LibWeb/CSS: Disallow :has() and pseudo-elements in :has() when parsing

This commit is contained in:
Sam Atkins 2024-11-14 12:18:10 +00:00 committed by Andreas Kling
parent ad1f93504e
commit 7f803c5c3d
Notes: github-actions[bot] 2024-11-14 19:08:37 +00:00
6 changed files with 45 additions and 0 deletions

View file

@ -413,6 +413,8 @@ private:
}; };
static ContextType context_type_for_at_rule(FlyString const&); static ContextType context_type_for_at_rule(FlyString const&);
Vector<ContextType> m_rule_context; Vector<ContextType> m_rule_context;
Vector<PseudoClass> m_pseudo_class_context; // Stack of pseudo-class functions we're currently inside
}; };
} }

View file

@ -411,6 +411,11 @@ Parser::ParseErrorOr<Selector::SimpleSelector> Parser::parse_pseudo_simple_selec
// Note: We allow the "ignored" -webkit prefix here for -webkit-progress-bar/-webkit-progress-bar // Note: We allow the "ignored" -webkit prefix here for -webkit-progress-bar/-webkit-progress-bar
if (auto pseudo_element = Selector::PseudoElement::from_string(pseudo_name); pseudo_element.has_value()) { if (auto pseudo_element = Selector::PseudoElement::from_string(pseudo_name); pseudo_element.has_value()) {
// :has() is fussy about pseudo-elements inside it
if (m_pseudo_class_context.contains_slow(PseudoClass::Has) && !is_has_allowed_pseudo_element(pseudo_element->type())) {
return ParseError::SyntaxError;
}
return Selector::SimpleSelector { return Selector::SimpleSelector {
.type = Selector::SimpleSelector::Type::PseudoElement, .type = Selector::SimpleSelector::Type::PseudoElement,
.value = pseudo_element.release_value() .value = pseudo_element.release_value()
@ -423,6 +428,10 @@ Parser::ParseErrorOr<Selector::SimpleSelector> Parser::parse_pseudo_simple_selec
// valid at parse time, but ::-webkit-jkl() is not.) If theyre not otherwise recognized and supported, they // valid at parse time, but ::-webkit-jkl() is not.) If theyre not otherwise recognized and supported, they
// must be treated as matching nothing, and are unknown -webkit- pseudo-elements. // must be treated as matching nothing, and are unknown -webkit- pseudo-elements.
if (pseudo_name.starts_with_bytes("-webkit-"sv, CaseSensitivity::CaseInsensitive)) { if (pseudo_name.starts_with_bytes("-webkit-"sv, CaseSensitivity::CaseInsensitive)) {
// :has() only allows a limited set of pseudo-elements inside it, which doesn't include unknown ones.
if (m_pseudo_class_context.contains_slow(PseudoClass::Has))
return ParseError::SyntaxError;
return Selector::SimpleSelector { return Selector::SimpleSelector {
.type = Selector::SimpleSelector::Type::PseudoElement, .type = Selector::SimpleSelector::Type::PseudoElement,
// Unknown -webkit- pseudo-elements must be serialized in ASCII lowercase. // Unknown -webkit- pseudo-elements must be serialized in ASCII lowercase.
@ -470,6 +479,11 @@ Parser::ParseErrorOr<Selector::SimpleSelector> Parser::parse_pseudo_simple_selec
case Selector::PseudoElement::Type::Before: case Selector::PseudoElement::Type::Before:
case Selector::PseudoElement::Type::FirstLetter: case Selector::PseudoElement::Type::FirstLetter:
case Selector::PseudoElement::Type::FirstLine: case Selector::PseudoElement::Type::FirstLine:
// :has() is fussy about pseudo-elements inside it
if (m_pseudo_class_context.contains_slow(PseudoClass::Has) && !is_has_allowed_pseudo_element(pseudo_element->type())) {
return ParseError::SyntaxError;
}
return Selector::SimpleSelector { return Selector::SimpleSelector {
.type = Selector::SimpleSelector::Type::PseudoElement, .type = Selector::SimpleSelector::Type::PseudoElement,
.value = pseudo_element.value() .value = pseudo_element.value()
@ -545,6 +559,16 @@ Parser::ParseErrorOr<Selector::SimpleSelector> Parser::parse_pseudo_simple_selec
return ParseError::SyntaxError; return ParseError::SyntaxError;
} }
// "The :has() pseudo-class cannot be nested; :has() is not valid within :has()."
// https://drafts.csswg.org/selectors/#relational
if (pseudo_class == PseudoClass::Has && m_pseudo_class_context.contains_slow(PseudoClass::Has)) {
dbgln_if(CSS_PARSER_DEBUG, ":has() is not allowed inside :has()");
return ParseError::SyntaxError;
}
m_pseudo_class_context.append(pseudo_class);
ScopeGuard guard = [&] { m_pseudo_class_context.take_last(); };
switch (metadata.parameter_type) { switch (metadata.parameter_type) {
case PseudoClassMetadata::ParameterType::ANPlusB: case PseudoClassMetadata::ParameterType::ANPlusB:
return parse_nth_child_selector(pseudo_class, pseudo_function.value, false); return parse_nth_child_selector(pseudo_class, pseudo_function.value, false);

View file

@ -687,4 +687,11 @@ SelectorList adapt_nested_relative_selector_list(SelectorList const& selectors)
return new_list; return new_list;
} }
// https://drafts.csswg.org/selectors/#has-allowed-pseudo-element
bool is_has_allowed_pseudo_element(Selector::PseudoElement::Type)
{
// No spec currently defines any pseudo-elements that are allowed in :has()
return false;
}
} }

View file

@ -275,6 +275,8 @@ String serialize_a_group_of_selectors(SelectorList const& selectors);
SelectorList adapt_nested_relative_selector_list(SelectorList const&); SelectorList adapt_nested_relative_selector_list(SelectorList const&);
bool is_has_allowed_pseudo_element(Selector::PseudoElement::Type);
} }
namespace AK { namespace AK {

View file

@ -1 +1,6 @@
:has(:yakthonk) should be invalid: PASS :has(:yakthonk) should be invalid: PASS
:has(:not(:yakthonk)) should be invalid: PASS
:has(:has(span)) should be invalid: PASS
:has(:not(:has(span))) should be invalid: PASS
:has(::before) should be invalid: PASS
:has(:not(::before)) should be invalid: PASS

View file

@ -5,6 +5,11 @@
test(() => { test(() => {
let selectors = [ let selectors = [
":has(:yakthonk)", ":has(:yakthonk)",
":has(:not(:yakthonk))",
":has(:has(span))",
":has(:not(:has(span)))",
":has(::before)",
":has(:not(::before))",
]; ];
let style = document.getElementById("style"); let style = document.getElementById("style");