Cherry pick http://codereview.chromium.org/1549001 Fix bug: 2588926 Change-Id: I4d077f109c3b415e1a0fa4765e939bea3b56f7fc

commit: 9152c0d6a990740b55844db9cdcb31ccc2028451 [log] [tgz]
author: Andrei Popescu <andreip@google.com> Mon Apr 12 18:46:37 2010 +0100
committer: Andrei Popescu <andreip@google.com> Mon Apr 12 18:46:37 2010 +0100
tree: cbd681289ee1b9e5b19c030d3d6b7e2cc6cc8a54
parent: 411a8ae3907d3288c7e8ed008d61303f08fe265a [diff]
diff --git a/WebCore/css/CSSPrimitiveValue.cpp b/WebCore/css/CSSPrimitiveValue.cpp
index 1f2c9ca..012aa56 100644
--- a/WebCore/css/CSSPrimitiveValue.cpp
+++ b/WebCore/css/CSSPrimitiveValue.cpp

@@ -477,9 +477,8 @@
 {
     ec = 0;
 
-    // FIXME: check if property supports this type
-    if (m_type > CSS_DIMENSION) {
-        ec = SYNTAX_ERR;
+    if (m_type < CSS_NUMBER || m_type > CSS_DIMENSION || unitType < CSS_NUMBER || unitType > CSS_DIMENSION) {
+        ec = INVALID_ACCESS_ERR;
         return;
     }
 
@@ -568,10 +567,8 @@
 {
     ec = 0;
 
-    //if(m_type < CSS_STRING) throw DOMException(INVALID_ACCESS_ERR);
-    //if(m_type > CSS_ATTR) throw DOMException(INVALID_ACCESS_ERR);
-    if (m_type < CSS_STRING || m_type > CSS_ATTR) {
-        ec = SYNTAX_ERR;
+    if (m_type < CSS_STRING || m_type > CSS_ATTR || stringType < CSS_STRING || stringType > CSS_ATTR) {
+        ec = INVALID_ACCESS_ERR;
         return;
     }
commit	9152c0d6a990740b55844db9cdcb31ccc2028451	[log] [tgz]
author	Andrei Popescu <andreip@google.com>	Mon Apr 12 18:46:37 2010 +0100
committer	Andrei Popescu <andreip@google.com>	Mon Apr 12 18:46:37 2010 +0100
tree	cbd681289ee1b9e5b19c030d3d6b7e2cc6cc8a54
parent	411a8ae3907d3288c7e8ed008d61303f08fe265a [diff]