As we discussed during the CSS WG meeting in Tokyo two weeks ago, @supports rules aren't supposed to allow BAD_STRING and BAD_URL tokens inside of the conditions. This is what the current spec says, but we don't implement it correctly.
This applies to both inside the values of properties being tested and inside unknown supports grammar (a la bug 814566). (I've only verified that we have the bug for the first case, though.)
Created attachment 763723 [details]
test of BAD_STRING in property value
Created attachment 763724 [details]
test of BAD_URL in property value
Created attachment 763725 [details]
test of BAD_URL in skipped region
Created attachment 763726 [details]
test of BAD_STRING in skipped region
Wouldn't mind having a bit more on my plate. I can work on this.
It looks like I'll need some pointers on
* what part of the spec deals with this
* what part(s) of the parser will likely need to be modified
So the part of the spec that deals with this does so somewhat implicitly. In particular, http://dev.w3.org/csswg/css-conditional/#at-supports has:
: '(' S* declaration ')'
: ( FUNCTION | '(' ) ( any | unused )* ')'
general_enclosed is intended to accept "almost anything in CSS". Likewise declaration is:
declaration : property S* ':' S* value;
and value is something that again, accepts "almost anything in CSS".
The key point here is that "almost anything" is not the same as "anything". There are likely differences other than the one mentioned here (BAD_STRING and BAD_URL tokens) -- but those other differences are more-than-likely mistakes in the spec rather than mistakes in the implementation. (We probably need to do some work to look for and fix them, though.)
However, we explicitly discussed BAD_STRING and BAD_URL, and determined that it is intended that they *not* be included, since they're tokens that should always be errors.
(I'd also note that the new css-syntax spec is redefining how BAD_URL works, such that it will no longer match our implementation. But we'll eventually want to change to match it.)
In terms of code, the parsing code lives in CSSParserImpl::ParseSupportsCondition and the functions it calls. Note that there are some SkipUntil() calls inside those functions that are in success paths rather than failure paths (probably the only such SkipUntil() calls in the parser). See also the eCSSToken_Bad_String and eCSSToken_Bad_URL token types generated in nsCSSScanner.
Okay. My sense so far is that, to satisfy both this and bug 814556, we might need to divide "failed to parse" return values in some places into those where the condition just evaluates to false and those where we throw out the entire @supports rule. Perhaps a sort of tri-state logic: success/failure/BAD_*.
Bug 814566, that is, of course.
I don't think we need to use return values for this sort of thing -- we can use a member variable on the scanner for whether we encountered a certain token. (i.e., a similar approach to bug 773296 comment 51)
Created attachment 767550 [details] [diff] [review]
That works out well.
Slightly outdated try push: https://tbpl.mozilla.org/?tree=Try&rev=ee8c26bc9cbc
(Changes since: removed an unnecessary update of mSeenBadToken, added a test to confirm such.)
Comment on attachment 767550 [details] [diff] [review]
The scanner changes look fine, but the parser changes seem wrong: the parser still needs to obey the same rules for matching parentheses (and it's probably worth testing that) -- it's just the resulting rule isn't a valid @supports rule.
Created attachment 768660 [details] [diff] [review]
Per our discussion, moved the check into ParseSupportsCondition, and added a sixth test case.
Comment on attachment 768660 [details] [diff] [review]
Looks good on try. https://tbpl.mozilla.org/?tree=Try&rev=778583987c93