[Webkit-unassigned] [Bug 250471] New: font-face src format doesn't consume range when garbage follows url()

Wed Jan 11 12:34:31 PST 2023

https://bugs.webkit.org/show_bug.cgi?id=250471

            Bug ID: 250471
           Summary: font-face src format doesn't consume range when
                    garbage follows url()
           Product: WebKit
           Version: Other
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: CSS
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: vitor.roriz at apple.com
                CC: webkit-bug-importer at group.apple.com

When webkit parses font-face src, if the component is a url, it first tries to parse a URL and then format().
It will just try to parse a second member after URL if such a member has a functionID equals CSSValueFormat.

This conflicts with the logic for parsing each component as comma delimited and the requirement that the src descriptor will only be valid if the whole range has been consumed by the end of its parsing.
This makes the following src descriptor in font-face to be invalidated, while it should be valid:
src: 'url("foo.ttf") dummy(xyzzy), url("bar.html")', valid: true }.

This is tested by the following wpt: https://wpt.fyi/results/css/css-fonts/parsing/font-face-src-format.html?label=experimental&label=master&aligned

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20230111/0c5f924f/attachment-0001.htm>