Bug 250471
| Summary: | font-face src format doesn't consume range when garbage follows url() | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Vitor Roriz <vitor.roriz> |
| Component: | CSS | Assignee: | Nobody <webkit-unassigned> |
| Status: | RESOLVED FIXED | ||
| Severity: | Normal | CC: | karlcow, mmaxfield, webkit-bug-importer |
| Priority: | P2 | Keywords: | BrowserCompat, InRadar, WPTImpact |
| Version: | Other | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
Vitor Roriz
When webkit parses font-face src, if the component is a url, it first tries to parse a URL and then format().
It will just try to parse a second member after URL if such a member has a functionID equals CSSValueFormat.
This conflicts with the logic for parsing each component as comma delimited and the requirement that the src descriptor will only be valid if the whole range has been consumed by the end of its parsing.
This makes the following src descriptor in font-face to be invalidated, while it should be valid:
src: 'url("foo.ttf") dummy(xyzzy), url("bar.html")', valid: true }.
This is tested by the following wpt: https://wpt.fyi/results/css/css-fonts/parsing/font-face-src-format.html?label=experimental&label=master&aligned
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Radar WebKit Bug Importer
<rdar://problem/104135235>
Vitor Roriz
Pull request: https://github.com/WebKit/WebKit/pull/8574
EWS
Committed 258870@main (ef82a019637b): <https://commits.webkit.org/258870@main>
Reviewed commits have been landed. Closing PR #8574 and removing active labels.