[webkit-changes] [145464] trunk

Mon, 11 Mar 2013 19:07:54 -0700

Title: [145464] trunk
Revision
145464
Author
[email protected]
Date
2013-03-11 19:09:50 -0700 (Mon, 11 Mar 2013)

Log Message

Make BackgroundHTMLParser work with doc.writes that enter or leave foreign content
https://bugs.webkit.org/show_bug.cgi?id=109764

Reviewed by Eric Seidel.

Source/WebCore:

Previously, we were not reseting the state of the
HTMLTreeBuilderSimulator when we failed speculative parsing. This had a
number of observable consequences, including not parsing CDATA sections
correctly when document.write caused us to enter foreign content.

Test: fast/parser/document-write-svg-cdata.html

* html/parser/BackgroundHTMLParser.cpp:
(WebCore::BackgroundHTMLParser::BackgroundHTMLParser):
(WebCore::BackgroundHTMLParser::resumeFrom):
(WebCore::BackgroundHTMLParser::pumpTokenizer):
(WebCore::BackgroundHTMLParser::sendTokensToMainThread):
* html/parser/BackgroundHTMLParser.h:
(Checkpoint):
(BackgroundHTMLParser):
* html/parser/HTMLDocumentParser.cpp:
(WebCore::HTMLDocumentParser::validateSpeculations):
(WebCore::HTMLDocumentParser::didFailSpeculation):
* html/parser/HTMLDocumentParser.h:
(ParsedChunk):
* html/parser/HTMLElementStack.h:
(WebCore::HTMLElementStack::ElementRecord::namespaceURI):
* html/parser/HTMLTreeBuilder.h:
(WebCore::HTMLTreeBuilder::options):
(WebCore::HTMLTreeBuilder::openElements):
(HTMLTreeBuilder):
* html/parser/HTMLTreeBuilderSimulator.cpp:
(WebCore::HTMLTreeBuilderSimulator::stateFor):
(WebCore):
* html/parser/HTMLTreeBuilderSimulator.h:
(WebCore):
(WebCore::HTMLTreeBuilderSimulator::state):
(WebCore::HTMLTreeBuilderSimulator::setState):
(HTMLTreeBuilderSimulator):

LayoutTests:

* fast/parser/document-write-svg-cdata-expected.txt: Added.
* fast/parser/document-write-svg-cdata.html: Added.

Modified Paths

Added Paths

Diff

Modified: trunk/LayoutTests/ChangeLog (145463 => 145464)


--- trunk/LayoutTests/ChangeLog	2013-03-12 02:04:42 UTC (rev 145463)
+++ trunk/LayoutTests/ChangeLog	2013-03-12 02:09:50 UTC (rev 145464)
@@ -1,3 +1,13 @@
+2013-03-11  Adam Barth  <[email protected]>
+
+        Make BackgroundHTMLParser work with doc.writes that enter or leave foreign content
+        https://bugs.webkit.org/show_bug.cgi?id=109764
+
+        Reviewed by Eric Seidel.
+
+        * fast/parser/document-write-svg-cdata-expected.txt: Added.
+        * fast/parser/document-write-svg-cdata.html: Added.
+
 2013-03-11  Yuki Sekiguchi  <[email protected]>
 
         Ruby text is incorrectly positioned when its writing-mode is changed to vertical after layout is done

Added: trunk/LayoutTests/fast/parser/document-write-svg-cdata-expected.txt (0 => 145464)


--- trunk/LayoutTests/fast/parser/document-write-svg-cdata-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/fast/parser/document-write-svg-cdata-expected.txt	2013-03-12 02:09:50 UTC (rev 145464)
@@ -0,0 +1,17 @@
+| <html>
+|   <head>
+|     <script>
+|       src=""
+|     "
+"
+|     <script>
+|       "
+document.write("<svg>");
+"
+|   <body>
+|     <svg svg>
+|       "
+
+This should <strong>not</strong> be bold!
+
+"

Added: trunk/LayoutTests/fast/parser/document-write-svg-cdata.html (0 => 145464)


--- trunk/LayoutTests/fast/parser/document-write-svg-cdata.html	                        (rev 0)
+++ trunk/LayoutTests/fast/parser/document-write-svg-cdata.html	2013-03-12 02:09:50 UTC (rev 145464)
@@ -0,0 +1,7 @@
+<script src=""
+<script>
+document.write("<svg>");
+</script>
+<![CDATA[
+This should <strong>not</strong> be bold!
+]]>

Modified: trunk/Source/WebCore/ChangeLog (145463 => 145464)


--- trunk/Source/WebCore/ChangeLog	2013-03-12 02:04:42 UTC (rev 145463)
+++ trunk/Source/WebCore/ChangeLog	2013-03-12 02:09:50 UTC (rev 145464)
@@ -1,3 +1,45 @@
+2013-03-11  Adam Barth  <[email protected]>
+
+        Make BackgroundHTMLParser work with doc.writes that enter or leave foreign content
+        https://bugs.webkit.org/show_bug.cgi?id=109764
+
+        Reviewed by Eric Seidel.
+
+        Previously, we were not reseting the state of the
+        HTMLTreeBuilderSimulator when we failed speculative parsing. This had a
+        number of observable consequences, including not parsing CDATA sections
+        correctly when document.write caused us to enter foreign content.
+
+        Test: fast/parser/document-write-svg-cdata.html
+
+        * html/parser/BackgroundHTMLParser.cpp:
+        (WebCore::BackgroundHTMLParser::BackgroundHTMLParser):
+        (WebCore::BackgroundHTMLParser::resumeFrom):
+        (WebCore::BackgroundHTMLParser::pumpTokenizer):
+        (WebCore::BackgroundHTMLParser::sendTokensToMainThread):
+        * html/parser/BackgroundHTMLParser.h:
+        (Checkpoint):
+        (BackgroundHTMLParser):
+        * html/parser/HTMLDocumentParser.cpp:
+        (WebCore::HTMLDocumentParser::validateSpeculations):
+        (WebCore::HTMLDocumentParser::didFailSpeculation):
+        * html/parser/HTMLDocumentParser.h:
+        (ParsedChunk):
+        * html/parser/HTMLElementStack.h:
+        (WebCore::HTMLElementStack::ElementRecord::namespaceURI):
+        * html/parser/HTMLTreeBuilder.h:
+        (WebCore::HTMLTreeBuilder::options):
+        (WebCore::HTMLTreeBuilder::openElements):
+        (HTMLTreeBuilder):
+        * html/parser/HTMLTreeBuilderSimulator.cpp:
+        (WebCore::HTMLTreeBuilderSimulator::stateFor):
+        (WebCore):
+        * html/parser/HTMLTreeBuilderSimulator.h:
+        (WebCore):
+        (WebCore::HTMLTreeBuilderSimulator::state):
+        (WebCore::HTMLTreeBuilderSimulator::setState):
+        (HTMLTreeBuilderSimulator):
+
 2013-03-11  Abhishek Arya  <[email protected]>
 
         Replace static_casts with to* functions.

Modified: trunk/Source/WebCore/html/parser/BackgroundHTMLParser.cpp (145463 => 145464)


--- trunk/Source/WebCore/html/parser/BackgroundHTMLParser.cpp	2013-03-12 02:04:42 UTC (rev 145463)
+++ trunk/Source/WebCore/html/parser/BackgroundHTMLParser.cpp	2013-03-12 02:09:50 UTC (rev 145464)
@@ -65,9 +65,9 @@
 
 BackgroundHTMLParser::BackgroundHTMLParser(PassRefPtr<WeakReference<BackgroundHTMLParser> > reference, PassOwnPtr<Configuration> config)
     : m_weakFactory(reference, this)
-    , m_treeBuilderSimulator(config->options)
     , m_token(adoptPtr(new HTMLToken))
     , m_tokenizer(HTMLTokenizer::create(config->options))
+    , m_treeBuilderSimulator(config->options)
     , m_options(config->options)
     , m_parser(config->parser)
     , m_pendingTokens(adoptPtr(new CompactHTMLTokenStream))
@@ -88,6 +88,7 @@
     m_parser = checkpoint->parser;
     m_token = checkpoint->token.release();
     m_tokenizer = checkpoint->tokenizer.release();
+    m_treeBuilderSimulator.setState(checkpoint->treeBuilderState);
     m_input.rewindTo(checkpoint->inputCheckpoint, checkpoint->unparsedInput);
     m_preloadScanner->rewindTo(checkpoint->preloadScannerCheckpoint);
     pumpTokenizer();
@@ -174,6 +175,7 @@
     chunk->preloads.swap(m_pendingPreloads);
     chunk->xssInfos.swap(m_pendingXSSInfos);
     chunk->tokenizerState = m_tokenizer->state();
+    chunk->treeBuilderState = m_treeBuilderSimulator.state();
     chunk->inputCheckpoint = m_input.createCheckpoint();
     chunk->preloadScannerCheckpoint = m_preloadScanner->createCheckpoint();
     callOnMainThread(bind(&HTMLDocumentParser::didReceiveParsedChunkFromBackgroundParser, m_parser, chunk.release()));

Modified: trunk/Source/WebCore/html/parser/BackgroundHTMLParser.h (145463 => 145464)


--- trunk/Source/WebCore/html/parser/BackgroundHTMLParser.h	2013-03-12 02:04:42 UTC (rev 145463)
+++ trunk/Source/WebCore/html/parser/BackgroundHTMLParser.h	2013-03-12 02:09:50 UTC (rev 145464)
@@ -67,6 +67,7 @@
         WeakPtr<HTMLDocumentParser> parser;
         OwnPtr<HTMLToken> token;
         OwnPtr<HTMLTokenizer> tokenizer;
+        HTMLTreeBuilderSimulator::State treeBuilderState;
         HTMLInputCheckpoint inputCheckpoint;
         TokenPreloadScannerCheckpoint preloadScannerCheckpoint;
         String unparsedInput;
@@ -90,9 +91,9 @@
     WeakPtrFactory<BackgroundHTMLParser> m_weakFactory;
     BackgroundHTMLInputStream m_input;
     HTMLSourceTracker m_sourceTracker;
-    HTMLTreeBuilderSimulator m_treeBuilderSimulator;
     OwnPtr<HTMLToken> m_token;
     OwnPtr<HTMLTokenizer> m_tokenizer;
+    HTMLTreeBuilderSimulator m_treeBuilderSimulator;
     HTMLParserOptions m_options;
     WeakPtr<HTMLDocumentParser> m_parser;

Modified: trunk/Source/WebCore/html/parser/HTMLDocumentParser.cpp (145463 => 145464)


--- trunk/Source/WebCore/html/parser/HTMLDocumentParser.cpp	2013-03-12 02:04:42 UTC (rev 145463)
+++ trunk/Source/WebCore/html/parser/HTMLDocumentParser.cpp	2013-03-12 02:09:50 UTC (rev 145464)
@@ -354,7 +354,8 @@
     // sophisticated with the HTMLToken.
     if (m_currentChunk->tokenizerState == HTMLTokenizer::DataState
         && tokenizer->state() == HTMLTokenizer::DataState
-        && m_input.current().isEmpty()) {
+        && m_input.current().isEmpty()
+        && m_currentChunk->treeBuilderState == HTMLTreeBuilderSimulator::stateFor(m_treeBuilder.get())) {
         ASSERT(token->isUninitialized());
         return;
     }
@@ -371,6 +372,7 @@
     checkpoint->parser = m_weakFactory.createWeakPtr();
     checkpoint->token = token;
     checkpoint->tokenizer = tokenizer;
+    checkpoint->treeBuilderState = HTMLTreeBuilderSimulator::stateFor(m_treeBuilder.get());
     checkpoint->inputCheckpoint = m_currentChunk->inputCheckpoint;
     checkpoint->preloadScannerCheckpoint = m_currentChunk->preloadScannerCheckpoint;
     checkpoint->unparsedInput = m_input.current().toString().isolatedCopy();

Modified: trunk/Source/WebCore/html/parser/HTMLDocumentParser.h (145463 => 145464)


--- trunk/Source/WebCore/html/parser/HTMLDocumentParser.h	2013-03-12 02:04:42 UTC (rev 145463)
+++ trunk/Source/WebCore/html/parser/HTMLDocumentParser.h	2013-03-12 02:09:50 UTC (rev 145464)
@@ -37,6 +37,7 @@
 #include "HTMLSourceTracker.h"
 #include "HTMLToken.h"
 #include "HTMLTokenizer.h"
+#include "HTMLTreeBuilderSimulator.h"
 #include "ScriptableDocumentParser.h"
 #include "SegmentedString.h"
 #include "Timer.h"
@@ -91,6 +92,7 @@
         PreloadRequestStream preloads;
         XSSInfoStream xssInfos;
         HTMLTokenizer::State tokenizerState;
+        HTMLTreeBuilderSimulator::State treeBuilderState;
         HTMLInputCheckpoint inputCheckpoint;
         TokenPreloadScannerCheckpoint preloadScannerCheckpoint;
     };

Modified: trunk/Source/WebCore/html/parser/HTMLElementStack.h (145463 => 145464)


--- trunk/Source/WebCore/html/parser/HTMLElementStack.h	2013-03-12 02:04:42 UTC (rev 145463)
+++ trunk/Source/WebCore/html/parser/HTMLElementStack.h	2013-03-12 02:09:50 UTC (rev 145464)
@@ -57,6 +57,7 @@
     
         Element* element() const { return m_item->element(); }
         ContainerNode* node() const { return m_item->node(); }
+        const AtomicString& namespaceURI() const { return m_item->namespaceURI(); }
         PassRefPtr<HTMLStackItem> stackItem() const { return m_item; }
         void replaceElement(PassRefPtr<HTMLStackItem>);

Modified: trunk/Source/WebCore/html/parser/HTMLTreeBuilder.h (145463 => 145464)


--- trunk/Source/WebCore/html/parser/HTMLTreeBuilder.h	2013-03-12 02:04:42 UTC (rev 145463)
+++ trunk/Source/WebCore/html/parser/HTMLTreeBuilder.h	2013-03-12 02:09:50 UTC (rev 145464)
@@ -68,6 +68,8 @@
     }
     ~HTMLTreeBuilder();
 
+    const HTMLElementStack* openElements() const { return m_tree.openElements(); }
+
     bool isParsingFragment() const { return !!m_fragmentContext.fragment(); }
 #if ENABLE(TEMPLATE_ELEMENT)
     bool isParsingTemplateContents() const { return m_tree.openElements()->hasTemplateInHTMLScope(); }

Modified: trunk/Source/WebCore/html/parser/HTMLTreeBuilderSimulator.cpp (145463 => 145464)


--- trunk/Source/WebCore/html/parser/HTMLTreeBuilderSimulator.cpp	2013-03-12 02:04:42 UTC (rev 145463)
+++ trunk/Source/WebCore/html/parser/HTMLTreeBuilderSimulator.cpp	2013-03-12 02:09:50 UTC (rev 145464)
@@ -33,6 +33,7 @@
 #include "HTMLNames.h"
 #include "HTMLParserIdioms.h"
 #include "HTMLTokenizer.h"
+#include "HTMLTreeBuilder.h"
 #include "MathMLNames.h"
 #include "SVGNames.h"
 
@@ -117,6 +118,24 @@
     m_namespaceStack.append(HTML);
 }
 
+HTMLTreeBuilderSimulator::State HTMLTreeBuilderSimulator::stateFor(HTMLTreeBuilder* treeBuilder)
+{
+    ASSERT(isMainThread());
+    State namespaceStack;
+    for (HTMLElementStack::ElementRecord* record = treeBuilder->openElements()->topRecord(); record; record = record->next()) {
+        Namespace currentNamespace = HTML;
+        if (record->namespaceURI() == SVGNames::svgNamespaceURI)
+            currentNamespace = SVG;
+        else if (record->namespaceURI() == MathMLNames::mathmlNamespaceURI)
+            currentNamespace = MathML;
+
+        if (namespaceStack.isEmpty() || namespaceStack.last() != currentNamespace)
+            namespaceStack.append(currentNamespace);
+    }
+    namespaceStack.reverse();
+    return namespaceStack;
+}
+
 bool HTMLTreeBuilderSimulator::simulate(const CompactHTMLToken& token, HTMLTokenizer* tokenizer)
 {
     if (token.type() == HTMLToken::StartTag) {

Modified: trunk/Source/WebCore/html/parser/HTMLTreeBuilderSimulator.h (145463 => 145464)


--- trunk/Source/WebCore/html/parser/HTMLTreeBuilderSimulator.h	2013-03-12 02:04:42 UTC (rev 145463)
+++ trunk/Source/WebCore/html/parser/HTMLTreeBuilderSimulator.h	2013-03-12 02:09:50 UTC (rev 145464)
@@ -29,19 +29,17 @@
 #if ENABLE(THREADED_HTML_PARSER)
 
 #include "HTMLParserOptions.h"
+#include <wtf/PassOwnPtr.h>
 #include <wtf/Vector.h>
 
 namespace WebCore {
 
 class CompactHTMLToken;
 class HTMLTokenizer;
+class HTMLTreeBuilder;
 
 class HTMLTreeBuilderSimulator {
     WTF_MAKE_FAST_ALLOCATED;
-public:
-    explicit HTMLTreeBuilderSimulator(const HTMLParserOptions&);
-    bool simulate(const CompactHTMLToken&, HTMLTokenizer*);
-
 private:
     enum Namespace {
         HTML,
@@ -49,10 +47,25 @@
         MathML
     };
 
+public:
+    typedef Vector<Namespace, 1> State;
+
+    explicit HTMLTreeBuilderSimulator(const HTMLParserOptions&);
+
+    static State stateFor(HTMLTreeBuilder*);
+
+    const State& state() const { return m_namespaceStack; }
+    void setState(const State& state) { m_namespaceStack = state; }
+
+    bool simulate(const CompactHTMLToken&, HTMLTokenizer*);
+
+private:
+    explicit HTMLTreeBuilderSimulator(HTMLTreeBuilder*);
+
     bool inForeignContent() const { return m_namespaceStack.last() != HTML; }
 
     HTMLParserOptions m_options;
-    Vector<Namespace, 1> m_namespaceStack;
+    State m_namespaceStack;
 };
 
 }

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to