Bug 133336

Summary:

Ignore usemap attributes without '#' in img element

Product:

WebKit

Reporter:

Jinwoo Song <jinwoo7.song>

Component:

WebCore Misc.

Assignee:

Jinwoo Song <jinwoo7.song>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

buildbot, commit-queue, esprehn+autocc, kangil.han, rniwa

Priority:

Version:

528+ (Nightly build)

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
Patch	none
Archive of layout-test-results from webkit-ews-06 for mac-mountainlion	none
Archive of layout-test-results from webkit-ews-05 for mac-mountainlion	none
Patch	none
Patch	none
Patch	none

Description Jinwoo Song 2014-05-27 21:30:03 PDT

HTML5 specification says we should ignore usemap attributes without #.
http://www.w3.org/TR/html5/infrastructure.html#valid-hash-name-reference

Comment 1 Jinwoo Song 2014-05-27 21:31:40 PDT

Created attachment 232166 [details]
Patch

Comment 2 Build Bot 2014-05-27 22:54:25 PDT

Comment on attachment 232166 [details]
Patch

Attachment 232166 [details] did not pass mac-ews (mac):
Output: http://webkit-queues.appspot.com/results/5169700786929664

New failing tests:
fast/images/image-map-multiple-xhtml.xhtml

Comment 3 Build Bot 2014-05-27 22:54:28 PDT

Created attachment 232171 [details]
Archive of layout-test-results from webkit-ews-06 for mac-mountainlion

The attached test failures were seen while running run-webkit-tests on the mac-ews.
Bot: webkit-ews-06  Port: mac-mountainlion  Platform: Mac OS X 10.8.5

Comment 4 Build Bot 2014-05-27 23:56:59 PDT

Comment on attachment 232166 [details]
Patch

Attachment 232166 [details] did not pass mac-ews (mac):
Output: http://webkit-queues.appspot.com/results/4660278742482944

New failing tests:
fast/images/image-map-multiple-xhtml.xhtml

Comment 5 Build Bot 2014-05-27 23:57:04 PDT

Created attachment 232174 [details]
Archive of layout-test-results from webkit-ews-05 for mac-mountainlion

The attached test failures were seen while running run-webkit-tests on the mac-ews.
Bot: webkit-ews-05  Port: mac-mountainlion  Platform: Mac OS X 10.8.5

Comment 6 Jinwoo Song 2014-05-28 00:03:13 PDT

Created attachment 232175 [details]
Patch

Comment 7 Jinwoo Song 2014-05-28 00:48:40 PDT

Created attachment 232176 [details]
Patch

Comment 8 Ryosuke Niwa 2014-05-28 18:25:01 PDT

Comment on attachment 232176 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=232176&action=review

> Source/WebCore/dom/TreeScope.cpp:210
> +    if (m_rootNode.document().isHTMLDocument() && hashPos == notFound)
> +        return nullptr;

What do other browsers do?  I'm very afraid that this is not a backwards compatible change.

Comment 9 Jinwoo Song 2014-05-28 18:33:11 PDT

Comment on attachment 232176 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=232176&action=review

>> Source/WebCore/dom/TreeScope.cpp:210
>> +        return nullptr;
> 
> What do other browsers do?  I'm very afraid that this is not a backwards compatible change.

FireFox and IE.10 does not support usemap attribute if it has not '#'. Blink works as WebKit as of now.

Comment 10 Darin Adler 2014-05-30 11:58:19 PDT

Comment on attachment 232176 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=232176&action=review

>>> Source/WebCore/dom/TreeScope.cpp:210
>>> +        return nullptr;
>> 
>> What do other browsers do?  I'm very afraid that this is not a backwards compatible change.
> 
> FireFox and IE.10 does not support usemap attribute if it has not '#'. Blink works as WebKit as of now.

Why specific to HTML documents? That part seems wrong to me.

> Source/WebCore/dom/TreeScope.cpp:211
>      String name = (hashPos == notFound ? url : url.substring(hashPos + 1)).impl();

If we’re exiting when hashPos is notFound, then we should be removing the ? : expression here.

Comment 11 Darin Adler 2014-05-30 11:59:14 PDT

Comment on attachment 232176 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=232176&action=review

>>>> Source/WebCore/dom/TreeScope.cpp:210
>>>> +        return nullptr;
>>> 
>>> What do other browsers do?  I'm very afraid that this is not a backwards compatible change.
>> 
>> FireFox and IE.10 does not support usemap attribute if it has not '#'. Blink works as WebKit as of now.
> 
> Why specific to HTML documents? That part seems wrong to me.

Given the many years of support for this in WebKit, it’s likely that some WebKit-specific content is accidentally depending on the old behavior. We’ll have to find some way of researching that question.

Comment 12 Jinwoo Song 2014-06-01 23:22:05 PDT

Created attachment 232368 [details]
Patch

Applied Darin's comments.

Comment 13 Jinwoo Song 2014-06-01 23:24:33 PDT

Comment on attachment 232176 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=232176&action=review

>> Source/WebCore/dom/TreeScope.cpp:211
>>      String name = (hashPos == notFound ? url : url.substring(hashPos + 1)).impl();
> 
> If we’re exiting when hashPos is notFound, then we should be removing the ? : expression here.

I also agree that we need a way to handle this kind of issues. Specially, if there it is impossible to provide the legacy behavior like this, how can we apply the latest spec to the implementation?

Comment 14 Ryosuke Niwa 2014-08-19 04:13:54 PDT

r=me if we believe websites don't rely on this feature.

Comment 15 WebKit Commit Bot 2014-08-19 21:32:27 PDT

Comment on attachment 232368 [details]
Patch

Clearing flags on attachment: 232368

Committed r172796: <http://trac.webkit.org/changeset/172796>

Comment 16 WebKit Commit Bot 2014-08-19 21:32:32 PDT

All reviewed patches have been landed.  Closing bug.