196525 – (CVE-2019-8615) Remove support for -apple-trailing-word

Bug 196525 (CVE-2019-8615) - Remove support for -apple-trailing-word

Summary: Remove support for -apple-trailing-word

Status:	RESOLVED FIXED

Alias:	CVE-2019-8615

Product:	WebKit
Classification:	Unclassified
Component:	New Bugs (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Myles C. Maxfield

URL:
Keywords:	InRadar

Depends on:
Blocks:	234672
	Show dependency tree / graph

Reported:	2019-04-02 20:39 PDT by Myles C. Maxfield
Modified:	2021-12-24 14:50 PST (History)
CC List:	7 users (show)

See Also:

Attachments
Patch (97.69 KB, patch) 2019-04-02 20:43 PDT, Myles C. Maxfield	no flags	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Myles C. Maxfield 2019-04-02 20:39:19 PDT

Remove support for -apple-trailing-word

Comment 1 Myles C. Maxfield 2019-04-02 20:43:04 PDT

Created attachment 366573 [details]
Patch

Comment 2 zalan 2019-04-03 07:28:16 PDT

Comment on attachment 366573 [details]
Patch

Yay, InlineIteratorHistory tricked me a few times in the past.

Comment 3 WebKit Commit Bot 2019-04-03 12:48:04 PDT

Comment on attachment 366573 [details]
Patch

Clearing flags on attachment: 366573

Committed r243819: <https://trac.webkit.org/changeset/243819>

Comment 4 WebKit Commit Bot 2019-04-03 12:48:05 PDT

All reviewed patches have been landed.  Closing bug.

Comment 5 Radar WebKit Bug Importer 2019-04-03 12:49:17 PDT

<rdar://problem/49569237>

Comment 6 Ryosuke Niwa 2019-04-03 12:55:24 PDT

This seems to break Safari detection in https://github.com/cssinjs/css-vendor/blob/41ccf9503d283ee63dd5432595f8902b34f5c2a8/src/prefix.js

Comment 7 Ryosuke Niwa 2019-04-03 12:59:19 PDT

Another example of CSS which uses this CSS property to workaround a bug in Safari:
https://github.com/StackExchange/Stacks/blob/d3a876faf07a13666e6b83220c94ae6a68a58c16/lib/css/components/_stacks-spinner.less

Comment 8 Myles C. Maxfield 2019-04-03 13:22:15 PDT

I wonder if I can make pull requests to those repositories, or at least open issues.

Comment 9 Myles C. Maxfield 2019-04-03 13:23:01 PDT

By the way, things like this are exactly why we should never have exposed this property to the Web in the first place.

Comment 10 Simon Fraser (smfr) 2019-04-03 13:26:14 PDT

I already opened issues.

Comment 11 Simon Fraser (smfr) 2019-04-03 13:29:04 PDT

Comment on attachment 366573 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=366573&action=review

> Source/WebCore/css/CSSProperties.json:-6968
> -        "-apple-trailing-word": {
> -            "inherited": true,
> -            "values": [
> -                "auto",
> -                "-webkit-partially-balanced"
> -            ],
> -            "codegen-properties": {
> -                "name-for-methods": "TrailingWord",
> -                "enable-if": "ENABLE_CSS_TRAILING_WORD"
> -            },
> -            "status": "non-standard"
> -        },

This should have left the property, but marked it "removed" with code-gen disabled.