LibWeb: Limit HTMLTableCellElement colSpan to allowed values
This change ensures that `colSpan` is clamped to the maximum value of 1000 if the given value is larger than 2147483647.
This commit is contained in:
Tim Ledbetter
Andreas Kling
parent
d02b763cd6
commit
4630b1a44b
Notes:
github-actions[bot]
2024-12-02 09:26:37 +00:00
Author: https://github.com/tcl3 Commit: https://github.com/LadybirdBrowser/ladybird/commit/4630b1a44bd Pull-request: https://github.com/LadybirdBrowser/ladybird/pull/2685
4 changed files with 113 additions and 7 deletions
|
|
@ -108,14 +108,25 @@ void HTMLTableCellElement::apply_presentational_hints(CSS::StyleProperties& styl
|
|||
|
||||
// This implements step 8 in the spec here:
|
||||
// https://html.spec.whatwg.org/multipage/tables.html#algorithm-for-processing-rows
|
||||
unsigned int HTMLTableCellElement::col_span() const
|
||||
WebIDL::UnsignedLong HTMLTableCellElement::col_span() const
|
||||
{
|
||||
auto optional_value = Web::HTML::parse_non_negative_integer(get_attribute_value(HTML::AttributeNames::colspan));
|
||||
auto col_span_attribute = get_attribute(HTML::AttributeNames::colspan);
|
||||
if (!col_span_attribute.has_value())
|
||||
return 1;
|
||||
|
||||
auto optional_value_digits = Web::HTML::parse_non_negative_integer_digits(*col_span_attribute);
|
||||
|
||||
// If parsing that value failed, or returned zero, or if the attribute is absent, then let colspan be 1, instead.
|
||||
if (!optional_value.has_value() || optional_value.value() == 0) {
|
||||
if (!optional_value_digits.has_value())
|
||||
return 1;
|
||||
}
|
||||
|
||||
auto optional_value = optional_value_digits->to_number<i64>(TrimWhitespace::No);
|
||||
if (optional_value == 0)
|
||||
return 1;
|
||||
|
||||
// NOTE: If there is no value at this point the value must be larger than NumericLimits<i64>::max(), so return the maximum value of 1000.
|
||||
if (!optional_value.has_value())
|
||||
return 1000;
|
||||
|
||||
auto value = optional_value.value();
|
||||
|
||||
|
|
@ -127,8 +138,10 @@ unsigned int HTMLTableCellElement::col_span() const
|
|||
return value;
|
||||
}
|
||||
|
||||
WebIDL::ExceptionOr<void> HTMLTableCellElement::set_col_span(unsigned int value)
|
||||
WebIDL::ExceptionOr<void> HTMLTableCellElement::set_col_span(WebIDL::UnsignedLong value)
|
||||
{
|
||||
if (value > 2147483647)
|
||||
value = 1;
|
||||
return set_attribute(HTML::AttributeNames::colspan, String::number(value));
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -18,10 +18,10 @@ class HTMLTableCellElement final : public HTMLElement {
|
|||
public:
|
||||
virtual ~HTMLTableCellElement() override;
|
||||
|
||||
unsigned col_span() const;
|
||||
WebIDL::UnsignedLong col_span() const;
|
||||
unsigned row_span() const;
|
||||
|
||||
WebIDL::ExceptionOr<void> set_col_span(unsigned);
|
||||
WebIDL::ExceptionOr<void> set_col_span(WebIDL::UnsignedLong);
|
||||
WebIDL::ExceptionOr<void> set_row_span(unsigned);
|
||||
|
||||
WebIDL::Long cell_index() const;
|
||||
|
|
|
|||
|
|
@ -18,6 +18,10 @@ canvas.getAttribute("width") after canvas.setAttribute("width", "4294967295"): 4
|
|||
canvas.width after canvas.setAttribute("width", "4294967295"): 300
|
||||
canvas.getAttribute("width") after canvas.width = 4294967295: 300
|
||||
canvas.width after canvas.width = 4294967295: 300
|
||||
canvas.getAttribute("width") after canvas.setAttribute("width", "4294967296"): 4294967296
|
||||
canvas.width after canvas.setAttribute("width", "4294967296"): 300
|
||||
canvas.getAttribute("width") after canvas.width = 4294967296: 0
|
||||
canvas.width after canvas.width = 4294967296: 0
|
||||
canvas.getAttribute("height") after canvas.setAttribute("height", "0"): 0
|
||||
canvas.height after canvas.setAttribute("height", "0"): 0
|
||||
canvas.getAttribute("height") after canvas.height = 0: 0
|
||||
|
|
@ -38,6 +42,10 @@ canvas.getAttribute("height") after canvas.setAttribute("height", "4294967295"):
|
|||
canvas.height after canvas.setAttribute("height", "4294967295"): 150
|
||||
canvas.getAttribute("height") after canvas.height = 4294967295: 150
|
||||
canvas.height after canvas.height = 4294967295: 150
|
||||
canvas.getAttribute("height") after canvas.setAttribute("height", "4294967296"): 4294967296
|
||||
canvas.height after canvas.setAttribute("height", "4294967296"): 150
|
||||
canvas.getAttribute("height") after canvas.height = 4294967296: 0
|
||||
canvas.height after canvas.height = 4294967296: 0
|
||||
img.getAttribute("height") after img.setAttribute("height", "0"): 0
|
||||
img.height after img.setAttribute("height", "0"): 0
|
||||
img.getAttribute("height") after img.height = 0: 0
|
||||
|
|
@ -58,6 +66,10 @@ img.getAttribute("height") after img.setAttribute("height", "4294967295"): 42949
|
|||
img.height after img.setAttribute("height", "4294967295"): 0
|
||||
img.getAttribute("height") after img.height = 4294967295: 0
|
||||
img.height after img.height = 4294967295: 0
|
||||
img.getAttribute("height") after img.setAttribute("height", "4294967296"): 4294967296
|
||||
img.height after img.setAttribute("height", "4294967296"): 0
|
||||
img.getAttribute("height") after img.height = 4294967296: 0
|
||||
img.height after img.height = 4294967296: 0
|
||||
img.getAttribute("hspace") after img.setAttribute("hspace", "0"): 0
|
||||
img.hspace after img.setAttribute("hspace", "0"): 0
|
||||
img.getAttribute("hspace") after img.hspace = 0: 0
|
||||
|
|
@ -78,6 +90,10 @@ img.getAttribute("hspace") after img.setAttribute("hspace", "4294967295"): 42949
|
|||
img.hspace after img.setAttribute("hspace", "4294967295"): 0
|
||||
img.getAttribute("hspace") after img.hspace = 4294967295: 0
|
||||
img.hspace after img.hspace = 4294967295: 0
|
||||
img.getAttribute("hspace") after img.setAttribute("hspace", "4294967296"): 4294967296
|
||||
img.hspace after img.setAttribute("hspace", "4294967296"): 0
|
||||
img.getAttribute("hspace") after img.hspace = 4294967296: 0
|
||||
img.hspace after img.hspace = 4294967296: 0
|
||||
img.getAttribute("width") after img.setAttribute("width", "0"): 0
|
||||
img.width after img.setAttribute("width", "0"): 0
|
||||
img.getAttribute("width") after img.width = 0: 0
|
||||
|
|
@ -98,6 +114,10 @@ img.getAttribute("width") after img.setAttribute("width", "4294967295"): 4294967
|
|||
img.width after img.setAttribute("width", "4294967295"): 0
|
||||
img.getAttribute("width") after img.width = 4294967295: 0
|
||||
img.width after img.width = 4294967295: 0
|
||||
img.getAttribute("width") after img.setAttribute("width", "4294967296"): 4294967296
|
||||
img.width after img.setAttribute("width", "4294967296"): 0
|
||||
img.getAttribute("width") after img.width = 4294967296: 0
|
||||
img.width after img.width = 4294967296: 0
|
||||
input.getAttribute("maxlength") after input.setAttribute("maxLength", "0"): 0
|
||||
input.maxLength after input.setAttribute("maxlength", "0"): 0
|
||||
input.getAttribute("maxlength") after input.maxLength = 0: 0
|
||||
|
|
@ -116,6 +136,10 @@ input.maxLength = 2147483648 threw exception of type IndexSizeError
|
|||
input.getAttribute("maxlength") after input.setAttribute("maxLength", "4294967295"): 4294967295
|
||||
input.maxLength after input.setAttribute("maxlength", "4294967295"): -1
|
||||
input.maxLength = 4294967295 threw exception of type IndexSizeError
|
||||
input.getAttribute("maxlength") after input.setAttribute("maxLength", "4294967296"): 4294967296
|
||||
input.maxLength after input.setAttribute("maxlength", "4294967296"): -1
|
||||
input.getAttribute("maxlength") after input.maxLength = 4294967296: 0
|
||||
input.maxLength after input.maxLength = 4294967296: 0
|
||||
input.getAttribute("minlength") after input.setAttribute("minLength", "0"): 0
|
||||
input.minLength after input.setAttribute("minlength", "0"): 0
|
||||
input.getAttribute("minlength") after input.minLength = 0: 0
|
||||
|
|
@ -134,6 +158,10 @@ input.minLength = 2147483648 threw exception of type IndexSizeError
|
|||
input.getAttribute("minlength") after input.setAttribute("minLength", "4294967295"): 4294967295
|
||||
input.minLength after input.setAttribute("minlength", "4294967295"): -1
|
||||
input.minLength = 4294967295 threw exception of type IndexSizeError
|
||||
input.getAttribute("minlength") after input.setAttribute("minLength", "4294967296"): 4294967296
|
||||
input.minLength after input.setAttribute("minlength", "4294967296"): -1
|
||||
input.getAttribute("minlength") after input.minLength = 4294967296: 0
|
||||
input.minLength after input.minLength = 4294967296: 0
|
||||
input.getAttribute("size") after input.setAttribute("size", "0"): 0
|
||||
input.size after input.setAttribute("size", "0"): 20
|
||||
input.size = 0 threw exception of type IndexSizeError
|
||||
|
|
@ -153,6 +181,9 @@ input.getAttribute("size") after input.setAttribute("size", "4294967295"): 42949
|
|||
input.size after input.setAttribute("size", "4294967295"): 20
|
||||
input.getAttribute("size") after input.size = 4294967295: 20
|
||||
input.size after input.size = 4294967295: 20
|
||||
input.getAttribute("size") after input.setAttribute("size", "4294967296"): 4294967296
|
||||
input.size after input.setAttribute("size", "4294967296"): 20
|
||||
input.size = 4294967296 threw exception of type IndexSizeError
|
||||
input.getAttribute("height") after input.setAttribute("height", "0"): 0
|
||||
input.height after input.setAttribute("height", "0"): 0
|
||||
input.getAttribute("height") after input.height = 0: 0
|
||||
|
|
@ -173,6 +204,10 @@ input.getAttribute("height") after input.setAttribute("height", "4294967295"): 4
|
|||
input.height after input.setAttribute("height", "4294967295"): 0
|
||||
input.getAttribute("height") after input.height = 4294967295: 0
|
||||
input.height after input.height = 4294967295: 0
|
||||
input.getAttribute("height") after input.setAttribute("height", "4294967296"): 4294967296
|
||||
input.height after input.setAttribute("height", "4294967296"): 0
|
||||
input.getAttribute("height") after input.height = 4294967296: 0
|
||||
input.height after input.height = 4294967296: 0
|
||||
input.getAttribute("width") after input.setAttribute("width", "0"): 0
|
||||
input.width after input.setAttribute("width", "0"): 0
|
||||
input.getAttribute("width") after input.width = 0: 0
|
||||
|
|
@ -193,6 +228,10 @@ input.getAttribute("width") after input.setAttribute("width", "4294967295"): 429
|
|||
input.width after input.setAttribute("width", "4294967295"): 0
|
||||
input.getAttribute("width") after input.width = 4294967295: 0
|
||||
input.width after input.width = 4294967295: 0
|
||||
input.getAttribute("width") after input.setAttribute("width", "4294967296"): 4294967296
|
||||
input.width after input.setAttribute("width", "4294967296"): 0
|
||||
input.getAttribute("width") after input.width = 4294967296: 0
|
||||
input.width after input.width = 4294967296: 0
|
||||
marquee.getAttribute("scrollamount") after marquee.setAttribute("scrollAmount", "0"): 0
|
||||
marquee.scrollAmount after marquee.setAttribute("scrollamount", "0"): 0
|
||||
marquee.getAttribute("scrollamount") after marquee.scrollAmount = 0: 0
|
||||
|
|
@ -213,6 +252,10 @@ marquee.getAttribute("scrollamount") after marquee.setAttribute("scrollAmount",
|
|||
marquee.scrollAmount after marquee.setAttribute("scrollamount", "4294967295"): 6
|
||||
marquee.getAttribute("scrollamount") after marquee.scrollAmount = 4294967295: 6
|
||||
marquee.scrollAmount after marquee.scrollAmount = 4294967295: 6
|
||||
marquee.getAttribute("scrollamount") after marquee.setAttribute("scrollAmount", "4294967296"): 4294967296
|
||||
marquee.scrollAmount after marquee.setAttribute("scrollamount", "4294967296"): 6
|
||||
marquee.getAttribute("scrollamount") after marquee.scrollAmount = 4294967296: 0
|
||||
marquee.scrollAmount after marquee.scrollAmount = 4294967296: 0
|
||||
marquee.getAttribute("scrolldelay") after marquee.setAttribute("scrollDelay", "0"): 0
|
||||
marquee.scrollDelay after marquee.setAttribute("scrolldelay", "0"): 0
|
||||
marquee.getAttribute("scrolldelay") after marquee.scrollDelay = 0: 0
|
||||
|
|
@ -233,6 +276,10 @@ marquee.getAttribute("scrolldelay") after marquee.setAttribute("scrollDelay", "4
|
|||
marquee.scrollDelay after marquee.setAttribute("scrolldelay", "4294967295"): 85
|
||||
marquee.getAttribute("scrolldelay") after marquee.scrollDelay = 4294967295: 85
|
||||
marquee.scrollDelay after marquee.scrollDelay = 4294967295: 85
|
||||
marquee.getAttribute("scrolldelay") after marquee.setAttribute("scrollDelay", "4294967296"): 4294967296
|
||||
marquee.scrollDelay after marquee.setAttribute("scrolldelay", "4294967296"): 85
|
||||
marquee.getAttribute("scrolldelay") after marquee.scrollDelay = 4294967296: 0
|
||||
marquee.scrollDelay after marquee.scrollDelay = 4294967296: 0
|
||||
select.getAttribute("size") after select.setAttribute("size", "0"): 0
|
||||
select.size after select.setAttribute("size", "0"): 0
|
||||
select.getAttribute("size") after select.size = 0: 0
|
||||
|
|
@ -253,6 +300,34 @@ select.getAttribute("size") after select.setAttribute("size", "4294967295"): 429
|
|||
select.size after select.setAttribute("size", "4294967295"): 0
|
||||
select.getAttribute("size") after select.size = 4294967295: 0
|
||||
select.size after select.size = 4294967295: 0
|
||||
select.getAttribute("size") after select.setAttribute("size", "4294967296"): 4294967296
|
||||
select.size after select.setAttribute("size", "4294967296"): 0
|
||||
select.getAttribute("size") after select.size = 4294967296: 0
|
||||
select.size after select.size = 4294967296: 0
|
||||
td.getAttribute("colspan") after td.setAttribute("colSpan", "0"): 0
|
||||
td.colSpan after td.setAttribute("colspan", "0"): 1
|
||||
td.getAttribute("colspan") after td.colSpan = 0: 0
|
||||
td.colSpan after td.colSpan = 0: 1
|
||||
td.getAttribute("colspan") after td.setAttribute("colSpan", "1"): 1
|
||||
td.colSpan after td.setAttribute("colspan", "1"): 1
|
||||
td.getAttribute("colspan") after td.colSpan = 1: 1
|
||||
td.colSpan after td.colSpan = 1: 1
|
||||
td.getAttribute("colspan") after td.setAttribute("colSpan", "2147483647"): 2147483647
|
||||
td.colSpan after td.setAttribute("colspan", "2147483647"): 1000
|
||||
td.getAttribute("colspan") after td.colSpan = 2147483647: 2147483647
|
||||
td.colSpan after td.colSpan = 2147483647: 1000
|
||||
td.getAttribute("colspan") after td.setAttribute("colSpan", "2147483648"): 2147483648
|
||||
td.colSpan after td.setAttribute("colspan", "2147483648"): 1000
|
||||
td.getAttribute("colspan") after td.colSpan = 2147483648: 1
|
||||
td.colSpan after td.colSpan = 2147483648: 1
|
||||
td.getAttribute("colspan") after td.setAttribute("colSpan", "4294967295"): 4294967295
|
||||
td.colSpan after td.setAttribute("colspan", "4294967295"): 1000
|
||||
td.getAttribute("colspan") after td.colSpan = 4294967295: 1
|
||||
td.colSpan after td.colSpan = 4294967295: 1
|
||||
td.getAttribute("colspan") after td.setAttribute("colSpan", "4294967296"): 4294967296
|
||||
td.colSpan after td.setAttribute("colspan", "4294967296"): 1000
|
||||
td.getAttribute("colspan") after td.colSpan = 4294967296: 0
|
||||
td.colSpan after td.colSpan = 4294967296: 1
|
||||
textarea.getAttribute("maxlength") after textarea.setAttribute("maxLength", "0"): 0
|
||||
textarea.maxLength after textarea.setAttribute("maxlength", "0"): 0
|
||||
textarea.getAttribute("maxlength") after textarea.maxLength = 0: 0
|
||||
|
|
@ -271,6 +346,10 @@ textarea.maxLength = 2147483648 threw exception of type IndexSizeError
|
|||
textarea.getAttribute("maxlength") after textarea.setAttribute("maxLength", "4294967295"): 4294967295
|
||||
textarea.maxLength after textarea.setAttribute("maxlength", "4294967295"): -1
|
||||
textarea.maxLength = 4294967295 threw exception of type IndexSizeError
|
||||
textarea.getAttribute("maxlength") after textarea.setAttribute("maxLength", "4294967296"): 4294967296
|
||||
textarea.maxLength after textarea.setAttribute("maxlength", "4294967296"): -1
|
||||
textarea.getAttribute("maxlength") after textarea.maxLength = 4294967296: 0
|
||||
textarea.maxLength after textarea.maxLength = 4294967296: 0
|
||||
textarea.getAttribute("minlength") after textarea.setAttribute("minLength", "0"): 0
|
||||
textarea.minLength after textarea.setAttribute("minlength", "0"): 0
|
||||
textarea.getAttribute("minlength") after textarea.minLength = 0: 0
|
||||
|
|
@ -289,6 +368,10 @@ textarea.minLength = 2147483648 threw exception of type IndexSizeError
|
|||
textarea.getAttribute("minlength") after textarea.setAttribute("minLength", "4294967295"): 4294967295
|
||||
textarea.minLength after textarea.setAttribute("minlength", "4294967295"): -1
|
||||
textarea.minLength = 4294967295 threw exception of type IndexSizeError
|
||||
textarea.getAttribute("minlength") after textarea.setAttribute("minLength", "4294967296"): 4294967296
|
||||
textarea.minLength after textarea.setAttribute("minlength", "4294967296"): -1
|
||||
textarea.getAttribute("minlength") after textarea.minLength = 4294967296: 0
|
||||
textarea.minLength after textarea.minLength = 4294967296: 0
|
||||
textarea.getAttribute("rows") after textarea.setAttribute("rows", "0"): 0
|
||||
textarea.rows after textarea.setAttribute("rows", "0"): 2
|
||||
textarea.getAttribute("rows") after textarea.rows = 0: 2
|
||||
|
|
@ -309,6 +392,10 @@ textarea.getAttribute("rows") after textarea.setAttribute("rows", "4294967295"):
|
|||
textarea.rows after textarea.setAttribute("rows", "4294967295"): 2
|
||||
textarea.getAttribute("rows") after textarea.rows = 4294967295: 2
|
||||
textarea.rows after textarea.rows = 4294967295: 2
|
||||
textarea.getAttribute("rows") after textarea.setAttribute("rows", "4294967296"): 4294967296
|
||||
textarea.rows after textarea.setAttribute("rows", "4294967296"): 2
|
||||
textarea.getAttribute("rows") after textarea.rows = 4294967296: 2
|
||||
textarea.rows after textarea.rows = 4294967296: 2
|
||||
textarea.getAttribute("cols") after textarea.setAttribute("cols", "0"): 0
|
||||
textarea.cols after textarea.setAttribute("cols", "0"): 20
|
||||
textarea.getAttribute("cols") after textarea.cols = 0: 20
|
||||
|
|
@ -329,3 +416,7 @@ textarea.getAttribute("cols") after textarea.setAttribute("cols", "4294967295"):
|
|||
textarea.cols after textarea.setAttribute("cols", "4294967295"): 20
|
||||
textarea.getAttribute("cols") after textarea.cols = 4294967295: 20
|
||||
textarea.cols after textarea.cols = 4294967295: 20
|
||||
textarea.getAttribute("cols") after textarea.setAttribute("cols", "4294967296"): 4294967296
|
||||
textarea.cols after textarea.setAttribute("cols", "4294967296"): 20
|
||||
textarea.getAttribute("cols") after textarea.cols = 4294967296: 20
|
||||
textarea.cols after textarea.cols = 4294967296: 20
|
||||
|
|
|
|||
|
|
@ -34,6 +34,7 @@
|
|||
setValue(2147483647);
|
||||
setValue(2147483648);
|
||||
setValue(4294967295);
|
||||
setValue(4294967296);
|
||||
}
|
||||
|
||||
const imageButtonInputFactory = () => {
|
||||
|
|
@ -55,6 +56,7 @@
|
|||
testProperty("marquee", "scrollAmount", (marquee) => marquee.scrollAmount, (marquee, value) => marquee.scrollAmount = value);
|
||||
testProperty("marquee", "scrollDelay", (marquee) => marquee.scrollDelay, (marquee, value) => marquee.scrollDelay = value);
|
||||
testProperty("select", "size", (select) => select.size, (select, value) => select.size = value);
|
||||
testProperty("td", "colSpan", (tableCell) => tableCell.colSpan, (tableCell, value) => tableCell.colSpan = value);
|
||||
testProperty("textarea", "maxLength", (textarea) => textarea.maxLength, (textarea, value) => textarea.maxLength = value);
|
||||
testProperty("textarea", "minLength", (textarea) => textarea.minLength, (textarea, value) => textarea.minLength = value);
|
||||
testProperty("textarea", "rows", (textarea) => textarea.rows, (textarea, value) => textarea.rows = value);
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue