Chromium Code Reviews| Index: Source/core/css/CSSParser.cpp |
| diff --git a/Source/core/css/CSSParser.cpp b/Source/core/css/CSSParser.cpp |
| index d5986b7312f64ce49759eb68bd6df02d68bff85b..afb5ed79602b404cbde5fc6dcbc44baa06250d72 100644 |
| --- a/Source/core/css/CSSParser.cpp |
| +++ b/Source/core/css/CSSParser.cpp |
| @@ -11279,7 +11279,23 @@ StyleKeyframe* CSSParser::createKeyframe(CSSParserValueList* keys) |
| // Create a key string from the passed keys |
| StringBuilder keyString; |
| for (unsigned i = 0; i < keys->size(); ++i) { |
| + // Just as per the comment below, we ignore keyframes with |
| + // invalid key values (plain numbers or unknown identifiers) |
| + // marked as CSSPrimitiveValue::CSS_UNKNOWN during parsing. |
| + if (keys->valueAt(i)->unit == CSSPrimitiveValue::CSS_UNKNOWN) { |
| + clearProperties(); |
| + return 0; |
| + } |
| + |
| + ASSERT(keys->valueAt(i)->unit == CSSPrimitiveValue::CSS_NUMBER); |
| float key = static_cast<float>(keys->valueAt(i)->fValue); |
| + if (key < 0 || key > 100) { |
| + // As per http://www.w3.org/TR/css3-animations/#keyframes, |
| + // "If a keyframe selector specifies negative percentage values |
| + // or values higher than 100%, then the keyframe will be ignored." |
| + clearProperties(); |
| + return 0; |
| + } |
|
Mike Lawther (Google)
2013/04/17 22:26:37
Nice catch! I can't see where these cases are test
apavlov
2013/04/18 04:33:49
Argh, indeed...I added this check after I had writ
|
| if (i != 0) |
| keyString.append(','); |
| keyString.append(String::number(key)); |