Commit 808edf6
SVG <stop> offset attribute incorrectly accepts invalid values with trailing garbage
https://bugs.webkit.org/show_bug.cgi?id=304794
rdar://167356988
Reviewed by Nikolas Zimmermann.
The offset attribute parser was using String::toFloat() which silently ignores
trailing garbage. Per the SVG specification, attribute values with trailing
non-numeric characters should be treated as invalid and fall back to the
default value of 0.
Fixed by using parseNumber() from SVGParserUtilities which properly validates
the entire string. Also optimized to use StringView to avoid unnecessary string
copies.
* Source/WebCore/svg/SVGStopElement.cpp:
(WebCore::SVGStopElement::attributeChanged):
* LayoutTests/svg/parser/whitespace-number.html: Added.
* LayoutTests/svg/parser/whitespace-number-expected.txt: Added.
Canonical link: https://commits.webkit.org/305036@main1 parent c37c47a commit 808edf6
File tree
3 files changed
+1543
-5
lines changed- LayoutTests/svg/parser
- Source/WebCore/svg
3 files changed
+1543
-5
lines changed
0 commit comments