Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(449)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: Source/core/dom/Element.cpp

Issue 99443005: Enforce HTML range restriction on setting unsigned attribute values. (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: Created 7 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « LayoutTests/fast/dom/script-tests/unsigned-long-attribute-reflection.js ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: Source/core/dom/Element.cpp
diff --git a/Source/core/dom/Element.cpp b/Source/core/dom/Element.cpp
index 37a28cb55da10196c78ac468503f8a55e7a30e55..250f3a24ba785233f8d5f75988f49ace46f4d837 100644
--- a/Source/core/dom/Element.cpp
+++ b/Source/core/dom/Element.cpp
@@ -2850,6 +2850,11 @@ unsigned Element::getUnsignedIntegralAttribute(const QualifiedName& attributeNam
void Element::setUnsignedIntegralAttribute(const QualifiedName& attributeName, unsigned value)
{
+ // Range restrictions are enforced for unsigned IDL attributes that
+ // reflect content attributes,
+ // http://www.whatwg.org/specs/web-apps/current-work/multipage/common-dom-interfaces.html#reflecting-content-attributes-in-idl-attributes
+ if (value > 0x7fffffffu)
+ value = 0;
setAttribute(attributeName, AtomicString::number(value));
}
« no previous file with comments | « LayoutTests/fast/dom/script-tests/unsigned-long-attribute-reflection.js ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698