Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(307)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/core/css/SelectorChecker.cpp

Issue 23710067: :-webkit-any pseudo with escaped '(' should not crash. (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: Removed workaround code for :not() Created 7 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « Source/core/css/CSSSelector.cpp ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org) 2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org)
3 * (C) 2004-2005 Allan Sandfeld Jensen (kde@carewolf.com) 3 * (C) 2004-2005 Allan Sandfeld Jensen (kde@carewolf.com)
4 * Copyright (C) 2006, 2007 Nicholas Shanks (webkit@nickshanks.com) 4 * Copyright (C) 2006, 2007 Nicholas Shanks (webkit@nickshanks.com)
5 * Copyright (C) 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013 Apple Inc. All rights reserved. 5 * Copyright (C) 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013 Apple Inc. All rights reserved.
6 * Copyright (C) 2007 Alexey Proskuryakov <ap@webkit.org> 6 * Copyright (C) 2007 Alexey Proskuryakov <ap@webkit.org>
7 * Copyright (C) 2007, 2008 Eric Seidel <eric@webkit.org> 7 * Copyright (C) 2007, 2008 Eric Seidel <eric@webkit.org>
8 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. (http://www.t orchmobile.com/) 8 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. (http://www.t orchmobile.com/)
9 * Copyright (c) 2011, Code Aurora Forum. All rights reserved. 9 * Copyright (c) 2011, Code Aurora Forum. All rights reserved.
10 * Copyright (C) Research In Motion Limited 2011. All rights reserved. 10 * Copyright (C) Research In Motion Limited 2011. All rights reserved.
(...skipping 395 matching lines...) Expand 10 before | Expand all | Expand 10 after
406 406
407 bool caseSensitive = !m_documentIsHTML || HTMLDocument::isCaseSensitiveA ttribute(attr); 407 bool caseSensitive = !m_documentIsHTML || HTMLDocument::isCaseSensitiveA ttribute(attr);
408 408
409 if (!anyAttributeMatches(element, static_cast<CSSSelector::Match>(select or->m_match), attr, selector->value(), caseSensitive)) 409 if (!anyAttributeMatches(element, static_cast<CSSSelector::Match>(select or->m_match), attr, selector->value(), caseSensitive))
410 return false; 410 return false;
411 } 411 }
412 412
413 if (selector->m_match == CSSSelector::PseudoClass) { 413 if (selector->m_match == CSSSelector::PseudoClass) {
414 // Handle :not up front. 414 // Handle :not up front.
415 if (selector->pseudoType() == CSSSelector::PseudoNot) { 415 if (selector->pseudoType() == CSSSelector::PseudoNot) {
416 const CSSSelectorList* selectorList = selector->selectorList();
417
418 // FIXME: We probably should fix the parser and make it never produc e :not rules with missing selector list.
419 if (!selectorList)
420 return false;
421
422 SelectorCheckingContext subContext(context); 416 SelectorCheckingContext subContext(context);
423 subContext.isSubSelector = true; 417 subContext.isSubSelector = true;
424 for (subContext.selector = selectorList->first(); subContext.selecto r; subContext.selector = subContext.selector->tagHistory()) { 418 ASSERT(selector->selectorList());
419 for (subContext.selector = selector->selectorList()->first(); subCon text.selector; subContext.selector = subContext.selector->tagHistory()) {
425 // :not cannot nest. I don't really know why this is a 420 // :not cannot nest. I don't really know why this is a
426 // restriction in CSS3, but it is, so let's honor it. 421 // restriction in CSS3, but it is, so let's honor it.
427 // the parser enforces that this never occurs 422 // the parser enforces that this never occurs
428 ASSERT(subContext.selector->pseudoType() != CSSSelector::PseudoN ot); 423 ASSERT(subContext.selector->pseudoType() != CSSSelector::PseudoN ot);
429 // We select between :visited and :link when applying. We don't know which one applied (or not) yet. 424 // We select between :visited and :link when applying. We don't know which one applied (or not) yet.
430 if (subContext.selector->pseudoType() == CSSSelector::PseudoVisi ted || (subContext.selector->pseudoType() == CSSSelector::PseudoLink && subConte xt.visitedMatchType == VisitedMatchEnabled)) 425 if (subContext.selector->pseudoType() == CSSSelector::PseudoVisi ted || (subContext.selector->pseudoType() == CSSSelector::PseudoLink && subConte xt.visitedMatchType == VisitedMatchEnabled))
431 return true; 426 return true;
432 if (!checkOne(subContext, DOMSiblingTraversalStrategy())) 427 if (!checkOne(subContext, DOMSiblingTraversalStrategy()))
433 return true; 428 return true;
434 } 429 }
(...skipping 167 matching lines...) Expand 10 before | Expand all | Expand 10 after
602 break; 597 break;
603 case CSSSelector::PseudoTarget: 598 case CSSSelector::PseudoTarget:
604 if (element == element->document().cssTarget()) 599 if (element == element->document().cssTarget())
605 return true; 600 return true;
606 break; 601 break;
607 case CSSSelector::PseudoAny: 602 case CSSSelector::PseudoAny:
608 { 603 {
609 SelectorCheckingContext subContext(context); 604 SelectorCheckingContext subContext(context);
610 subContext.isSubSelector = true; 605 subContext.isSubSelector = true;
611 PseudoId ignoreDynamicPseudo = NOPSEUDO; 606 PseudoId ignoreDynamicPseudo = NOPSEUDO;
607 ASSERT(selector->selectorList());
612 for (subContext.selector = selector->selectorList()->first(); su bContext.selector; subContext.selector = CSSSelectorList::next(subContext.select or)) { 608 for (subContext.selector = selector->selectorList()->first(); su bContext.selector; subContext.selector = CSSSelectorList::next(subContext.select or)) {
613 if (match(subContext, ignoreDynamicPseudo, siblingTraversalS trategy) == SelectorMatches) 609 if (match(subContext, ignoreDynamicPseudo, siblingTraversalS trategy) == SelectorMatches)
614 return true; 610 return true;
615 } 611 }
616 } 612 }
617 break; 613 break;
618 case CSSSelector::PseudoAutofill: 614 case CSSSelector::PseudoAutofill:
619 if (!element || !element->isFormControlElement()) 615 if (!element || !element->isFormControlElement())
620 break; 616 break;
621 if (element->hasTagName(inputTag)) 617 if (element->hasTagName(inputTag))
(...skipping 317 matching lines...) Expand 10 before | Expand all | Expand 10 after
939 { 935 {
940 unsigned linkMatchType = MatchAll; 936 unsigned linkMatchType = MatchAll;
941 937
942 // Statically determine if this selector will match a link in visited, unvis ited or any state, or never. 938 // Statically determine if this selector will match a link in visited, unvis ited or any state, or never.
943 // :visited never matches other elements than the innermost link element. 939 // :visited never matches other elements than the innermost link element.
944 for (; selector; selector = selector->tagHistory()) { 940 for (; selector; selector = selector->tagHistory()) {
945 switch (selector->pseudoType()) { 941 switch (selector->pseudoType()) {
946 case CSSSelector::PseudoNot: 942 case CSSSelector::PseudoNot:
947 { 943 {
948 // :not(:visited) is equivalent to :link. Parser enforces that : not can't nest. 944 // :not(:visited) is equivalent to :link. Parser enforces that : not can't nest.
949 const CSSSelectorList* selectorList = selector->selectorList(); 945 ASSERT(selector->selectorList());
950 if (!selectorList) 946 for (const CSSSelector* subSelector = selector->selectorList()-> first(); subSelector; subSelector = subSelector->tagHistory()) {
951 break;
952
953 for (const CSSSelector* subSelector = selectorList->first(); sub Selector; subSelector = subSelector->tagHistory()) {
954 CSSSelector::PseudoType subType = subSelector->pseudoType(); 947 CSSSelector::PseudoType subType = subSelector->pseudoType();
955 if (subType == CSSSelector::PseudoVisited) 948 if (subType == CSSSelector::PseudoVisited)
956 linkMatchType &= ~SelectorChecker::MatchVisited; 949 linkMatchType &= ~SelectorChecker::MatchVisited;
957 else if (subType == CSSSelector::PseudoLink) 950 else if (subType == CSSSelector::PseudoLink)
958 linkMatchType &= ~SelectorChecker::MatchLink; 951 linkMatchType &= ~SelectorChecker::MatchLink;
959 } 952 }
960 } 953 }
961 break; 954 break;
962 case CSSSelector::PseudoLink: 955 case CSSSelector::PseudoLink:
963 linkMatchType &= ~SelectorChecker::MatchVisited; 956 linkMatchType &= ~SelectorChecker::MatchVisited;
(...skipping 28 matching lines...) Expand all
992 return element->focused() && isFrameFocused(element); 985 return element->focused() && isFrameFocused(element);
993 } 986 }
994 987
995 template 988 template
996 SelectorChecker::Match SelectorChecker::match(const SelectorCheckingContext&, Ps eudoId&, const DOMSiblingTraversalStrategy&) const; 989 SelectorChecker::Match SelectorChecker::match(const SelectorCheckingContext&, Ps eudoId&, const DOMSiblingTraversalStrategy&) const;
997 990
998 template 991 template
999 SelectorChecker::Match SelectorChecker::match(const SelectorCheckingContext&, Ps eudoId&, const ShadowDOMSiblingTraversalStrategy&) const; 992 SelectorChecker::Match SelectorChecker::match(const SelectorCheckingContext&, Ps eudoId&, const ShadowDOMSiblingTraversalStrategy&) const;
1000 993
1001 } 994 }
OLDNEW
« no previous file with comments | « Source/core/css/CSSSelector.cpp ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698