[Webkit-unassigned] [Bug 250471] New: font-face src format doesn't consume range when garbage follows url()
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Jan 11 12:34:31 PST 2023
https://bugs.webkit.org/show_bug.cgi?id=250471
Bug ID: 250471
Summary: font-face src format doesn't consume range when
garbage follows url()
Product: WebKit
Version: Other
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: CSS
Assignee: webkit-unassigned at lists.webkit.org
Reporter: vitor.roriz at apple.com
CC: webkit-bug-importer at group.apple.com
When webkit parses font-face src, if the component is a url, it first tries to parse a URL and then format().
It will just try to parse a second member after URL if such a member has a functionID equals CSSValueFormat.
This conflicts with the logic for parsing each component as comma delimited and the requirement that the src descriptor will only be valid if the whole range has been consumed by the end of its parsing.
This makes the following src descriptor in font-face to be invalidated, while it should be valid:
src: 'url("foo.ttf") dummy(xyzzy), url("bar.html")', valid: true }.
This is tested by the following wpt: https://wpt.fyi/results/css/css-fonts/parsing/font-face-src-format.html?label=experimental&label=master&aligned
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20230111/0c5f924f/attachment-0001.htm>
More information about the webkit-unassigned
mailing list