diff options
| author | John-Mark Bell <jmb@netsurf-browser.org> | 2022-05-23 23:02:26 +0100 |
|---|---|---|
| committer | John-Mark Bell <jmb@netsurf-browser.org> | 2022-05-24 10:46:19 +0100 |
| commit | 747cf5e859cd0f26c140c7687dca227f1e316781 (patch) | |
| tree | d630aeacc27c4e12cfd48566acaf6cd174334865 /src/parse | |
| parent | f420dd16136de1dc07f18824c6d0f5540d5df6d1 (diff) | |
| download | libcss-747cf5e859cd0f26c140c7687dca227f1e316781.tar.gz libcss-747cf5e859cd0f26c140c7687dca227f1e316781.tar.bz2 | |
Parse/MQ: reject forbidden media-type identifiers
"and" / "not" / "only" / "or" are forbidden, so must be rejected
Add tests for these scenarios
Diffstat (limited to 'src/parse')
| -rw-r--r-- | src/parse/mq.c | 55 |
1 files changed, 40 insertions, 15 deletions
diff --git a/src/parse/mq.c b/src/parse/mq.c index b0e47c3..dde2bbe 100644 --- a/src/parse/mq.c +++ b/src/parse/mq.c @@ -882,59 +882,80 @@ static css_error mq_parse_condition(lwc_string **strings, /** * Parse a media query type. */ -static uint64_t mq_parse_type(lwc_string **strings, lwc_string *type) +static css_error mq_parse_type(lwc_string **strings, lwc_string *type, + uint64_t *result) { bool match; + css_error error = CSS_OK; if (type == NULL) { - return CSS_MEDIA_ALL; + *result = CSS_MEDIA_ALL; } else if (lwc_string_caseless_isequal( type, strings[AURAL], &match) == lwc_error_ok && match) { - return CSS_MEDIA_AURAL; + *result = CSS_MEDIA_AURAL; } else if (lwc_string_caseless_isequal( type, strings[BRAILLE], &match) == lwc_error_ok && match) { - return CSS_MEDIA_BRAILLE; + *result = CSS_MEDIA_BRAILLE; } else if (lwc_string_caseless_isequal( type, strings[EMBOSSED], &match) == lwc_error_ok && match) { - return CSS_MEDIA_EMBOSSED; + *result = CSS_MEDIA_EMBOSSED; } else if (lwc_string_caseless_isequal( type, strings[HANDHELD], &match) == lwc_error_ok && match) { - return CSS_MEDIA_HANDHELD; + *result = CSS_MEDIA_HANDHELD; } else if (lwc_string_caseless_isequal( type, strings[PRINT], &match) == lwc_error_ok && match) { - return CSS_MEDIA_PRINT; + *result = CSS_MEDIA_PRINT; } else if (lwc_string_caseless_isequal( type, strings[PROJECTION], &match) == lwc_error_ok && match) { - return CSS_MEDIA_PROJECTION; + *result = CSS_MEDIA_PROJECTION; } else if (lwc_string_caseless_isequal( type, strings[SCREEN], &match) == lwc_error_ok && match) { - return CSS_MEDIA_SCREEN; + *result = CSS_MEDIA_SCREEN; } else if (lwc_string_caseless_isequal( type, strings[SPEECH], &match) == lwc_error_ok && match) { - return CSS_MEDIA_SPEECH; + *result = CSS_MEDIA_SPEECH; } else if (lwc_string_caseless_isequal( type, strings[TTY], &match) == lwc_error_ok && match) { - return CSS_MEDIA_TTY; + *result = CSS_MEDIA_TTY; } else if (lwc_string_caseless_isequal( type, strings[TV], &match) == lwc_error_ok && match) { - return CSS_MEDIA_TV; + *result = CSS_MEDIA_TV; } else if (lwc_string_caseless_isequal( type, strings[ALL], &match) == lwc_error_ok && match) { - return CSS_MEDIA_ALL; + *result = CSS_MEDIA_ALL; + } else if (lwc_string_caseless_isequal( + type, strings[NOT], + &match) == lwc_error_ok && match) { + error = CSS_INVALID; + } else if (lwc_string_caseless_isequal( + type, strings[AND], + &match) == lwc_error_ok && match) { + error = CSS_INVALID; + } else if (lwc_string_caseless_isequal( + type, strings[OR], + &match) == lwc_error_ok && match) { + error = CSS_INVALID; + } else if (lwc_string_caseless_isequal( + type, strings[ONLY], + &match) == lwc_error_ok && match) { + error = CSS_INVALID; + } else { + /* Unknown type: same as not matching */ + *result = 0; } - return 0; + return error; } static css_error mq_parse_media_query(lwc_string **strings, @@ -1016,7 +1037,11 @@ static css_error mq_parse_media_query(lwc_string **strings, return CSS_INVALID; } - result->type = mq_parse_type(strings, token->idata); + error = mq_parse_type(strings, token->idata, &result->type); + if (error != CSS_OK) { + free(result); + return error; + } consumeWhitespace(vector, ctx); |