LibWeb: Limit HTMLTextAreaElement attributes to allowed values

If `HTMLTextAreaElement.rows` or `HTMLTextAreaElement.cols` is set to a value larger than 2147483647, then it should be set to its default value.
Author: https://github.com/tcl3 Commit: 7fe3bf07e2 Pull-request: https://github.com/LadybirdBrowser/ladybird/pull/2599
2025-07-29 20:29:18 +00:00 · 2024-11-26 21:14:32 +00:00 · 2024-11-26 21:14:32 +00:00 · 7fe3bf07e2 · 2024-11-27 10:03:52 +00:00
commit 7fe3bf07e2
parent a8719a706b
3 changed files with 42 additions and 2 deletions
--- a/Libraries/LibWeb/HTML/HTMLTextAreaElement.cpp
+++ b/Libraries/LibWeb/HTML/HTMLTextAreaElement.cpp
@ -293,7 +293,7 @@ unsigned HTMLTextAreaElement::cols() const
 {
    // The cols and rows attributes are limited to only positive numbers with fallback. The cols IDL attribute's default value is 20.
    if (auto cols_string = get_attribute(HTML::AttributeNames::cols); cols_string.has_value()) {
-        if (auto cols = parse_non_negative_integer(*cols_string); cols.has_value() && *cols > 0)
+        if (auto cols = parse_non_negative_integer(*cols_string); cols.has_value() && *cols > 0 && *cols <= 2147483647)
            return *cols;
    }
    return 20;
@ -301,6 +301,9 @@ unsigned HTMLTextAreaElement::cols() const
 WebIDL::ExceptionOr<void> HTMLTextAreaElement::set_cols(unsigned cols)
 {
    if (cols > 2147483647)
        cols = 20;
    return set_attribute(HTML::AttributeNames::cols, String::number(cols));
 }
@ -309,7 +312,7 @@ unsigned HTMLTextAreaElement::rows() const
 {
    // The cols and rows attributes are limited to only positive numbers with fallback. The rows IDL attribute's default value is 2.
    if (auto rows_string = get_attribute(HTML::AttributeNames::rows); rows_string.has_value()) {
-        if (auto rows = parse_non_negative_integer(*rows_string); rows.has_value() && *rows > 0)
+        if (auto rows = parse_non_negative_integer(*rows_string); rows.has_value() && *rows > 0 && *rows <= 2147483647)
            return *rows;
    }
    return 2;
@ -317,6 +320,9 @@ unsigned HTMLTextAreaElement::rows() const
 WebIDL::ExceptionOr<void> HTMLTextAreaElement::set_rows(unsigned rows)
 {
    if (rows > 2147483647)
        rows = 2;
    return set_attribute(HTML::AttributeNames::rows, String::number(rows));
 }
--- a/Tests/LibWeb/Text/expected/HTML/unsigned-long-reflection.txt
+++ b/Tests/LibWeb/Text/expected/HTML/unsigned-long-reflection.txt
@ -46,3 +46,35 @@ marquee.getAttribute("scrolldelay") after marquee.setAttribute("scrollDelay", "4
 marquee.scrollDelay after marquee.setAttribute("scrolldelay", "4294967295"): 85
 marquee.getAttribute("scrolldelay") after marquee.scrollDelay = 4294967295: 85
 marquee.scrollDelay after marquee.scrollDelay = 4294967295: 85
 textarea.getAttribute("rows") after textarea.setAttribute("rows", "1"): 1
 textarea.rows after textarea.setAttribute("rows", "1"): 1
 textarea.getAttribute("rows") after textarea.rows = 1: 1
 textarea.rows after textarea.rows = 1: 1
 textarea.getAttribute("rows") after textarea.setAttribute("rows", "2147483647"): 2147483647
 textarea.rows after textarea.setAttribute("rows", "2147483647"): 2147483647
 textarea.getAttribute("rows") after textarea.rows = 2147483647: 2147483647
 textarea.rows after textarea.rows = 2147483647: 2147483647
 textarea.getAttribute("rows") after textarea.setAttribute("rows", "2147483648"): 2147483648
 textarea.rows after textarea.setAttribute("rows", "2147483648"): 2
 textarea.getAttribute("rows") after textarea.rows = 2147483648: 2
 textarea.rows after textarea.rows = 2147483648: 2
 textarea.getAttribute("rows") after textarea.setAttribute("rows", "4294967295"): 4294967295
 textarea.rows after textarea.setAttribute("rows", "4294967295"): 2
 textarea.getAttribute("rows") after textarea.rows = 4294967295: 2
 textarea.rows after textarea.rows = 4294967295: 2
 textarea.getAttribute("cols") after textarea.setAttribute("cols", "1"): 1
 textarea.cols after textarea.setAttribute("cols", "1"): 1
 textarea.getAttribute("cols") after textarea.cols = 1: 1
 textarea.cols after textarea.cols = 1: 1
 textarea.getAttribute("cols") after textarea.setAttribute("cols", "2147483647"): 2147483647
 textarea.cols after textarea.setAttribute("cols", "2147483647"): 2147483647
 textarea.getAttribute("cols") after textarea.cols = 2147483647: 2147483647
 textarea.cols after textarea.cols = 2147483647: 2147483647
 textarea.getAttribute("cols") after textarea.setAttribute("cols", "2147483648"): 2147483648
 textarea.cols after textarea.setAttribute("cols", "2147483648"): 20
 textarea.getAttribute("cols") after textarea.cols = 2147483648: 20
 textarea.cols after textarea.cols = 2147483648: 20
 textarea.getAttribute("cols") after textarea.setAttribute("cols", "4294967295"): 4294967295
 textarea.cols after textarea.setAttribute("cols", "4294967295"): 20
 textarea.getAttribute("cols") after textarea.cols = 4294967295: 20
 textarea.cols after textarea.cols = 4294967295: 20
--- a/Tests/LibWeb/Text/input/HTML/unsigned-long-reflection.html
+++ b/Tests/LibWeb/Text/input/HTML/unsigned-long-reflection.html
@ -25,5 +25,7 @@
        testProperty("img", "hspace", (img) => img.hspace, (img, value) => img.hspace = value);
        testProperty("marquee", "scrollAmount", (marquee) => marquee.scrollAmount, (marquee, value) => marquee.scrollAmount = value);
        testProperty("marquee", "scrollDelay", (marquee) => marquee.scrollDelay, (marquee, value) => marquee.scrollDelay = value);
        testProperty("textarea", "rows", (textarea) => textarea.rows, (textarea, value) => textarea.rows = value);
        testProperty("textarea", "cols", (textarea) => textarea.cols, (textarea, value) => textarea.cols = value);
    });
 </script>