Closed Bug 883987 Opened 7 years ago Closed 7 years ago
@supports conditions should not accept BAD
_STRING and BAD _URL tokens
134 bytes, text/html
145 bytes, text/html
136 bytes, text/html
125 bytes, text/html
6.96 KB, patch
|Details | Diff | Splinter Review|
As we discussed during the CSS WG meeting in Tokyo two weeks ago, @supports rules aren't supposed to allow BAD_STRING and BAD_URL tokens inside of the conditions. This is what the current spec says, but we don't implement it correctly. http://dev.w3.org/csswg/css-conditional/#at-supports This applies to both inside the values of properties being tested and inside unknown supports grammar (a la bug 814566). (I've only verified that we have the bug for the first case, though.)
Wouldn't mind having a bit more on my plate. I can work on this.
Assignee: nobody → cford
It looks like I'll need some pointers on * what part of the spec deals with this * what part(s) of the parser will likely need to be modified
So the part of the spec that deals with this does so somewhat implicitly. In particular, http://dev.w3.org/csswg/css-conditional/#at-supports has: supports_declaration_condition : '(' S* declaration ')' ; general_enclosed : ( FUNCTION | '(' ) ( any | unused )* ')' ; general_enclosed is intended to accept "almost anything in CSS". Likewise declaration is: declaration : property S* ':' S* value; and value is something that again, accepts "almost anything in CSS". The key point here is that "almost anything" is not the same as "anything". There are likely differences other than the one mentioned here (BAD_STRING and BAD_URL tokens) -- but those other differences are more-than-likely mistakes in the spec rather than mistakes in the implementation. (We probably need to do some work to look for and fix them, though.) However, we explicitly discussed BAD_STRING and BAD_URL, and determined that it is intended that they *not* be included, since they're tokens that should always be errors. (I'd also note that the new css-syntax spec is redefining how BAD_URL works, such that it will no longer match our implementation. But we'll eventually want to change to match it.) In terms of code, the parsing code lives in CSSParserImpl::ParseSupportsCondition and the functions it calls. Note that there are some SkipUntil() calls inside those functions that are in success paths rather than failure paths (probably the only such SkipUntil() calls in the parser). See also the eCSSToken_Bad_String and eCSSToken_Bad_URL token types generated in nsCSSScanner.
Okay. My sense so far is that, to satisfy both this and bug 814556, we might need to divide "failed to parse" return values in some places into those where the condition just evaluates to false and those where we throw out the entire @supports rule. Perhaps a sort of tri-state logic: success/failure/BAD_*.
Bug 814566, that is, of course.
I don't think we need to use return values for this sort of thing -- we can use a member variable on the scanner for whether we encountered a certain token. (i.e., a similar approach to bug 773296 comment 51)
That works out well. Slightly outdated try push: https://tbpl.mozilla.org/?tree=Try&rev=ee8c26bc9cbc (Changes since: removed an unnecessary update of mSeenBadToken, added a test to confirm such.)
Attachment #767550 - Flags: review?(dbaron)
Comment on attachment 767550 [details] [diff] [review] Patch The scanner changes look fine, but the parser changes seem wrong: the parser still needs to obey the same rules for matching parentheses (and it's probably worth testing that) -- it's just the resulting rule isn't a valid @supports rule.
Attachment #767550 - Flags: review?(dbaron) → review-
Per our discussion, moved the check into ParseSupportsCondition, and added a sixth test case.
Comment on attachment 768660 [details] [diff] [review] Patch v2 r=dbaron
Attachment #768660 - Flags: review?(dbaron) → review+
Looks good on try. https://tbpl.mozilla.org/?tree=Try&rev=778583987c93
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla25
You need to log in before you can comment on or make changes to this bug.