oct 20 20:12:22 PDT 2022 

https://bugs.webkit.org/show_bug.cgi?id=246842

            Bug ID: 246842
           Summary: Clipboard sanitization corrupting visible contents
           Product: WebKit
           Version: Safari Technology Preview
          Hardware: Mac (Apple Silicon)
                OS: macOS 12
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: DOM
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: jamie at birch-family.me.uk

Created attachment 463132

  --> https://bugs.webkit.org/attachment.cgi?id=463132&action=review

HTML file reproducing the issue.

STR:

1: Open the attachment via the file system (or, if hosting it online, make sure that the copy and paste actions are performed on separate domains, in order to trigger clipboard sanitisation): clipboard_sanitisation_corrupting_visible_contents.html

2. Follow the instructions to write to, and read from, the clipboard.

3. Read the validation message.

Expected results:
A green message saying "Valid!" should appear, indicating that the structure of a <ruby> element side-by-side with a <span>Skytree</span> element has been preserved.

Actual results:
A red message appears, indicating that the <span>Skytree</span> element has been erroneously appended into the <ruby> element due to the </ruby> closing tag being lost. The result is that the visible contents are corrupted.

Cause:
The presence of the <rp> elements (being non-visible elements) seems to trigger this loss of the </ruby> closing tag. That is to say, if the <rp> elements are removed from the initial input, then the </ruby> closing tag survives.

Relevant WebCore code:
https://searchfox.org/wubkat/rev/2231e02d13486d2d164b219751b6316ef9502b30/Source/WebCore/editing/markup.cpp#1005

Chrome 106.0.5249.119 and Firefox 106.0.1 (with the dom.events.asyncClipboard.clipboardItem preference set to true) both produce the expected result.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20221021/3ea41da3/attachment.htm>

More information about the webkit-unassigned mailing list