Changeset 197528 in webkit

Timestamp:

Mar 3, 2016 4:28:44 PM (8 years ago)

Author:

rniwa@webkit.org

Message:

Source/WebCore:
Disallow custom elements inside a window-less documents
​https://bugs.webkit.org/show_bug.cgi?id=154944
<rdar://problem/24944875>

Reviewed by Antti Koivisto.

Disallow custom elements inside a window-less documents such as the shared inert document of template elements
and the ones created by DOMImplementation.createDocument and DOMImplementation.createHTMLDocument.

Throw NotSupportedError in defineCustomElement when it's called in such a document as discussed in:
​https://github.com/w3c/webcomponents/issues/369

Tests: fast/custom-elements/parser/parser-constructs-custom-element-in-document-write.html

fast/custom-elements/parser/parser-uses-registry-of-owner-document.html

• bindings/js/JSDOMBinding.cpp:

(WebCore::throwNotSupportedError): Added.

• bindings/js/JSDOMBinding.h:
• bindings/js/JSDocumentCustom.cpp:

(WebCore::JSDocument::defineCustomElement): Throw NotSupportedError when the context object's document doesn't
have a browsing context (i.e. window-less).

• html/parser/HTMLDocumentParser.cpp:

(WebCore::HTMLDocumentParser::runScriptsForPausedTreeBuilder): Replaced a FIXME with an assertion now that we
disallow instantiation of custom elements inside a template element.

LayoutTests:
Disallow custom elements inside template elements and share the registry for windowless documents
​https://bugs.webkit.org/show_bug.cgi?id=154944
<rdar://problem/24944875>

Reviewed by Antti Koivisto.

Added various tests to ensure the custom elements registry is not shared between documents with
distinct browsing context (e.g. iframes) but shared among the ones that share a single browsing context
(e.g. documents created by DOMImplementation).

Also added a test case for defineCustomElement to ensure it throws NotSupportedError when it's called on
a template element's inert owner document as well as a basic test case for document.write.

• fast/custom-elements/Document-defineCustomElement-expected.txt:
• fast/custom-elements/Document-defineCustomElement.html: Added a new test case.
• fast/custom-elements/parser/parser-constructs-custom-element-in-document-write-expected.txt: Added.
• fast/custom-elements/parser/parser-constructs-custom-element-in-document-write.html: Added.
• fast/custom-elements/parser/parser-uses-registry-of-owner-document-expected.txt: Added.
• fast/custom-elements/parser/parser-uses-registry-of-owner-document.html: Added.

Location:

trunk

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/fast/custom-elements/Document-defineCustomElement-expected.txt (modified) (1 diff)
• LayoutTests/fast/custom-elements/Document-defineCustomElement.html (modified) (1 diff)
• LayoutTests/fast/custom-elements/parser/parser-constructs-custom-element-in-document-write-expected.txt (added)
• LayoutTests/fast/custom-elements/parser/parser-constructs-custom-element-in-document-write.html (added)
• LayoutTests/fast/custom-elements/parser/parser-uses-registry-of-owner-document-expected.txt (added)
• LayoutTests/fast/custom-elements/parser/parser-uses-registry-of-owner-document.html (added)
• Source/WebCore/ChangeLog (modified) (1 diff)
• Source/WebCore/bindings/js/JSDOMBinding.cpp (modified) (1 diff)
• Source/WebCore/bindings/js/JSDOMBinding.h (modified) (1 diff)
• Source/WebCore/bindings/js/JSDocumentCustom.cpp (modified) (2 diffs)
• Source/WebCore/html/parser/HTMLDocumentParser.cpp (modified) (1 diff)
• Source/WebCore/html/parser/HTMLTreeBuilder.h (modified) (2 diffs)

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2016-03-02  Ryosuke Niwa  <rniwa@webkit.org>
+
+        Disallow custom elements inside template elements and share the registry for windowless documents
+        https://bugs.webkit.org/show_bug.cgi?id=154944
+        <rdar://problem/24944875>
+
+        Reviewed by Antti Koivisto.
+
+        Added various tests to ensure the custom elements registry is not shared between documents with
+        distinct browsing context (e.g. iframes) but shared among the ones that share a single browsing context
+        (e.g. documents created by DOMImplementation).
+
+        Also added a test case for defineCustomElement to ensure it throws NotSupportedError when it's called on
+        a template element's inert owner document as well as a basic test case for document.write.
+
+        * fast/custom-elements/Document-defineCustomElement-expected.txt:
+        * fast/custom-elements/Document-defineCustomElement.html: Added a new test case.
+        * fast/custom-elements/parser/parser-constructs-custom-element-in-document-write-expected.txt: Added.
+        * fast/custom-elements/parser/parser-constructs-custom-element-in-document-write.html: Added.
+        * fast/custom-elements/parser/parser-uses-registry-of-owner-document-expected.txt: Added.
+        * fast/custom-elements/parser/parser-uses-registry-of-owner-document.html: Added.
+
 2016-03-03  Zalan Bujtas  <zalan@apple.com>
 

trunk/LayoutTests/fast/custom-elements/Document-defineCustomElement-expected.txt

@@ -3 +3 @@
 PASS document.defineCustomElement should throw with an invalid name 
 PASS document.defineCustomElement should throw with a duplicate name 
+PASS document.defineCustomElement must throw a NotSupportedError when the context object is an associated inert template document 
+PASS document.defineCustomElement must throw a NotSupportedError when the context object is created by DOMImplementation.createHTMLDocument 
+PASS document.defineCustomElement must throw a NotSupportedError when the context object is created by DOMImplementation.createDocument 
 PASS document.defineCustomElement should throw when the element interface is not a constructor 
 PASS document.defineCustomElement should define an instantiatable custom element 

trunk/LayoutTests/fast/custom-elements/Document-defineCustomElement.html

@@ -59 +59 @@
 
 test(function () {
+    class SomeCustomElement extends HTMLElement {};
+
+    var templateContentOwnerDocument = document.createElement('template').content.ownerDocument;
+    assert_throws({'name': 'NotSupportedError'}, function () {
+        templateContentOwnerDocument.defineCustomElement('some-custom-element', SomeCustomElement);
+    });
+
+}, 'document.defineCustomElement must throw a NotSupportedError when the context object is an associated inert template document');
+
+test(function () {
+    class SomeCustomElement extends HTMLElement {};
+
+    var windowlessDocument = document.implementation.createHTMLDocument();
+    assert_throws({'name': 'NotSupportedError'}, function () {
+        windowlessDocument.defineCustomElement('some-custom-element', SomeCustomElement);
+    });
+
+}, 'document.defineCustomElement must throw a NotSupportedError when the context object is created by DOMImplementation.createHTMLDocument');
+
+test(function () {
+    class SomeCustomElement extends HTMLElement {};
+
+    var windowlessDocument = document.implementation.createDocument('http://www.w3.org/1999/xhtml', 'html', null)
+    assert_throws({'name': 'NotSupportedError'}, function () {
+        windowlessDocument.defineCustomElement('some-custom-element', SomeCustomElement);
+    });
+
+}, 'document.defineCustomElement must throw a NotSupportedError when the context object is created by DOMImplementation.createDocument');
+
+test(function () {
     assert_throws({'name': 'TypeError'}, function () { document.defineCustomElement('invalid-element', 1); },
         'document.defineCustomElement must throw a TypeError when the element interface is a number');

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2016-03-03  Ryosuke Niwa  <rniwa@webkit.org>
+
+        Disallow custom elements inside a window-less documents
+        https://bugs.webkit.org/show_bug.cgi?id=154944
+        <rdar://problem/24944875>
+
+        Reviewed by Antti Koivisto.
+
+        Disallow custom elements inside a window-less documents such as the shared inert document of template elements
+        and the ones created by DOMImplementation.createDocument and DOMImplementation.createHTMLDocument.
+
+        Throw NotSupportedError in defineCustomElement when it's called in such a document as discussed in:
+        https://github.com/w3c/webcomponents/issues/369
+
+        Tests: fast/custom-elements/parser/parser-constructs-custom-element-in-document-write.html
+               fast/custom-elements/parser/parser-uses-registry-of-owner-document.html
+
+        * bindings/js/JSDOMBinding.cpp:
+        (WebCore::throwNotSupportedError): Added.
+        * bindings/js/JSDOMBinding.h:
+        * bindings/js/JSDocumentCustom.cpp:
+        (WebCore::JSDocument::defineCustomElement): Throw NotSupportedError when the context object's document doesn't
+        have a browsing context (i.e. window-less).
+        * html/parser/HTMLDocumentParser.cpp:
+        (WebCore::HTMLDocumentParser::runScriptsForPausedTreeBuilder): Replaced a FIXME with an assertion now that we
+        disallow instantiation of custom elements inside a template element.
+
 2016-03-03  Alex Christensen  <achristensen@webkit.org>
 

trunk/Source/WebCore/bindings/js/JSDOMBinding.cpp

@@ -636 +636 @@
 }
 
+void throwNotSupportedError(JSC::ExecState& state, const char* message)
+{
+    ASSERT(!state.hadException());
+    String messageString(message);
+    state.vm().throwException(&state, createDOMException(&state, NOT_SUPPORTED_ERR, &messageString));
+}
+
 JSC::EncodedJSValue throwArgumentMustBeEnumError(JSC::ExecState& state, unsigned argumentIndex, const char* argumentName, const char* functionInterfaceName, const char* functionName, const char* expectedValues)
 {

trunk/Source/WebCore/bindings/js/JSDOMBinding.h

@@ -85 +85 @@
 WEBCORE_EXPORT void reportDeprecatedSetterError(JSC::ExecState&, const char* interfaceName, const char* attributeName);
 
+void throwNotSupportedError(JSC::ExecState&, const char* message);
 void throwArrayElementTypeError(JSC::ExecState&);
 void throwAttributeTypeError(JSC::ExecState&, const char* interfaceName, const char* attributeName, const char* expectedType);

trunk/Source/WebCore/bindings/js/JSDocumentCustom.cpp

@@ -148 +148 @@
 
     Document& document = wrapped();
+    if (!document.domWindow()) {
+        throwNotSupportedError(state, "Cannot define a custom element in a docuemnt without a browsing context");
+        return jsUndefined();
+    }
+
     switch (CustomElementDefinitions::checkName(tagName)) {
     case CustomElementDefinitions::NameStatus::Valid:
@@ -162 +167 @@
     auto& definitions = document.ensureCustomElementDefinitions();
     if (definitions.findInterface(tagName)) {
-        ExceptionCodeWithMessage ec;
-        ec.code = NOT_SUPPORTED_ERR;
-        ec.message = "Cannot define multiple custom elements with the same tag name";
-        setDOMException(&state, ec);
+        throwNotSupportedError(state, "Cannot define multiple custom elements with the same tag name");
         return jsUndefined();
     }

trunk/Source/WebCore/html/parser/HTMLDocumentParser.cpp

@@ -197 +197 @@
         RefPtr<Element> newElement = constructionData->interface->constructElement(constructionData->name, JSCustomElementInterface::ShouldClearException::Clear);
         if (!newElement) {
-            // FIXME: This call to docuemnt() is wrong for elements inside a template element.
+            ASSERT(!m_treeBuilder->isParsingTemplateContents());
             newElement = HTMLUnknownElement::create(QualifiedName(nullAtom, constructionData->name, xhtmlNamespaceURI), *document());
         }

trunk/Source/WebCore/html/parser/HTMLTreeBuilder.h

@@ -62 +62 @@
     void constructTree(AtomicHTMLToken&);
 
+    bool isParsingTemplateContents() const;
     bool hasParserBlockingScriptWork() const;
 
@@ -108 +109 @@
     };
 
-    bool isParsingTemplateContents() const;
     bool isParsingFragmentOrTemplateContents() const;