diff --git a/layout/style/nsCSSScanner.cpp b/layout/style/nsCSSScanner.cpp index e02b164c3aed..6fe1834b2e16 100644 --- a/layout/style/nsCSSScanner.cpp +++ b/layout/style/nsCSSScanner.cpp @@ -936,12 +936,6 @@ nsCSSScanner::NextURL(nsCSSToken& aToken) if (ch < 0) break; if (ch == CSS_ESCAPE) { ParseAndAppendEscape(ident); - } else if ((ch == '"') || (ch == '\'') || (ch == '(')) { - // This is an invalid URL spec - ok = PR_FALSE; - Pushback(ch); // push it back so the parser can match tokens and - // then closing parenthesis - break; } else if (IsWhitespace(ch)) { // Whitespace is allowed at the end of the URL EatWhiteSpace(); @@ -954,6 +948,12 @@ nsCSSScanner::NextURL(nsCSSToken& aToken) // ")". This is an invalid url spec. ok = PR_FALSE; break; + } else if (ch == '"' || ch == '\'' || ch == '(' || ch < PRUnichar(' ')) { + // This is an invalid URL spec + ok = PR_FALSE; + Pushback(ch); // push it back so the parser can match tokens and + // then closing parenthesis + break; } else if (ch == ')') { Pushback(ch); // All done diff --git a/layout/style/test/test_parse_url.html b/layout/style/test/test_parse_url.html index 259c1cebdb01..011b3080b21d 100644 --- a/layout/style/test/test_parse_url.html +++ b/layout/style/test/test_parse_url.html @@ -153,6 +153,16 @@ div.style.listStyleImage = 'url(cc\\f b)'; is(div.style.listStyleImage, 'url("bad")', "unquoted URL with spaces not allowed"); +var chars = [ 1, 2, 3, 4, 5, 6, 7, 8, 11, 14, 15, 16, 17, 18, 19, 20, + 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31 ]; + +for (var i in chars) { + var charcode = chars[i]; + div.style.listStyleImage = 'url(' + String.fromCharCode(charcode) + ')'; + is(div.style.listStyleImage, 'url("bad")', + "unquoted URL with control character " + charcode + " not allowed"); +} + div.style.listStyleImage = 'url(\\f good)'; is(div.style.listStyleImage, 'url("\\F good")', "URL allowed"); div.style.listStyleImage = 'url( \\f good)';