Changeset 61966 in webkit

Timestamp:

Jun 27, 2010 1:38:22 AM (14 years ago)

Author:

abarth@webkit.org

Message:

2010-06-27 Adam Barth <​abarth@webkit.org>

Reviewed by Eric Seidel.

HTML5 tree builder should be able to execute inline scripts
​https://bugs.webkit.org/show_bug.cgi?id=41257

This patch implements enough machinery so that we can execute inline
scripts in extremely simple documents such as the following:

<html>
<script>
alert(1);
</script>

To get this to work, I had to flesh out a surprising amount of the data
structures for processing the <head>. No tests because this is
already covered by most LayoutTests.

• html/HTMLTreeBuilder.cpp: (WebCore::HTMLTreeBuilder::HTMLTreeBuilder): (WebCore::HTMLTreeBuilder::constructTreeFromToken): (WebCore::HTMLTreeBuilder::processStartTag): (WebCore::HTMLTreeBuilder::processEndTag): (WebCore::HTMLTreeBuilder::processCharacter): (WebCore::HTMLTreeBuilder::insertComment): (WebCore::HTMLTreeBuilder::insertElement): (WebCore::HTMLTreeBuilder::insertScriptElement):
• html/HTMLTreeBuilder.h: (WebCore::HTMLTreeBuilder::ElementRecord::ElementRecord): (WebCore::HTMLTreeBuilder::ElementRecord::element): (WebCore::HTMLTreeBuilder::ElementRecord::next): (WebCore::HTMLTreeBuilder::ElementRecord::releaseNext): (WebCore::HTMLTreeBuilder::ElementRecord::setNext): (WebCore::HTMLTreeBuilder::ElementStack::pop): (WebCore::HTMLTreeBuilder::ElementStack::push): (WebCore::HTMLTreeBuilder::ElementStack::top): (WebCore::HTMLTreeBuilder::ElementStack::remove): (WebCore::HTMLTreeBuilder::currentElement):

Location:

trunk/WebCore

Files:

• ChangeLog (modified) (1 diff)
• html/HTMLTreeBuilder.cpp (modified) (9 diffs)
• html/HTMLTreeBuilder.h (modified) (5 diffs)

trunk/WebCore/ChangeLog

@@ +1 @@
+2010-06-27  Adam Barth  <abarth@webkit.org>
+
+        Reviewed by Eric Seidel.
+
+        HTML5 tree builder should be able to execute inline scripts
+        https://bugs.webkit.org/show_bug.cgi?id=41257
+
+        This patch implements enough machinery so that we can execute inline
+        scripts in extremely simple documents such as the following:
+
+        <html>
+        <script>
+        alert(1);
+        </script>
+
+        To get this to work, I had to flesh out a surprising amount of the data
+        structures for processing the <head>.  No tests because this is
+        already covered by most LayoutTests.
+
+        * html/HTMLTreeBuilder.cpp:
+        (WebCore::HTMLTreeBuilder::HTMLTreeBuilder):
+        (WebCore::HTMLTreeBuilder::constructTreeFromToken):
+        (WebCore::HTMLTreeBuilder::processStartTag):
+        (WebCore::HTMLTreeBuilder::processEndTag):
+        (WebCore::HTMLTreeBuilder::processCharacter):
+        (WebCore::HTMLTreeBuilder::insertComment):
+        (WebCore::HTMLTreeBuilder::insertElement):
+        (WebCore::HTMLTreeBuilder::insertScriptElement):
+        * html/HTMLTreeBuilder.h:
+        (WebCore::HTMLTreeBuilder::ElementRecord::ElementRecord):
+        (WebCore::HTMLTreeBuilder::ElementRecord::element):
+        (WebCore::HTMLTreeBuilder::ElementRecord::next):
+        (WebCore::HTMLTreeBuilder::ElementRecord::releaseNext):
+        (WebCore::HTMLTreeBuilder::ElementRecord::setNext):
+        (WebCore::HTMLTreeBuilder::ElementStack::pop):
+        (WebCore::HTMLTreeBuilder::ElementStack::push):
+        (WebCore::HTMLTreeBuilder::ElementStack::top):
+        (WebCore::HTMLTreeBuilder::ElementStack::remove):
+        (WebCore::HTMLTreeBuilder::currentElement):
+
 2010-06-26  Brady Eidson  <beidson@apple.com>
 

trunk/WebCore/html/HTMLTreeBuilder.cpp

@@ -27 +27 @@
 #include "HTMLTreeBuilder.h"
 
+#include "Comment.h"
 #include "DocumentFragment.h"
 #include "Element.h"
 #include "Frame.h"
+#include "HTMLElementFactory.h"
+#include "HTMLScriptElement.h"
 #include "HTMLTokenizer.h"
 #include "HTMLToken.h"
@@ -39 +42 @@
 #include "NotImplemented.h"
 #include "ScriptController.h"
+#include "Text.h"
 #include <wtf/UnusedParam.h>
 
@@ -62 +66 @@
     , m_isPaused(false)
     , m_insertionMode(InitialMode)
+    , m_originalInsertionMode(InitialMode)
     , m_tokenizer(tokenizer)
     , m_legacyTreeBuilder(new LegacyHTMLTreeBuilder(document, reportErrors))
@@ -78 +83 @@
     , m_isPaused(false)
     , m_insertionMode(InitialMode)
+    , m_originalInsertionMode(InitialMode)
     , m_tokenizer(tokenizer)
     , m_legacyTreeBuilder(new LegacyHTMLTreeBuilder(fragment, scriptingPermission))
@@ -302 +308 @@
         }
         if (token.name() == headTag) {
-            m_headElement = insertElement(token);
+            insertElement(token);
+            m_headElement = currentElement();
             setInsertionMode(InHeadMode);
             return;
@@ -461 +468 @@
         ASSERT(insertionMode() == InHeadNoscriptMode);
         if (token.name() == noscriptTag) {
-            ASSERT(m_openElements.top()->tagQName() == noscriptTag);
+            ASSERT(currentElement()->tagQName() == noscriptTag);
             m_openElements.pop();
-            ASSERT(m_openElements.top()->tagQName() == headTag);
+            ASSERT(currentElement()->tagQName() == headTag);
             setInsertionMode(InHeadMode);
             return;
@@ -473 +480 @@
         processDefaultForInHeadNoscriptMode(token);
         processToken(token);
+    case TextMode:
+        if (token.name() == scriptTag) {
+            // Pause ourselves so that parsing stops until the script can be processed by the caller.
+            m_isPaused = true;
+            ASSERT(currentElement()->tagQName() == scriptTag);
+            m_scriptToProcess = currentElement();
+            m_openElements.pop();
+            m_insertionMode = m_originalInsertionMode;
+            return;
+        }
+        notImplemented();
+        break;
     default:
         notImplemented();
@@ -487 +506 @@
 }
 
-void HTMLTreeBuilder::processCharacter(AtomicHTMLToken&)
-{
+void HTMLTreeBuilder::processCharacter(AtomicHTMLToken& token)
+{
+    if (insertionMode() == TextMode) {
+        currentElement()->addChild(Text::create(m_document, token.characters()));
+        return;
+    }
     // FIXME: We need to figure out how to handle each character individually.
     notImplemented();
@@ -575 +598 @@
 void HTMLTreeBuilder::insertComment(AtomicHTMLToken& token)
 {
-    ASSERT_UNUSED(token, token.type() == HTMLToken::Comment);
-}
-
-PassRefPtr<Element> HTMLTreeBuilder::insertElement(AtomicHTMLToken& token)
+    ASSERT(token.type() == HTMLToken::Comment);
+    RefPtr<Node> element = Comment::create(m_document, token.comment());
+    currentElement()->addChild(element);
+}
+
+void HTMLTreeBuilder::insertElement(AtomicHTMLToken& token)
+{
+    ASSERT(token.type() == HTMLToken::StartTag);
+    RefPtr<Element> element = HTMLElementFactory::createHTMLElement(QualifiedName(nullAtom, token.name(), xhtmlNamespaceURI), m_document, 0);
+    currentElement()->addChild(element);
+    m_openElements.push(element.release());
+}
+
+void HTMLTreeBuilder::insertCharacter(UChar cc)
+{
+    ASSERT_UNUSED(cc, cc);
+}
+
+void HTMLTreeBuilder::insertGenericRCDATAElement(AtomicHTMLToken& token)
 {
     ASSERT_UNUSED(token, token.type() == HTMLToken::StartTag);
-    return 0;
-}
-
-void HTMLTreeBuilder::insertCharacter(UChar cc)
-{
-    ASSERT_UNUSED(cc, cc);
-}
-
-void HTMLTreeBuilder::insertGenericRCDATAElement(AtomicHTMLToken& token)
+}
+
+void HTMLTreeBuilder::insertGenericRawTextElement(AtomicHTMLToken& token)
 {
     ASSERT_UNUSED(token, token.type() == HTMLToken::StartTag);
 }
 
-void HTMLTreeBuilder::insertGenericRawTextElement(AtomicHTMLToken& token)
+void HTMLTreeBuilder::insertScriptElement(AtomicHTMLToken& token)
 {
     ASSERT_UNUSED(token, token.type() == HTMLToken::StartTag);
-}
-
-void HTMLTreeBuilder::insertScriptElement(AtomicHTMLToken& token)
-{
-    ASSERT_UNUSED(token, token.type() == HTMLToken::StartTag);
+    RefPtr<HTMLScriptElement> element = HTMLScriptElement::create(scriptTag, m_document, true);
+    currentElement()->addChild(element);
+    m_openElements.push(element.release());
+    m_tokenizer->setState(HTMLTokenizer::ScriptDataState);
+    m_originalInsertionMode = m_insertionMode;
+    m_insertionMode = TextMode;
 }
 

trunk/WebCore/html/HTMLTreeBuilder.h

@@ -31 +31 @@
 #include <wtf/Noncopyable.h>
 #include <wtf/OwnPtr.h>
+#include <wtf/PassOwnPtr.h>
 #include <wtf/PassRefPtr.h>
 #include <wtf/RefPtr.h>
@@ -100 +101 @@
     };
 
+    class ElementRecord : public Noncopyable {
+    public:
+        ElementRecord(PassRefPtr<Element> element, PassOwnPtr<ElementRecord> next)
+            : m_element(element)
+            , m_next(next)
+        {
+        }
+
+        Element* element() const { return m_element.get(); }
+        ElementRecord* next() const { return m_next.get(); }
+        PassOwnPtr<ElementRecord> releaseNext() { return m_next.release(); }
+        void setNext(PassOwnPtr<ElementRecord> next) { m_next = next; }
+
+    private:
+        RefPtr<Element> m_element;
+        OwnPtr<ElementRecord> m_next;
+    };
+
     class ElementStack : public Noncopyable {
     public:
-        void pop() { }
-        void push(PassRefPtr<Element>) { }
-        void remove(Element*) { }
-        Element* top() const { return 0; }
+        void pop()
+        {
+            m_top = m_top->releaseNext();
+        }
+
+        void push(PassRefPtr<Element> element)
+        {
+            m_top.set(new ElementRecord(element, m_top.release()));
+        }
+
+        Element* top() const
+        {
+            return m_top->element();
+        }
+
+        void remove(Element* element)
+        {
+            if (m_top->element() == element) {
+                pop();
+                return;
+            }
+            ElementRecord* pos = m_top.get();
+            while (pos->next()) {
+                if (pos->next()->element() == element) {
+                    pos->setNext(pos->next()->releaseNext());
+                    return;
+                }
+            }
+        }
+
+    private:
+        OwnPtr<ElementRecord> m_top;
     };
 
@@ -129 +176 @@
     void insertDoctype(AtomicHTMLToken&);
     void insertComment(AtomicHTMLToken&);
-    PassRefPtr<Element> insertElement(AtomicHTMLToken&);
+    void insertElement(AtomicHTMLToken&);
     void insertCharacter(UChar cc);
     void insertGenericRCDATAElement(AtomicHTMLToken&);
@@ -138 +185 @@
     void insertHTMLStartTagInBody(AtomicHTMLToken&);
 
+    Element* currentElement() { return m_openElements.top(); }
+
     RefPtr<Element> m_headElement;
     ElementStack m_openElements;
@@ -158 +207 @@
 
     InsertionMode m_insertionMode;
+    InsertionMode m_originalInsertionMode;
 
     // HTML5 spec requires that we be able to change the state of the tokenizer