268542 2024-02-01 04:33:29 -0800 Parsing of floating-point number values in attributes should allow leading ascii whitespace, plus sign, and trailing junk 2024-05-08 17:19:13 -0700 1 1 1 Unclassified WebKit DOM Safari 17 PC Linux RESOLVED FIXED InRadar P2 Normal --- 255467 1 t.broyer mike ahmad.saleem792 akeerthi annevk mike webkit-bug-importer oldest_to_newest 2009693 0 469649 t.broyer 2024-02-01 04:33:29 -0800 Created attachment 469649 Test case reduction Per HTML rules for parsing floating-point values [1], leading ASCII whitespace, plus (+) sign, and trailing junk (similar to integers). This is not the case for the progress element's max and value attributes, and meter element's value, min, max, low, high, and optimum attributes, that are all defined to use these rules [2,3,4]. Reproduced in Epiphany 6.0 and WebKitGTK MiniBrowser (same user agent): Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.0 Safari/605.1.15 These are not tested by Web Platform Tests because meter attributes have a "custom getter", and the progress element's max attribute is of type "limited double" which is not implemented in the test harness (reflection.js). [1] https://html.spec.whatwg.org/multipage/common-microsyntaxes.html#rules-for-parsing-floating-point-number-values [2] https://html.spec.whatwg.org/multipage/form-elements.html#the-progress-element:rules-for-parsing-floating-point-number-values [3] https://html.spec.whatwg.org/multipage/form-elements.html#the-progress-element:rules-for-parsing-floating-point-number-values-2 [4] https://html.spec.whatwg.org/multipage/form-elements.html#the-meter-element:rules-for-parsing-floating-point-number-values 2009698 1 ahmad.saleem792 2024-02-01 04:47:46 -0800 *** Safari 17.3 *** progress.value (" 50"): 0 progress.max ("100junk"): 1 meter.min ("\t1"): 0 meter.low ("+2"): 0 meter.optimum ("\n3"): 0.5 meter.value ("\r4"): 0 meter.high ("4.5.6"): 1 meter.max ("\f7"): 1 *** Chrome Canary 123 *** progress.value (" 50"): 0 progress.max ("100junk"): 1 meter.min ("\t1"): 0 meter.low ("+2"): 0 meter.optimum ("\n3"): 0.5 meter.value ("\r4"): 0 meter.high ("4.5.6"): 1 meter.max ("\f7"): 1 *** Firefox Nightly 124 *** progress.value (" 50"): 1 progress.max ("100junk"): 1 meter.min ("\t1"): 1 meter.low ("+2"): 2 meter.optimum ("\n3"): 3 meter.value ("\r4"): 4 meter.high ("4.5.6"): 7 meter.max ("\f7"): 7 2009779 2 t.broyer 2024-02-01 09:38:56 -0800 This Pull Request to Web Platform Tests would test this for the progress element's max value: https://github.com/web-platform-tests/wpt/pull/44355 2010002 3 mike 2024-02-01 19:44:40 -0800 Pull request: https://github.com/WebKit/WebKit/pull/23719 2010044 4 annevk 2024-02-02 00:41:40 -0800 I had trouble reading comment 0, but it seems the problem is that due to lack of test coverage we never aligned parsing for the attributes enumerated in comment 0 with the HTML standard. We have a larger problem with parsing floating-point values which is that we handle whitespace incorrectly (this is not covered by WPT and the same overall bug is applicable to Chromium), as tracked by bug 255467. It seems Mike discovered this, but we might need a different approach towards fixing the issue. 2010045 5 t.broyer 2024-02-02 00:51:51 -0800 (In reply to Anne van Kesteren from comment #4) > I had trouble reading comment 0, Ah sorry, the first sentence was incomplete and should have read: > Per HTML rules for parsing floating-point values [1], leading ASCII whitespace, plus (+) sign, and trailing junk **should be ignored** (similar to integers). Hope that makes it a bit clearer. 2011709 6 webkit-bug-importer 2024-02-08 04:34:14 -0800 <rdar://problem/122533439> 2034166 7 ews-feeder 2024-05-08 17:19:11 -0700 Committed 278541@main (806925c1274e): <https://commits.webkit.org/278541@main> Reviewed commits have been landed. Closing PR #23719 and removing active labels. 469649 2024-02-01 04:33:29 -0800 2024-02-01 04:33:29 -0800 Test case reduction webkit-double-attributes.html text/html 1138 t.broyer PCFkb2N0eXBlIGh0bWw+CjxodG1sPgo8dGl0bGU+PC90aXRsZT4KPGJvZHk+Cjxwcm9ncmVzcyB2 YWx1ZT0iIDUwIiBtYXg9IjEwMGp1bmsiPjwvcHJvZ3Jlc3M+CjxtZXRlciBtaW49IgkxIiBsb3c9 IisyIiBvcHRpbXVtPSImI3gwYTszIiB2YWx1ZT0iJiN4MGQ7NCIgaGlnaD0iNC41LjYiIG1heD0i JiN4MGM7NyI+PC9tZXRlcj4KPHByZT4KPC9wcmU+CjxzY3JpcHQ+CmNvbnN0IHByb2dyZXNzID0g ZG9jdW1lbnQucXVlcnlTZWxlY3RvcigicHJvZ3Jlc3MiKTsKY29uc3QgbWV0ZXIgPSBkb2N1bWVu dC5xdWVyeVNlbGVjdG9yKCJtZXRlciIpOwpsZXQgcyA9ICIiOwpzICs9ICJcbnByb2dyZXNzLnZh bHVlICgiICsgSlNPTi5zdHJpbmdpZnkocHJvZ3Jlc3MuZ2V0QXR0cmlidXRlKCJ2YWx1ZSIpKSAr ICIpOiAiICsgcHJvZ3Jlc3MudmFsdWU7CnMgKz0gIlxucHJvZ3Jlc3MubWF4ICgiICsgSlNPTi5z dHJpbmdpZnkocHJvZ3Jlc3MuZ2V0QXR0cmlidXRlKCJtYXgiKSkgKyAiKTogIiArIHByb2dyZXNz Lm1heDsKcyArPSAiXG4iOwpzICs9ICJcbm1ldGVyLm1pbiAoIiArIEpTT04uc3RyaW5naWZ5KG1l dGVyLmdldEF0dHJpYnV0ZSgibWluIikpICsgIik6ICIgKyBtZXRlci5taW47CnMgKz0gIlxubWV0 ZXIubG93ICgiICsgSlNPTi5zdHJpbmdpZnkobWV0ZXIuZ2V0QXR0cmlidXRlKCJsb3ciKSkgKyAi KTogIiArIG1ldGVyLmxvdzsKcyArPSAiXG5tZXRlci5vcHRpbXVtICgiICsgSlNPTi5zdHJpbmdp ZnkobWV0ZXIuZ2V0QXR0cmlidXRlKCJvcHRpbXVtIikpICsgIik6ICIgKyBtZXRlci5vcHRpbXVt OwpzICs9ICJcbm1ldGVyLnZhbHVlICgiICsgSlNPTi5zdHJpbmdpZnkobWV0ZXIuZ2V0QXR0cmli dXRlKCJ2YWx1ZSIpKSArICIpOiAiICsgbWV0ZXIudmFsdWU7CnMgKz0gIlxubWV0ZXIuaGlnaCAo IiArIEpTT04uc3RyaW5naWZ5KG1ldGVyLmdldEF0dHJpYnV0ZSgiaGlnaCIpKSArICIpOiAiICsg bWV0ZXIuaGlnaDsKcyArPSAiXG5tZXRlci5tYXggKCIgKyBKU09OLnN0cmluZ2lmeShtZXRlci5n ZXRBdHRyaWJ1dGUoIm1heCIpKSArICIpOiAiICsgbWV0ZXIubWF4Owpkb2N1bWVudC5xdWVyeVNl bGVjdG9yKCJwcmUiKS5pbm5lclRleHQgPSBzOwo8L3NjcmlwdD4KPC9ib2R5Pgo8L2h0bWw+Cg==