Changeset 34722 in webkit
- Timestamp:
- Jun 21, 2008 4:49:34 PM (16 years ago)
- Location:
- trunk
- Files:
-
- 12 added
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r34721 r34722 1 2008-06-21 David Kilzer <ddkilzer@apple.com> 2 3 Bug 7931: Escaped elements within a textarea block can cause the textarea box to be closed prematurely 4 5 <https://bugs.webkit.org/show_bug.cgi?id=7931> 6 7 Reviewed by Darin. 8 9 The entity-end-textarea-tag.html contains 11 test cases: one 10 for each character in '</textarea>'. The rest of the tests 11 only test one encoding: '<' as '<'. 12 13 * fast/parser/entity-end-iframe-tag-expected.txt: Added. 14 * fast/parser/entity-end-iframe-tag.html: Added. 15 * fast/parser/entity-end-script-tag-expected.txt: Added. 16 * fast/parser/entity-end-script-tag.html: Added. 17 * fast/parser/entity-end-style-tag-expected.txt: Added. 18 * fast/parser/entity-end-style-tag.html: Added. 19 * fast/parser/entity-end-textarea-tag-expected.txt: Added. 20 * fast/parser/entity-end-textarea-tag.html: Added. 21 * fast/parser/entity-end-title-tag-expected.txt: Added. 22 * fast/parser/entity-end-title-tag.html: Added. 23 * fast/parser/entity-end-xmp-tag-expected.txt: Added. 24 * fast/parser/entity-end-xmp-tag.html: Added. 25 1 26 2008-06-21 Sam Weinig <sam@webkit.org> 2 27 -
trunk/WebCore/ChangeLog
r34721 r34722 1 2008-06-21 David Kilzer <ddkilzer@apple.com> 2 3 Bug 7931: Escaped elements within a textarea block can cause the textarea box to be closed prematurely 4 5 <https://bugs.webkit.org/show_bug.cgi?id=7931> 6 7 Reviewed by Darin. 8 9 Tests: fast/parser/entity-end-iframe-tag.html 10 fast/parser/entity-end-script-tag.html 11 fast/parser/entity-end-style-tag.html 12 fast/parser/entity-end-textarea-tag.html 13 fast/parser/entity-end-title-tag.html 14 fast/parser/entity-end-xmp-tag.html 15 16 Previously the parser accepted end tags for textarea, title and 17 iframe elements that contained entity-escaped characters such as 18 '<'. The fix is to save the position of the last entity-escaped 19 character converted and to use that to make sure the end tag does 20 not contain an escaped character. 21 22 Note that this was not an issue for script, style and xmp elements 23 since they already ignored entity-escaped characters. 24 25 * html/HTMLTokenizer.cpp: 26 (WebCore::HTMLTokenizer::parseSpecial): When looking for a closing 27 tag, ignore any text with entity-escaped characters by making sure 28 lastDecodedEntityPosition is less than the first character of the 29 end tag. 30 1 31 2008-06-21 Sam Weinig <sam@webkit.org> 2 32 -
trunk/WebCore/html/HTMLTokenizer.cpp
r34589 r34722 313 313 state = parseComment(src, state); 314 314 315 int lastDecodedEntityPosition = -1; 315 316 while ( !src.isEmpty() ) { 316 317 checkScriptBuffer(); … … 363 364 if (!scriptCodeResync && !state.escaped() && !src.escaped() && (ch == '>' || ch == '/' || isASCIISpace(ch)) && 364 365 scriptCodeSize >= searchStopperLen && 365 tagMatch( searchStopper, scriptCode+scriptCodeSize-searchStopperLen, searchStopperLen )) { 366 tagMatch(searchStopper, scriptCode + scriptCodeSize - searchStopperLen, searchStopperLen) && 367 (lastDecodedEntityPosition < scriptCodeSize - searchStopperLen)) { 366 368 scriptCodeResync = scriptCodeSize-searchStopperLen+1; 367 369 tquote = NoQuote; … … 382 384 state = parseEntity(src, scriptCodeDest, state, m_cBufferPos, true, false); 383 385 scriptCodeSize = scriptCodeDest - scriptCode; 386 lastDecodedEntityPosition = scriptCodeSize; 384 387 } else { 385 388 scriptCode[scriptCodeSize++] = ch;
Note: See TracChangeset
for help on using the changeset viewer.