Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(96)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/core/dom/Element.cpp

Issue 99443005: Enforce HTML range restriction on setting unsigned attribute values. (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: Created 7 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « LayoutTests/fast/dom/script-tests/unsigned-long-attribute-reflection.js ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org) 2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org)
3 * (C) 1999 Antti Koivisto (koivisto@kde.org) 3 * (C) 1999 Antti Koivisto (koivisto@kde.org)
4 * (C) 2001 Peter Kelly (pmk@post.com) 4 * (C) 2001 Peter Kelly (pmk@post.com)
5 * (C) 2001 Dirk Mueller (mueller@kde.org) 5 * (C) 2001 Dirk Mueller (mueller@kde.org)
6 * (C) 2007 David Smith (catfish.man@gmail.com) 6 * (C) 2007 David Smith (catfish.man@gmail.com)
7 * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2012, 2013 Apple Inc. All rights reserved. 7 * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2012, 2013 Apple Inc. All rights reserved.
8 * (C) 2007 Eric Seidel (eric@webkit.org) 8 * (C) 2007 Eric Seidel (eric@webkit.org)
9 * 9 *
10 * This library is free software; you can redistribute it and/or 10 * This library is free software; you can redistribute it and/or
(...skipping 2832 matching lines...) Expand 10 before | Expand all | Expand 10 after
2843 setAttribute(attributeName, AtomicString::number(value)); 2843 setAttribute(attributeName, AtomicString::number(value));
2844 } 2844 }
2845 2845
2846 unsigned Element::getUnsignedIntegralAttribute(const QualifiedName& attributeNam e) const 2846 unsigned Element::getUnsignedIntegralAttribute(const QualifiedName& attributeNam e) const
2847 { 2847 {
2848 return getAttribute(attributeName).string().toUInt(); 2848 return getAttribute(attributeName).string().toUInt();
2849 } 2849 }
2850 2850
2851 void Element::setUnsignedIntegralAttribute(const QualifiedName& attributeName, u nsigned value) 2851 void Element::setUnsignedIntegralAttribute(const QualifiedName& attributeName, u nsigned value)
2852 { 2852 {
2853 // Range restrictions are enforced for unsigned IDL attributes that
2854 // reflect content attributes,
2855 // http://www.whatwg.org/specs/web-apps/current-work/multipage/common-dom- interfaces.html#reflecting-content-attributes-in-idl-attributes
2856 if (value > 0x7fffffffu)
2857 value = 0;
2853 setAttribute(attributeName, AtomicString::number(value)); 2858 setAttribute(attributeName, AtomicString::number(value));
2854 } 2859 }
2855 2860
2856 double Element::getFloatingPointAttribute(const QualifiedName& attributeName, do uble fallbackValue) const 2861 double Element::getFloatingPointAttribute(const QualifiedName& attributeName, do uble fallbackValue) const
2857 { 2862 {
2858 return parseToDoubleForNumberType(getAttribute(attributeName), fallbackValue ); 2863 return parseToDoubleForNumberType(getAttribute(attributeName), fallbackValue );
2859 } 2864 }
2860 2865
2861 void Element::setFloatingPointAttribute(const QualifiedName& attributeName, doub le value) 2866 void Element::setFloatingPointAttribute(const QualifiedName& attributeName, doub le value)
2862 { 2867 {
(...skipping 762 matching lines...) Expand 10 before | Expand all | Expand 10 after
3625 // Before doing so, we need to resolve issues in HTMLSelectElement::recalcLi stItems 3630 // Before doing so, we need to resolve issues in HTMLSelectElement::recalcLi stItems
3626 // and RenderMenuList::setText. See also https://bugs.webkit.org/show_bug.cg i?id=88405 3631 // and RenderMenuList::setText. See also https://bugs.webkit.org/show_bug.cg i?id=88405
3627 if (hasTagName(optionTag) || hasTagName(optgroupTag)) 3632 if (hasTagName(optionTag) || hasTagName(optgroupTag))
3628 return false; 3633 return false;
3629 if (FullscreenElementStack::isActiveFullScreenElement(this)) 3634 if (FullscreenElementStack::isActiveFullScreenElement(this))
3630 return false; 3635 return false;
3631 return true; 3636 return true;
3632 } 3637 }
3633 3638
3634 } // namespace WebCore 3639 } // namespace WebCore
OLDNEW
« no previous file with comments | « LayoutTests/fast/dom/script-tests/unsigned-long-attribute-reflection.js ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698