Add CSS parser recovery from errors while parsing @-webkit-keyframes key values.

Source/core/css/CSSParser.cpp

Index: Source/core/css/CSSParser.cpp
diff --git a/Source/core/css/CSSParser.cpp b/Source/core/css/CSSParser.cpp
index d5986b7312f64ce49759eb68bd6df02d68bff85b..afb5ed79602b404cbde5fc6dcbc44baa06250d72 100644
--- a/Source/core/css/CSSParser.cpp
+++ b/Source/core/css/CSSParser.cpp
@@ -11279,7 +11279,23 @@ StyleKeyframe* CSSParser::createKeyframe(CSSParserValueList* keys)
     // Create a key string from the passed keys
     StringBuilder keyString;
     for (unsigned i = 0; i < keys->size(); ++i) {
+        // Just as per the comment below, we ignore keyframes with
+        // invalid key values (plain numbers or unknown identifiers)
+        // marked as CSSPrimitiveValue::CSS_UNKNOWN during parsing.
+        if (keys->valueAt(i)->unit == CSSPrimitiveValue::CSS_UNKNOWN) {
+            clearProperties();
+            return 0;
+        }
+
+        ASSERT(keys->valueAt(i)->unit == CSSPrimitiveValue::CSS_NUMBER);
         float key = static_cast<float>(keys->valueAt(i)->fValue);
+        if (key < 0 || key > 100) {
+            // As per http://www.w3.org/TR/css3-animations/#keyframes,
+            // "If a keyframe selector specifies negative percentage values
+            // or values higher than 100%, then the keyframe will be ignored."
+            clearProperties();
+            return 0;
+        }

[Mike Lawther (Google), 2013/04/17 22:26:37]

Nice catch! I can't see where these cases are tested in your testcases though? 

[apavlov, 2013/04/18 04:33:49]

Argh, indeed...I added this check after I had written the test. Will add
out-of-range percentage values.

         if (i != 0)
             keyString.append(',');
         keyString.append(String::number(key));