@supports conditions should not accept BAD_STRING and BAD_URL tokens

RESOLVED FIXED in mozilla25

Status

()

Core
CSS Parsing and Computation
RESOLVED FIXED
4 years ago
11 days ago

People

(Reporter: dbaron, Assigned: coyotebush)

Tracking

(Blocks: 1 bug, {css3})

Trunk
mozilla25
Points:
---
Bug Flags:
in-testsuite +

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(5 attachments, 1 obsolete attachment)

(Reporter)

Description

4 years ago
As we discussed during the CSS WG meeting in Tokyo two weeks ago, @supports rules aren't supposed to allow BAD_STRING and BAD_URL tokens inside of the conditions.  This is what the current spec says, but we don't implement it correctly.

http://dev.w3.org/csswg/css-conditional/#at-supports

This applies to both inside the values of properties being tested and inside unknown supports grammar (a la bug 814566).  (I've only verified that we have the bug for the first case, though.)
(Reporter)

Comment 1

4 years ago
Created attachment 763723 [details]
test of BAD_STRING in property value
(Reporter)

Comment 2

4 years ago
Created attachment 763724 [details]
test of BAD_URL in property value
(Reporter)

Comment 3

4 years ago
Created attachment 763725 [details]
test of BAD_URL in skipped region
(Reporter)

Comment 4

4 years ago
Created attachment 763726 [details]
test of BAD_STRING in skipped region
(Assignee)

Comment 5

4 years ago
Wouldn't mind having a bit more on my plate. I can work on this.
Assignee: nobody → cford
(Assignee)

Updated

4 years ago
Status: NEW → ASSIGNED
(Assignee)

Comment 6

4 years ago
It looks like I'll need some pointers on

 * what part of the spec deals with this
 * what part(s) of the parser will likely need to be modified
(Reporter)

Comment 7

4 years ago
So the part of the spec that deals with this does so somewhat implicitly.  In particular, http://dev.w3.org/csswg/css-conditional/#at-supports has:

supports_declaration_condition
  : '(' S* declaration ')'
  ;

general_enclosed
  : ( FUNCTION | '(' ) ( any | unused )* ')'
  ;

general_enclosed is intended to accept "almost anything in CSS".  Likewise declaration is:

declaration : property S* ':' S* value;

and value is something that again, accepts "almost anything in CSS".


The key point here is that "almost anything" is not the same as "anything".  There are likely differences other than the one mentioned here (BAD_STRING and BAD_URL tokens) -- but those other differences are more-than-likely mistakes in the spec rather than mistakes in the implementation.  (We probably need to do some work to look for and fix them, though.)

However, we explicitly discussed BAD_STRING and BAD_URL, and determined that it is intended that they *not* be included, since they're tokens that should always be errors.

(I'd also note that the new css-syntax spec is redefining how BAD_URL works, such that it will no longer match our implementation.  But we'll eventually want to change to match it.)


In terms of code, the parsing code lives in CSSParserImpl::ParseSupportsCondition and the functions it calls.  Note that there are some SkipUntil() calls inside those functions that are in success paths rather than failure paths (probably the only such SkipUntil() calls in the parser).  See also the eCSSToken_Bad_String and eCSSToken_Bad_URL token types generated in nsCSSScanner.
(Assignee)

Comment 8

4 years ago
Okay. My sense so far is that, to satisfy both this and bug 814556, we might need to divide "failed to parse" return values in some places into those where the condition just evaluates to false and those where we throw out the entire @supports rule. Perhaps a sort of tri-state logic: success/failure/BAD_*.
(Assignee)

Comment 9

4 years ago
Bug 814566, that is, of course.
(Reporter)

Comment 10

4 years ago
I don't think we need to use return values for this sort of thing -- we can use a member variable on the scanner for whether we encountered a certain token.  (i.e., a similar approach to bug 773296 comment 51)
(Assignee)

Comment 11

4 years ago
Created attachment 767550 [details] [diff] [review]
Patch

That works out well.

Slightly outdated try push: https://tbpl.mozilla.org/?tree=Try&rev=ee8c26bc9cbc
(Changes since: removed an unnecessary update of mSeenBadToken, added a test to confirm such.)
Attachment #767550 - Flags: review?(dbaron)
(Reporter)

Comment 12

4 years ago
Comment on attachment 767550 [details] [diff] [review]
Patch

The scanner changes look fine, but the parser changes seem wrong:  the parser still needs to obey the same rules for matching parentheses (and it's probably worth testing that) -- it's just the resulting rule isn't a valid @supports rule.
Attachment #767550 - Flags: review?(dbaron) → review-
(Assignee)

Comment 13

4 years ago
Created attachment 768660 [details] [diff] [review]
Patch v2

Per our discussion, moved the check into ParseSupportsCondition, and added a sixth test case.
Attachment #767550 - Attachment is obsolete: true
Attachment #768660 - Flags: review?(dbaron)
(Reporter)

Comment 14

4 years ago
Comment on attachment 768660 [details] [diff] [review]
Patch v2

r=dbaron
Attachment #768660 - Flags: review?(dbaron) → review+
(Assignee)

Comment 15

4 years ago
Looks good on try. https://tbpl.mozilla.org/?tree=Try&rev=778583987c93
Keywords: checkin-needed
https://hg.mozilla.org/integration/mozilla-inbound/rev/57041efa3c2b
Flags: in-testsuite+
Keywords: checkin-needed
https://hg.mozilla.org/mozilla-central/rev/57041efa3c2b
Status: ASSIGNED → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla25
(Reporter)

Updated

11 days ago
Blocks: 1353219
You need to log in before you can comment on or make changes to this bug.