diff options
author | janekptacijarabaci <janekptacijarabaci@seznam.cz> | 2017-07-28 09:14:26 +0200 |
---|---|---|
committer | janekptacijarabaci <janekptacijarabaci@seznam.cz> | 2017-07-28 09:14:26 +0200 |
commit | c4fd0ec4800e522efea1a54b94e3da7a1f10a173 (patch) | |
tree | 0151b49f2ad9fe1e8d970ed5389c5b28bdf918b8 /layout | |
parent | 6a79cfd546ae3558d9817d23c213fd6ea821ef10 (diff) | |
download | palemoon-gre-c4fd0ec4800e522efea1a54b94e3da7a1f10a173.tar.gz |
CSS - selectors - "-moz-handler" css pseudo-classes leak plugin state to content (bug 1025267)
Diffstat (limited to 'layout')
-rw-r--r-- | layout/style/nsCSSParser.cpp | 9 | ||||
-rw-r--r-- | layout/style/nsCSSPseudoClassList.h | 36 | ||||
-rw-r--r-- | layout/style/nsCSSPseudoClasses.h | 7 | ||||
-rw-r--r-- | layout/style/test/test_selectors.html | 17 |
4 files changed, 50 insertions, 19 deletions
diff --git a/layout/style/nsCSSParser.cpp b/layout/style/nsCSSParser.cpp index e1f67e1f1..651f103a0 100644 --- a/layout/style/nsCSSParser.cpp +++ b/layout/style/nsCSSParser.cpp @@ -302,6 +302,10 @@ public: uint32_t aLineNumber, uint32_t aLineOffset); + bool ChromeOrCertifiedAppRulesEnabled() const { + return mIsChromeOrCertifiedApp; + } + nsCSSProps::EnabledState PropertyEnabledState() const { static_assert(nsCSSProps::eEnabledForAllContent == 0, "nsCSSProps::eEnabledForAllContent should be zero for " @@ -5412,7 +5416,10 @@ CSSParserImpl::ParsePseudoSelector(int32_t& aDataMask, ((pseudoElementType < nsCSSPseudoElements::ePseudo_PseudoElementCount && nsCSSPseudoElements::PseudoElementIsUASheetOnly(pseudoElementType)) || (pseudoClassType != nsCSSPseudoClasses::ePseudoClass_NotPseudoClass && - nsCSSPseudoClasses::PseudoClassIsUASheetOnly(pseudoClassType)))) { + nsCSSPseudoClasses::PseudoClassIsUASheetOnly(pseudoClassType)) || + (!ChromeOrCertifiedAppRulesEnabled() && + (pseudoClassType != nsCSSPseudoClasses::ePseudoClass_NotPseudoClass && + nsCSSPseudoClasses::PseudoClassIsUASheetAndChromeOnly(pseudoClassType))))) { // This pseudo-element or pseudo-class is not exposed to content. REPORT_UNEXPECTED_TOKEN(PEPseudoSelUnknown); UngetToken(); diff --git a/layout/style/nsCSSPseudoClassList.h b/layout/style/nsCSSPseudoClassList.h index 760b0825c..21aa0943e 100644 --- a/layout/style/nsCSSPseudoClassList.h +++ b/layout/style/nsCSSPseudoClassList.h @@ -171,28 +171,40 @@ CSS_STATE_PSEUDO_CLASS(mozFocusRing, ":-moz-focusring", 0, "", NS_EVENT_STATE_FO // Image, object, etc state pseudo-classes CSS_STATE_PSEUDO_CLASS(mozBroken, ":-moz-broken", 0, "", NS_EVENT_STATE_BROKEN) -CSS_STATE_PSEUDO_CLASS(mozUserDisabled, ":-moz-user-disabled", 0, "", +CSS_STATE_PSEUDO_CLASS(mozLoading, ":-moz-loading", 0, "", NS_EVENT_STATE_LOADING) + +CSS_STATE_PSEUDO_CLASS(mozUserDisabled, ":-moz-user-disabled", + CSS_PSEUDO_CLASS_UA_SHEET_AND_CHROME, "", NS_EVENT_STATE_USERDISABLED) -CSS_STATE_PSEUDO_CLASS(mozSuppressed, ":-moz-suppressed", 0, "", +CSS_STATE_PSEUDO_CLASS(mozSuppressed, ":-moz-suppressed", + CSS_PSEUDO_CLASS_UA_SHEET_AND_CHROME, "", NS_EVENT_STATE_SUPPRESSED) -CSS_STATE_PSEUDO_CLASS(mozLoading, ":-moz-loading", 0, "", NS_EVENT_STATE_LOADING) -CSS_STATE_PSEUDO_CLASS(mozTypeUnsupported, ":-moz-type-unsupported", 0, "", +CSS_STATE_PSEUDO_CLASS(mozTypeUnsupported, ":-moz-type-unsupported", + CSS_PSEUDO_CLASS_UA_SHEET_AND_CHROME, "", NS_EVENT_STATE_TYPE_UNSUPPORTED) -CSS_STATE_PSEUDO_CLASS(mozTypeUnsupportedPlatform, ":-moz-type-unsupported-platform", 0, "", +CSS_STATE_PSEUDO_CLASS(mozTypeUnsupportedPlatform, ":-moz-type-unsupported-platform", + CSS_PSEUDO_CLASS_UA_SHEET_AND_CHROME, "", NS_EVENT_STATE_TYPE_UNSUPPORTED_PLATFORM) -CSS_STATE_PSEUDO_CLASS(mozHandlerClickToPlay, ":-moz-handler-clicktoplay", 0, "", +CSS_STATE_PSEUDO_CLASS(mozHandlerClickToPlay, ":-moz-handler-clicktoplay", + CSS_PSEUDO_CLASS_UA_SHEET_AND_CHROME, "", NS_EVENT_STATE_TYPE_CLICK_TO_PLAY) -CSS_STATE_PSEUDO_CLASS(mozHandlerPlayPreview, ":-moz-handler-playpreview", 0, "", +CSS_STATE_PSEUDO_CLASS(mozHandlerPlayPreview, ":-moz-handler-playpreview", + CSS_PSEUDO_CLASS_UA_SHEET_AND_CHROME, "", NS_EVENT_STATE_TYPE_PLAY_PREVIEW) -CSS_STATE_PSEUDO_CLASS(mozHandlerVulnerableUpdatable, ":-moz-handler-vulnerable-updatable", 0, "", +CSS_STATE_PSEUDO_CLASS(mozHandlerVulnerableUpdatable, ":-moz-handler-vulnerable-updatable", + CSS_PSEUDO_CLASS_UA_SHEET_AND_CHROME, "", NS_EVENT_STATE_VULNERABLE_UPDATABLE) -CSS_STATE_PSEUDO_CLASS(mozHandlerVulnerableNoUpdate, ":-moz-handler-vulnerable-no-update", 0, "", +CSS_STATE_PSEUDO_CLASS(mozHandlerVulnerableNoUpdate, ":-moz-handler-vulnerable-no-update", + CSS_PSEUDO_CLASS_UA_SHEET_AND_CHROME, "", NS_EVENT_STATE_VULNERABLE_NO_UPDATE) -CSS_STATE_PSEUDO_CLASS(mozHandlerDisabled, ":-moz-handler-disabled", 0, "", +CSS_STATE_PSEUDO_CLASS(mozHandlerDisabled, ":-moz-handler-disabled", + CSS_PSEUDO_CLASS_UA_SHEET_AND_CHROME, "", NS_EVENT_STATE_HANDLER_DISABLED) -CSS_STATE_PSEUDO_CLASS(mozHandlerBlocked, ":-moz-handler-blocked", 0, "", +CSS_STATE_PSEUDO_CLASS(mozHandlerBlocked, ":-moz-handler-blocked", + CSS_PSEUDO_CLASS_UA_SHEET_AND_CHROME, "", NS_EVENT_STATE_HANDLER_BLOCKED) -CSS_STATE_PSEUDO_CLASS(mozHandlerCrashed, ":-moz-handler-crashed", 0, "", +CSS_STATE_PSEUDO_CLASS(mozHandlerCrashed, ":-moz-handler-crashed", + CSS_PSEUDO_CLASS_UA_SHEET_AND_CHROME, "", NS_EVENT_STATE_HANDLER_CRASHED) CSS_STATE_PSEUDO_CLASS(mozMathIncrementScriptLevel, diff --git a/layout/style/nsCSSPseudoClasses.h b/layout/style/nsCSSPseudoClasses.h index 518bc893b..7d8a5cfd6 100644 --- a/layout/style/nsCSSPseudoClasses.h +++ b/layout/style/nsCSSPseudoClasses.h @@ -10,8 +10,10 @@ #include "nsStringFwd.h" -// This pseudo-element is accepted only in UA style sheets. +// This pseudo-class is accepted only in UA style sheets. #define CSS_PSEUDO_CLASS_UA_SHEET_ONLY (1<<0) +// This pseudo-class is accepted only in UA style sheets and chrome. +#define CSS_PSEUDO_CLASS_UA_SHEET_AND_CHROME (1<<1) class nsIAtom; @@ -41,6 +43,9 @@ public: static bool PseudoClassIsUASheetOnly(Type aType) { return PseudoClassHasFlags(aType, CSS_PSEUDO_CLASS_UA_SHEET_ONLY); } + static bool PseudoClassIsUASheetAndChromeOnly(Type aType) { + return PseudoClassHasFlags(aType, CSS_PSEUDO_CLASS_UA_SHEET_AND_CHROME); + } // Should only be used on types other than Count and NotPseudoClass static void PseudoTypeToString(Type aType, nsAString& aString); diff --git a/layout/style/test/test_selectors.html b/layout/style/test/test_selectors.html index b74e5ccfa..b0023fd76 100644 --- a/layout/style/test/test_selectors.html +++ b/layout/style/test/test_selectors.html @@ -1097,11 +1097,18 @@ function run() { test_parseable(":-moz-window-inactive"); test_parseable("div p:-moz-window-inactive:hover span"); - // Plugin pseudoclasses - test_parseable(":-moz-type-unsupported"); - test_parseable(":-moz-handler-disabled"); - test_parseable(":-moz-handler-blocked"); - test_parseable(":-moz-handler-crashed"); + // Plugin pseudoclasses are chrome-only: + test_unbalanced_unparseable(":-moz-type-unsupported"); + test_unbalanced_unparseable(":-moz-user-disabled"); + test_unbalanced_unparseable(":-moz-suppressed"); + test_unbalanced_unparseable(":-moz-type-unsupported"); + test_unbalanced_unparseable(":-moz-type-unsupported-platform"); + test_unbalanced_unparseable(":-moz-handler-clicktoplay"); + test_unbalanced_unparseable(":-moz-handler-vulnerable-updatable"); + test_unbalanced_unparseable(":-moz-handler-vulnerable-no-update"); + test_unbalanced_unparseable(":-moz-handler-disabled"); + test_unbalanced_unparseable(":-moz-handler-blocked"); + test_unbalanced_unparseable(":-moz-handler-crashed"); // We're not in a UA sheet, so this should be invalid. test_balanced_unparseable(":-moz-native-anonymous"); |