Google Git
Sign in
webkit / WebKit / 987dbc407f4b02c21003eb63a9c98197fcd5ef1e^! / . / WebCore / ksvg2 / svg / SVGFitToViewBox.cpp
commit987dbc407f4b02c21003eb63a9c98197fcd5ef1e[log] [tgz]
authorrwlbuis <rwlbuis@268f45cc-cd09-0410-ab3c-d52691b4dbfc>Thu Jul 27 07:46:00 2006 +0000
committerrwlbuis <rwlbuis@268f45cc-cd09-0410-ab3c-d52691b4dbfc>Thu Jul 27 07:46:00 2006 +0000
treed7ca253455484f82aa07087cc14c4b5b6d9fd0a1
parent3764f870a93d201b657dbcfb79fffaaed1aff43a [diff] [blame]
        Reviewed by Darin.

        http://bugzilla.opendarwin.org/show_bug.cgi?id=9938
        Fix viewBox issues in Hixie's test

        Do a more accurate and quicker job of parsing the viewBox
        attribute. Handle properly on negative width/height and
        invalid syntax in general.

        * ksvg2/svg/SVGFitToViewBox.cpp:
        (SVGFitToViewBox::parseViewBox):



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@15647 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/WebCore/ksvg2/svg/SVGFitToViewBox.cpp b/WebCore/ksvg2/svg/SVGFitToViewBox.cpp
index d6b2269..75b660c 100644
--- a/WebCore/ksvg2/svg/SVGFitToViewBox.cpp
+++ b/WebCore/ksvg2/svg/SVGFitToViewBox.cpp

@@ -28,6 +28,7 @@
 #include "StringImpl.h"
 
 #include "SVGNames.h"
+#include "svgpathparser.h"
 #include "SVGRect.h"
 #include "SVGSVGElement.h"
 #include "SVGAnimatedRect.h"
@@ -69,16 +70,57 @@
 
 void SVGFitToViewBox::parseViewBox(StringImpl *str)
 {
-    // allow for viewbox def with ',' or whitespace
+    double x = 0, y = 0, w = 0, h = 0;
     DeprecatedString viewbox = String(str).deprecatedString();
-    DeprecatedStringList points = DeprecatedStringList::split(' ', viewbox.replace(',', ' ').simplifyWhiteSpace());
+    const char *p = viewbox.latin1();
+    const char *end = p + viewbox.length();
+    const char *c = p;
+    p = parseCoord(c, x);
+    if (p == c)
+        goto bail_out;
+    if (*p == ',')
+        p++;
+    while (*p == ' ')
+        p++;
 
-    if (points.count() == 4) {
-        viewBox()->baseVal()->setX(points[0].toDouble());
-        viewBox()->baseVal()->setY(points[1].toDouble());
-        viewBox()->baseVal()->setWidth(points[2].toDouble());
-        viewBox()->baseVal()->setHeight(points[3].toDouble());
-    } else
+    c = p;
+    p = parseCoord(c, y);
+    if (p == c)
+        goto bail_out;
+
+    if (*p == ',')
+        p++;
+    while (*p == ' ')
+        p++;
+
+    c = p;
+    p = parseCoord(c, w);
+    if(w < 0.0 || p == c) // check that width is positive
+        goto bail_out;
+    if (*p == ',')
+        p++;
+    while (*p == ' ')
+        p++;
+
+    c = p;
+    p = parseCoord(c, h);
+    if (h < 0.0 || p == c) // check that height is positive
+        goto bail_out;
+    if (*p == ',')
+        p++;
+    while (*p == ' ')
+        p++;
+
+    if (p < end) // nothing should come after the last, fourth number
+        goto bail_out;
+
+    viewBox()->baseVal()->setX(x);
+    viewBox()->baseVal()->setY(y);
+    viewBox()->baseVal()->setWidth(w);
+    viewBox()->baseVal()->setHeight(h);
+    return;
+
+bail_out:
         fprintf(stderr, "WARNING: Malformed viewbox string: %s (l: %i)", viewbox.ascii(), viewbox.length());
 }