mirrors
/
netsurf
mirror of https://github.com/netsurf-browser/netsurf
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

box_construct: clamp rowspan and colspan 

In order to not blow up on massive rowspan/colspan values (which
could be an issue according to #2873) we clamp them according to
the HTML spec section 4.9.11

Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>
This commit is contained in:
Daniel Silverstone 2024-05-27 09:36:02 +01:00
parent 8193a5518e
commit 087f88ae8c
No known key found for this signature in database
GPG Key ID: C30DF439F2987D74
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
content/handlers/html/box_construct.c
View File

@ -35,6 +35,7 @@
#include "utils/string.h"
#include "utils/ascii.h"
#include "utils/nsurl.h"
#include "utils/utils.h"
#include "netsurf/misc.h"
#include "css/select.h"
#include "desktop/gui_internal.h"
@ -552,8 +553,9 @@ box_construct_element(struct box_construct_ctx *ctx, bool *convert_children)
if (s != NULL) {
const char *val = dom_string_data(s);
/* Convert to a number, clamping to [1,1000] according to 4.9.11 */
if ('0' <= val[0] && val[0] <= '9')
box->columns = strtol(val, NULL, 10);
box->columns = clamp(strtol(val, NULL, 10), 1, 1000);
dom_string_unref(s);
}
@ -565,8 +567,9 @@ box_construct_element(struct box_construct_ctx *ctx, bool *convert_children)
if (s != NULL) {
const char *val = dom_string_data(s);
/* Convert to a number, clamping to [0,65534] according to 4.9.11 */
if ('0' <= val[0] && val[0] <= '9')
box->rows = strtol(val, NULL, 10);
box->rows = clamp(strtol(val, NULL, 10), 0, 65534);
dom_string_unref(s);
}