Changeset 190760 in webkit
- Timestamp:
- Oct 8, 2015 4:45:11 PM (8 years ago)
- Location:
- trunk
- Files:
-
- 3 added
- 5 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r190757 r190760 1 2015-10-08 Jiewen Tan <jiewen_tan@apple.com> 2 3 Gracefully handle XMLDocumentParser being detached by mutation events. 4 https://bugs.webkit.org/show_bug.cgi?id=149485 5 <rdar://problem/22811489> 6 7 Reviewed by Darin Adler. 8 9 * fast/parser/resources/xhtml-overwrite-frame.xhtml: Added. 10 * fast/parser/xhtml-dom-character-data-modified-crash-expected.txt: Added. 11 * fast/parser/xhtml-dom-character-data-modified-crash.html: Added. 12 1 13 2015-10-08 Jiewen Tan <jiewen_tan@apple.com> 2 14 -
trunk/Source/WebCore/ChangeLog
r190755 r190760 1 2015-10-08 Jiewen Tan <jiewen_tan@apple.com> 2 3 Gracefully handle XMLDocumentParser being detached by mutation events. 4 https://bugs.webkit.org/show_bug.cgi?id=149485 5 <rdar://problem/22811489> 6 7 This is a merge of Blink change 200026, 8 https://codereview.chromium.org/1267283002 9 10 Reviewed by Darin Adler. 11 12 Test: fast/parser/xhtml-dom-character-data-modified-crash.html 13 14 * xml/parser/XMLDocumentParser.cpp: 15 (WebCore::XMLDocumentParser::createLeafTextNode): 16 Renamed from enterText() to make it more descriptive. 17 18 (WebCore::XMLDocumentParser::updateLeafTextNode): 19 Renamed from exitText to firm up this stage. 20 21 (WebCore::XMLDocumentParser::end): 22 Gracefully handle stopped states. 23 24 (WebCore::XMLDocumentParser::enterText): Deleted. 25 (WebCore::XMLDocumentParser::exitText): Deleted. 26 27 * xml/parser/XMLDocumentParser.h: 28 Rename enterText to createLeafTextNode. 29 Rename exitText to updateLeafTextNode. 30 31 * xml/parser/XMLDocumentParserLibxml2.cpp: 32 (WebCore::XMLDocumentParser::startElementNs): 33 (WebCore::XMLDocumentParser::endElementNs): 34 (WebCore::XMLDocumentParser::characters): 35 (WebCore::XMLDocumentParser::processingInstruction): 36 (WebCore::XMLDocumentParser::cdataBlock): 37 (WebCore::XMLDocumentParser::comment): 38 (WebCore::XMLDocumentParser::endDocument): 39 Rename function calls and firm up updateLeafTextNode stage accordingly. 40 1 41 2015-10-08 Chris Dumez <cdumez@apple.com> 2 42 -
trunk/Source/WebCore/xml/parser/XMLDocumentParser.cpp
r189945 r190760 137 137 } 138 138 139 void XMLDocumentParser::enterText() 140 { 139 void XMLDocumentParser::createLeafTextNode() 140 { 141 if (m_leafTextNode) 142 return; 143 141 144 ASSERT(m_bufferedText.size() == 0); 142 145 ASSERT(!m_leafTextNode); … … 151 154 152 155 153 void XMLDocumentParser::exitText()156 bool XMLDocumentParser::updateLeafTextNode() 154 157 { 155 158 if (isStopped()) 156 return ;159 return false; 157 160 158 161 if (!m_leafTextNode) 159 return; 160 162 return true; 163 164 // This operation might fire mutation event, see below. 161 165 m_leafTextNode->appendData(toString(m_bufferedText.data(), m_bufferedText.size())); 162 Vector<xmlChar> empty; 163 m_bufferedText.swap(empty); 166 m_bufferedText = { }; 164 167 165 168 m_leafTextNode = nullptr; 169 170 // Hence, we need to check again whether the parser is stopped, since mutation 171 // event handlers executed by appendData might have detached this parser. 172 return !isStopped(); 166 173 } 167 174 … … 192 199 insertErrorMessageBlock(); 193 200 else { 194 exitText();201 updateLeafTextNode(); 195 202 document()->styleResolverChanged(RecalcStyleImmediately); 196 203 } -
trunk/Source/WebCore/xml/parser/XMLDocumentParser.h
r189776 r190760 147 147 void insertErrorMessageBlock(); 148 148 149 void enterText();150 void exitText();149 void createLeafTextNode(); 150 bool updateLeafTextNode(); 151 151 152 152 void doWrite(const String&); -
trunk/Source/WebCore/xml/parser/XMLDocumentParserLibxml2.cpp
r190068 r190760 798 798 } 799 799 800 exitText(); 800 if (!updateLeafTextNode()) 801 return; 801 802 802 803 AtomicString localName = toAtomicString(xmlLocalName); … … 878 879 Ref<XMLDocumentParser> protect(*this); 879 880 880 exitText(); 881 if (!updateLeafTextNode()) 882 return; 881 883 882 884 RefPtr<ContainerNode> node = m_currentNode; … … 953 955 954 956 if (!m_leafTextNode) 955 enterText();957 createLeafTextNode(); 956 958 m_bufferedText.append(s, len); 957 959 } … … 992 994 } 993 995 994 exitText(); 996 if (!updateLeafTextNode()) 997 return; 995 998 996 999 // ### handle exceptions … … 1026 1029 } 1027 1030 1028 exitText(); 1031 if (!updateLeafTextNode()) 1032 return; 1029 1033 1030 1034 auto newNode = CDATASection::create(m_currentNode->document(), toString(s, len)); … … 1042 1046 } 1043 1047 1044 exitText(); 1048 if (!updateLeafTextNode()) 1049 return; 1045 1050 1046 1051 auto newNode = Comment::create(m_currentNode->document(), toString(s)); … … 1074 1079 void XMLDocumentParser::endDocument() 1075 1080 { 1076 exitText();1081 updateLeafTextNode(); 1077 1082 } 1078 1083
Note: See TracChangeset
for help on using the changeset viewer.