Changeset 51101 in webkit
- Timestamp:
- Nov 17, 2009 9:19:24 PM (14 years ago)
- Location:
- trunk
- Files:
-
- 3 added
- 4 edited
-
LayoutTests/ChangeLog (modified) (1 diff)
-
LayoutTests/fast/parser/block-nesting-cap-table-expected.txt (added)
-
LayoutTests/fast/parser/block-nesting-cap-table.html (added)
-
LayoutTests/fast/parser/script-tests/block-nesting-cap-table.js (added)
-
WebCore/ChangeLog (modified) (1 diff)
-
WebCore/html/HTMLParser.cpp (modified) (5 diffs)
-
WebCore/html/HTMLParser.h (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r51097 r51101 1 2009-11-17 Hayato Ito <hayato@google.com> 2 3 Reviewed by Darin Adler. 4 5 Avoid infinite mutual recursion when deeply nested tags are loaded 6 https://bugs.webkit.org/show_bug.cgi?id=30651 7 8 * fast/parser/block-nesting-cap-table-expected.txt: Added. 9 * fast/parser/block-nesting-cap-table.html: Added. 10 * fast/parser/script-tests/block-nesting-cap-table.js: Added. 11 1 12 2009-11-17 Johnny Ding <jnd@chromium.org> 2 13 -
trunk/WebCore/ChangeLog
r51098 r51101 1 2009-11-17 Hayato Ito <hayato@google.com> 2 3 Reviewed by Darin Adler. 4 5 Avoid infinite mutual recursion when deeply nested tags are loaded 6 https://bugs.webkit.org/show_bug.cgi?id=30651 7 8 Test: fast/parser/block-nesting-cap-table.html 9 10 * html/HTMLParser.cpp: 11 (WebCore::HTMLParser::parseToken): 12 (WebCore::tagPriorityOfNode): 13 (WebCore::HTMLParser::limitBlockDepth): 14 (WebCore::HTMLParser::insertNodeAfterLimitBlockDepth): 15 (WebCore::HTMLParser::insertNode): 16 * html/HTMLParser.h: 17 1 18 2009-11-17 Brent Fulgham <bfulgham@webkit.org> 2 19 -
trunk/WebCore/html/HTMLParser.cpp
r47489 r51101 204 204 } 205 205 206 inline static int tagPriorityOfNode(Node* n) 207 { 208 return n->isHTMLElement() ? static_cast<HTMLElement*>(n)->tagPriority() : 0; 209 } 210 211 inline void HTMLParser::limitBlockDepth(int tagPriority) 212 { 213 if (tagPriority >= minBlockLevelTagPriority) { 214 while (m_blocksInStack >= cMaxBlockDepth) 215 popBlock(m_blockStack->tagName); 216 } 217 } 218 219 inline bool HTMLParser::insertNodeAfterLimitBlockDepth(Node* n, bool flat) 220 { 221 limitBlockDepth(tagPriorityOfNode(n)); 222 return insertNode(n, flat); 223 } 224 206 225 PassRefPtr<Node> HTMLParser::parseToken(Token* t) 207 226 { … … 242 261 // split large blocks of text to nodes of manageable size 243 262 n = Text::createWithLengthLimit(m_document, text, charsLeft); 244 if (!insertNode (n.get(), t->selfClosingTag))263 if (!insertNodeAfterLimitBlockDepth(n.get(), t->selfClosingTag)) 245 264 return 0; 246 265 } … … 272 291 } 273 292 274 if (!insertNode (n.get(), t->selfClosingTag)) {293 if (!insertNodeAfterLimitBlockDepth(n.get(), t->selfClosingTag)) { 275 294 // we couldn't insert the node 276 295 … … 330 349 331 350 const AtomicString& localName = n->localName(); 332 int tagPriority = n->isHTMLElement() ? static_cast<HTMLElement*>(n)->tagPriority() : 0;333 351 334 352 // <table> is never allowed inside stray table content. Always pop out of the stray table content … … 337 355 popBlock(tableTag); 338 356 339 if (tagPriority >= minBlockLevelTagPriority) {340 while (m_blocksInStack >= cMaxBlockDepth)341 popBlock(m_blockStack->tagName);342 }343 344 357 if (m_parserQuirks && !m_parserQuirks->shouldInsertNode(m_current, n)) 345 358 return false; 359 360 int tagPriority = tagPriorityOfNode(n); 346 361 347 362 // let's be stupid and just try to insert it. -
trunk/WebCore/html/HTMLParser.h
r45891 r51101 112 112 void processCloseTag(Token*); 113 113 114 void limitBlockDepth(int tagPriority); 115 116 bool insertNodeAfterLimitBlockDepth(Node*, bool flat = false); 114 117 bool insertNode(Node*, bool flat = false); 115 118 bool handleError(Node*, bool flat, const AtomicString& localName, int tagPriority);
Note: See TracChangeset
for help on using the changeset viewer.
