Improve parsing of escape sequences in identifiers and URIs.

cscott · cscott · commit fc3f6454051d · 2016-02-05T11:40:53.000-05:00
Implement proper parsing of escape sequences in unquoted URL function
arguments, and ensure escape sequences in quoted URLs are properly
translated when creating a PropertyValuePart.

The secondary parsing in PropertyValuePart to assign a type string
can fail when the identifier contains escape sequences.  Pass in a
`hint` object based on the original token emitted from the lexer to
disambiguate in these cases.
diff --git a/src/css/Parser.js b/src/css/Parser.js
@@ -1701,6 +1701,7 @@ Parser.prototype = function(){
                     unary       = null,
                     value       = null,
                     endChar     = null,
+                    part        = null,
                     token,
                     line,
                     col;
@@ -1744,6 +1745,9 @@ Parser.prototype = function(){
                     if (unary === null){
                         line = tokenStream.token().startLine;
                         col = tokenStream.token().startCol;
+                        // Correct potentially-inaccurate IDENT parsing in
+                        // PropertyValuePart constructor.
+                        part = PropertyValuePart.fromToken(tokenStream.token());
                     }
                     this._readWhitespace();
                 } else {
@@ -1787,7 +1791,7 @@ Parser.prototype = function(){
 
                 }
 
-                return value !== null ?
+                return part !== null ? part : value !== null ?
                         new PropertyValuePart(unary !== null ? unary + value : value, line, col) :
                         null;
 
diff --git a/src/css/PropertyValuePart.js b/src/css/PropertyValuePart.js
@@ -1,4 +1,4 @@
-/*global SyntaxUnit, Parser, Colors*/
+/*global Colors, Parser, SyntaxUnit, Tokens*/
 /**
  * Represents a single part of a CSS property value, meaning that it represents
  * just one part of the data between ":" and ";".
@@ -10,7 +10,8 @@
  * @extends parserlib.util.SyntaxUnit
  * @constructor
  */
-function PropertyValuePart(text, line, col){
+function PropertyValuePart(text, line, col, optionalHint){
+    var hint = optionalHint || {};
 
     SyntaxUnit.call(this, text, line, col, Parser.PROPERTY_VALUE_PART_TYPE);
 
@@ -135,9 +136,10 @@ function PropertyValuePart(text, line, col){
         this.saturation = +RegExp.$2 / 100;
         this.lightness  = +RegExp.$3 / 100;
         this.alpha  = +RegExp.$4;
-    } else if (/^url\(["']?([^\)"']+)["']?\)/i.test(text)){ //URI
+    } else if (/^url\(("([^\\"]|\\.)*")\)/i.test(text)){ //URI
+        // generated by TokenStream.readURI, so always double-quoted.
         this.type   = "uri";
-        this.uri    = RegExp.$1;
+        this.uri    = PropertyValuePart.parseString(RegExp.$1);
     } else if (/^([^\(]+)\(/i.test(text)){
         this.type   = "function";
         this.name   = RegExp.$1;
@@ -157,11 +159,17 @@ function PropertyValuePart(text, line, col){
     } else if (/^[\,\/]$/.test(text)){
         this.type   = "operator";
         this.value  = text;
-    } else if (/^[a-z\-_\u0080-\uFFFF][a-z0-9\-_\u0080-\uFFFF]*$/i.test(text)){
+    } else if (/^-?[a-z_\u00A0-\uFFFF][a-z0-9\-_\u00A0-\uFFFF]*$/i.test(text)){
         this.type   = "identifier";
         this.value  = text;
     }
 
+    // There can be ambiguity with escape sequences in identifiers, as
+    // well as with "color" parts which are also "identifiers", so record
+    // an explicit hint when the token generating this PropertyValuePart
+    // was an identifier.
+    this.wasIdent = !!hint.ident;
+
 }
 
 PropertyValuePart.prototype = new SyntaxUnit();
@@ -217,5 +225,11 @@ PropertyValuePart.serializeString = function(value) {
  * @method fromToken
  */
 PropertyValuePart.fromToken = function(token){
-    return new PropertyValuePart(token.value, token.startLine, token.startCol);
+    var part = new PropertyValuePart(token.value, token.startLine, token.startCol, {
+        // Tokens can have escaped characters that would fool the type
+        // identification in the PropertyValuePart constructor, so pass
+        // in a hint if this was an identifier.
+        ident: token.type === Tokens.IDENT
+    });
+    return part;
 };
diff --git a/src/css/TokenStream.js b/src/css/TokenStream.js
@@ -1,7 +1,7 @@
-/*global Tokens, TokenStreamBase*/
+/*global PropertyValuePart, Tokens, TokenStreamBase*/
 
 var h = /^[0-9a-fA-F]$/,
-    //nonascii = /^[\u00A0-\uFFFF]$/,
+    nonascii = /^[\u00A0-\uFFFF]$/,
     nl = /\n|\r\n|\r|\f/,
     whitespace = /\u0009|\u000a|\u000c|\u000d|\u0020/;
 
@@ -221,7 +221,7 @@ TokenStream.prototype = mix(new TokenStreamBase(), {
                  */
                 case "\\":
                     if (/[^\r\n\f]/.test(reader.peek())) {
-                        token = this.identOrFunctionToken(c, startLine, startCol);
+                        token = this.identOrFunctionToken(this.readEscape(c, true), startLine, startCol);
                     } else {
                         token = this.charToken(c, startLine, startCol);
                     }
@@ -521,18 +521,22 @@ TokenStream.prototype = mix(new TokenStreamBase(), {
         var reader  = this._reader,
             ident   = this.readName(first),
             tt      = Tokens.IDENT,
-            uriFns  = ["url(", "url-prefix(", "domain("];
+            uriFns  = ["url(", "url-prefix(", "domain("],
+            uri;
 
         //if there's a left paren immediately after, it's a URI or function
         if (reader.peek() === "("){
             ident += reader.read();
             if (uriFns.indexOf(ident.toLowerCase()) > -1){
-                tt = Tokens.URI;
-                ident = this.readURI(ident);
-
-                //didn't find a valid URL or there's no closing paren
-                if (uriFns.indexOf(ident.toLowerCase()) > -1){
+                reader.mark();
+                uri = this.readURI(ident);
+                if (uri === null) {
+                    //didn't find a valid URL or there's no closing paren
+                    reader.reset();
                     tt = Tokens.FUNCTION;
+                } else {
+                    tt = Tokens.URI;
+                    ident = uri;
                 }
             } else {
                 tt = Tokens.FUNCTION;
@@ -876,18 +880,20 @@ TokenStream.prototype = mix(new TokenStreamBase(), {
 
         return number;
     },
+
+    // returns null w/o resetting reader if string is invalid.
     readString: function(){
         var token = this.stringToken(this._reader.read(), 0, 0);
-        return token.type === Tokens.INVALID ? "" : token.value;
+        return token.type === Tokens.INVALID ? null : token.value;
     },
+
+    // returns null w/o resetting reader if URI is invalid.
     readURI: function(first){
         var reader  = this._reader,
             uri     = first,
             inner   = "",
             c       = reader.peek();
 
-        reader.mark();
-
         //skip whitespace before
         while(c && isWhitespace(c)){
             reader.read();
@@ -897,8 +903,11 @@ TokenStream.prototype = mix(new TokenStreamBase(), {
         //it's a string
         if (c === "'" || c === "\""){
             inner = this.readString();
+            if (inner !== null) {
+                inner = PropertyValuePart.parseString(inner);
+            }
         } else {
-            inner = this.readURL();
+            inner = this.readUnquotedURL();
         }
 
         c = reader.peek();
@@ -910,46 +919,60 @@ TokenStream.prototype = mix(new TokenStreamBase(), {
         }
 
         //if there was no inner value or the next character isn't closing paren, it's not a URI
-        if (inner === "" || c !== ")"){
-            uri = first;
-            reader.reset();
+        if (inner === null || c !== ")"){
+            uri = null;
         } else {
-            uri += inner + reader.read();
+            // Ensure argument to URL is always double-quoted
+            // (This simplifies later processing in PropertyValuePart.)
+            uri += PropertyValuePart.serializeString(inner) + reader.read();
         }
 
         return uri;
     },
-    readURL: function(){
+    // This method never fails, although it may return an empty string.
+    readUnquotedURL: function(first){
         var reader  = this._reader,
-            url     = "",
-            c       = reader.peek();
+            url     = first || "",
+            c;
 
-        //TODO: Check for escape and nonascii
-        while (/^[!#$%&\\*-~]$/.test(c)){
-            url += reader.read();
-            c = reader.peek();
+        for (c = reader.peek(); c; c = reader.peek()) {
+            // Note that the grammar at
+            // https://www.w3.org/TR/CSS2/grammar.html#scanner
+            // incorrectly includes the backslash character in the
+            // `url` production, although it is correctly omitted in
+            // the `baduri1` production.
+            if (nonascii.test(c) || /^[\-!#$%&*-\[\]-~]$/.test(c)) {
+                url += c;
+                reader.read();
+            } else if (c === '\\') {
+                if (/^[^\r\n\f]$/.test(reader.peek(2))) {
+                    url += this.readEscape(reader.read(), true);
+                } else {
+                    break; // bad escape sequence.
+                }
+            } else {
+                break; // bad character
+            }
         }
 
         return url;
-
     },
+
     readName: function(first){
         var reader  = this._reader,
             ident   = first || "",
-            c       = reader.peek();
+            c;
 
-        while(true){
+        for (c = reader.peek(); c; c = reader.peek()) {
             if (c === "\\"){
                 if (/^[^\r\n\f]$/.test(reader.peek(2))) {
                     ident += this.readEscape(reader.read(), true);
-                    c = reader.peek();
                 } else {
                     // Bad escape sequence.
                     break;
                 }
-            } else if(c && isNameChar(c)){
+            } else if(isNameChar(c)){
                 ident += reader.read();
-                c = reader.peek();
             } else {
                 break;
             }
diff --git a/src/css/ValidationTypes.js b/src/css/ValidationTypes.js
@@ -117,7 +117,7 @@ var ValidationTypes = {
 
         //any identifier
         "<ident>": function(part){
-            return part.type === "identifier";
+            return part.type === "identifier" || part.wasIdent;
         },
 
         "<length>": function(part){
diff --git a/tests/css/Parser.js b/tests/css/Parser.js
@@ -981,6 +981,26 @@
 
         name: "Property Values",
 
+        testIdentifierValue: function(){
+            var parser = new Parser();
+            var result = parser.parsePropertyValue("foo");
+
+            Assert.isInstanceOf(parserlib.css.PropertyValue, result);
+            Assert.areEqual(1, result.parts.length);
+            Assert.areEqual("identifier", result.parts[0].type);
+        },
+
+        testIdentifierValue2: function(){
+            var parser = new Parser();
+			// Identifiers can even start with digits, iff they are escaped.
+            var result = parser.parsePropertyValue("\\30 \\0000307");
+
+            Assert.isInstanceOf(parserlib.css.PropertyValue, result);
+            Assert.areEqual(1, result.parts.length);
+            Assert.areEqual("007", result.parts[0].text);
+            Assert.areEqual(true, result.parts[0].wasIdent);
+        },
+
         testDimensionValuePx: function(){
             var parser = new Parser();
             var result = parser.parsePropertyValue("1px");
@@ -1176,6 +1196,18 @@
             Assert.areEqual(0, result.parts[0].blue);
         },
 
+        testColorValue2: function(){
+            var parser = new Parser();
+            var result = parser.parsePropertyValue("\\r\\45 d");
+
+            Assert.isInstanceOf(parserlib.css.PropertyValue, result);
+            Assert.areEqual(1, result.parts.length);
+            Assert.areEqual("color", result.parts[0].type);
+            Assert.areEqual(255, result.parts[0].red);
+            Assert.areEqual(0, result.parts[0].green);
+            Assert.areEqual(0, result.parts[0].blue);
+        },
+
         testCSS2SystemColorValue: function(){
             var parser = new Parser();
             var result = parser.parsePropertyValue("InfoText");
@@ -1215,6 +1247,16 @@
             Assert.areEqual("http://www.yahoo.com", result.parts[0].uri);
         },
 
+        testURIValue4: function(){
+            var parser = new Parser();
+            var result = parser.parsePropertyValue("url(http\\03a\r\n//www.yahoo.com)");
+
+            Assert.isInstanceOf(parserlib.css.PropertyValue, result);
+            Assert.areEqual(1, result.parts.length);
+            Assert.areEqual("uri", result.parts[0].type);
+            Assert.areEqual("http://www.yahoo.com", result.parts[0].uri);
+        },
+
         testStringValue: function(){
             var parser = new Parser();
             var result = parser.parsePropertyValue("'Hello world!'");
