Bug 196525 (CVE-2019-8615)

Summary:

Remove support for -apple-trailing-word

Product:

WebKit

Reporter:

Myles C. Maxfield <mmaxfield>

Component:

New Bugs

Assignee:

Myles C. Maxfield <mmaxfield>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

ap, bfulgham, commit-queue, rniwa, simon.fraser, webkit-bug-importer, zalan

Priority:

Keywords:

InRadar

Version:

WebKit Nightly Build

Hardware:

Unspecified

OS:

Unspecified

Bug Depends on:

Bug Blocks:

234672

Attachments:

Description	Flags
Patch	none

Myles C. Maxfield

Reported 2019-04-02 20:39:19 PDT

Remove support for -apple-trailing-word

Attachments
Patch (97.69 KB, patch) 2019-04-02 20:43 PDT, Myles C. Maxfield	no flags	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Myles C. Maxfield

Comment 1 2019-04-02 20:43:04 PDT

Created attachment 366573 [details] Patch

alan

Comment 2 2019-04-03 07:28:16 PDT

Comment on attachment 366573 [details] Patch Yay, InlineIteratorHistory tricked me a few times in the past.

WebKit Commit Bot

Comment 3 2019-04-03 12:48:04 PDT

Comment on attachment 366573 [details] Patch Clearing flags on attachment: 366573 Committed r243819: <https://trac.webkit.org/changeset/243819>

WebKit Commit Bot

Comment 4 2019-04-03 12:48:05 PDT

All reviewed patches have been landed. Closing bug.

Radar WebKit Bug Importer

Comment 5 2019-04-03 12:49:17 PDT

<rdar://problem/49569237>

Ryosuke Niwa

Comment 6 2019-04-03 12:55:24 PDT

This seems to break Safari detection in https://github.com/cssinjs/css-vendor/blob/41ccf9503d283ee63dd5432595f8902b34f5c2a8/src/prefix.js

Ryosuke Niwa

Comment 7 2019-04-03 12:59:19 PDT

Another example of CSS which uses this CSS property to workaround a bug in Safari: https://github.com/StackExchange/Stacks/blob/d3a876faf07a13666e6b83220c94ae6a68a58c16/lib/css/components/_stacks-spinner.less

Myles C. Maxfield

Comment 8 2019-04-03 13:22:15 PDT

I wonder if I can make pull requests to those repositories, or at least open issues.

Myles C. Maxfield

Comment 9 2019-04-03 13:23:01 PDT

By the way, things like this are exactly why we should never have exposed this property to the Web in the first place.

Simon Fraser (smfr)

Comment 10 2019-04-03 13:26:14 PDT

I already opened issues.

Simon Fraser (smfr)

Comment 11 2019-04-03 13:29:04 PDT

Comment on attachment 366573 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=366573&action=review > Source/WebCore/css/CSSProperties.json:-6968 > - "-apple-trailing-word": { > - "inherited": true, > - "values": [ > - "auto", > - "-webkit-partially-balanced" > - ], > - "codegen-properties": { > - "name-for-methods": "TrailingWord", > - "enable-if": "ENABLE_CSS_TRAILING_WORD" > - }, > - "status": "non-standard" > - }, This should have left the property, but marked it "removed" with code-gen disabled.

Note You need to log in before you can comment on or make changes to this bug.