[SCM] WebKit Debian packaging branch, debian/experimental, updated. upstream/1.3.3-9427-gc2be6fc
abarth at webkit.org
abarth at webkit.org
Wed Dec 22 12:07:30 UTC 2010
The following commit has been merged in the debian/experimental branch:
commit aebefd5c012f118f67c100ead9208e38a7d06017
Author: abarth at webkit.org <abarth at webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Sun Aug 15 19:43:17 2010 +0000
2010-08-15 Adam Barth <abarth at webkit.org>
Reviewed by Eric Seidel.
document.write() doesn't flush plain text
https://bugs.webkit.org/show_bug.cgi?id=8961
Add test cases for flushing character tokens.
* fast/tokenizer/flush-characters-in-document-write-evil-expected.txt: Added.
* fast/tokenizer/flush-characters-in-document-write-evil.html: Added.
* fast/tokenizer/flush-characters-in-document-write-expected.txt: Added.
* fast/tokenizer/flush-characters-in-document-write.html: Added.
2010-08-15 Adam Barth <abarth at webkit.org>
Reviewed by Eric Seidel.
document.write() doesn't flush plain text
https://bugs.webkit.org/show_bug.cgi?id=8961
Originally I thought we should buffer the character tokens until we've
reached the end of the input stream, but that's not how the spec
handles things (it emits the character tokens one-by-one).
Tests: fast/tokenizer/flush-characters-in-document-write-evil.html
fast/tokenizer/flush-characters-in-document-write.html
* html/HTMLTokenizer.cpp:
(WebCore::HTMLTokenizer::emitEndOfFile):
(WebCore::HTMLTokenizer::nextToken):
(WebCore::HTMLTokenizer::haveBufferedCharacterToken):
- Renamed this function now that it's simplier.
* html/HTMLTokenizer.h:
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@65382 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index 3bf0c73..25c480b 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -2,6 +2,20 @@
Reviewed by Eric Seidel.
+ document.write() doesn't flush plain text
+ https://bugs.webkit.org/show_bug.cgi?id=8961
+
+ Add test cases for flushing character tokens.
+
+ * fast/tokenizer/flush-characters-in-document-write-evil-expected.txt: Added.
+ * fast/tokenizer/flush-characters-in-document-write-evil.html: Added.
+ * fast/tokenizer/flush-characters-in-document-write-expected.txt: Added.
+ * fast/tokenizer/flush-characters-in-document-write.html: Added.
+
+2010-08-15 Adam Barth <abarth at webkit.org>
+
+ Reviewed by Eric Seidel.
+
Don't try to replace a non-existent document after executing JavaScript URLs
https://bugs.webkit.org/show_bug.cgi?id=44024
diff --git a/LayoutTests/fast/tokenizer/flush-characters-in-document-write-evil-expected.txt b/LayoutTests/fast/tokenizer/flush-characters-in-document-write-evil-expected.txt
new file mode 100644
index 0000000..fbf3ccb
--- /dev/null
+++ b/LayoutTests/fast/tokenizer/flush-characters-in-document-write-evil-expected.txt
@@ -0,0 +1,2 @@
+Should be 12:
+12
diff --git a/LayoutTests/fast/tokenizer/flush-characters-in-document-write-evil.html b/LayoutTests/fast/tokenizer/flush-characters-in-document-write-evil.html
new file mode 100644
index 0000000..ac4fb88
--- /dev/null
+++ b/LayoutTests/fast/tokenizer/flush-characters-in-document-write-evil.html
@@ -0,0 +1,36 @@
+<head>
+<script>
+if (window.layoutTestController) {
+ layoutTestController.dumpAsText();
+ layoutTestController.waitUntilDone();
+}
+
+function test() {
+ document.write("<div>Should be 12:</div><div>1");
+
+ if (document.getElementsByTagName("div").length != 2)
+ alert("Error - wrong number of DIVs at step 1");
+
+ if (document.getElementsByTagName("div")[1].textContent != "1")
+ alert("Error - incorrect div content at step 1");
+
+ setTimeout(test2, 10);
+}
+
+function test2() {
+ document.write("2</div>")
+
+ if (document.getElementsByTagName("div").length != 2)
+ alert("Error - wrong number of DIVs at step 2");
+
+ if (document.getElementsByTagName("div")[1].textContent != "12")
+ alert("Error - incorrect div content at step 2");
+
+ document.close();
+
+ setTimeout("layoutTestController.notifyDone()", 10);
+}
+</script>
+</head>
+<body onload="test()">
+</body>
diff --git a/LayoutTests/fast/tokenizer/flush-characters-in-document-write-expected.txt b/LayoutTests/fast/tokenizer/flush-characters-in-document-write-expected.txt
new file mode 100644
index 0000000..07d880d
--- /dev/null
+++ b/LayoutTests/fast/tokenizer/flush-characters-in-document-write-expected.txt
@@ -0,0 +1,2 @@
+Should say SUCCESS:
+SUCCESS
diff --git a/LayoutTests/fast/tokenizer/flush-characters-in-document-write.html b/LayoutTests/fast/tokenizer/flush-characters-in-document-write.html
new file mode 100644
index 0000000..b548253
--- /dev/null
+++ b/LayoutTests/fast/tokenizer/flush-characters-in-document-write.html
@@ -0,0 +1,16 @@
+<head>
+<script>
+if (window.layoutTestController) {
+ layoutTestController.dumpAsText();
+ layoutTestController.waitUntilDone();
+}
+
+function test() {
+ document.write("Should say SUCCESS:<p>SUCCESS");
+
+ setTimeout("layoutTestController.notifyDone()", 1);
+}
+</script>
+</head>
+<body onload="test()">
+</body>
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index a4da24f..3c98183 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -2,6 +2,27 @@
Reviewed by Eric Seidel.
+ document.write() doesn't flush plain text
+ https://bugs.webkit.org/show_bug.cgi?id=8961
+
+ Originally I thought we should buffer the character tokens until we've
+ reached the end of the input stream, but that's not how the spec
+ handles things (it emits the character tokens one-by-one).
+
+ Tests: fast/tokenizer/flush-characters-in-document-write-evil.html
+ fast/tokenizer/flush-characters-in-document-write.html
+
+ * html/HTMLTokenizer.cpp:
+ (WebCore::HTMLTokenizer::emitEndOfFile):
+ (WebCore::HTMLTokenizer::nextToken):
+ (WebCore::HTMLTokenizer::haveBufferedCharacterToken):
+ - Renamed this function now that it's simplier.
+ * html/HTMLTokenizer.h:
+
+2010-08-15 Adam Barth <abarth at webkit.org>
+
+ Reviewed by Eric Seidel.
+
Don't try to replace a non-existent document after executing JavaScript URLs
https://bugs.webkit.org/show_bug.cgi?id=44024
diff --git a/WebCore/html/HTMLTokenizer.cpp b/WebCore/html/HTMLTokenizer.cpp
index 2e5d192..a18701a 100644
--- a/WebCore/html/HTMLTokenizer.cpp
+++ b/WebCore/html/HTMLTokenizer.cpp
@@ -152,7 +152,7 @@ inline bool HTMLTokenizer::processEntity(SegmentedString& source)
do { \
m_state = stateName; \
if (!m_inputStreamPreprocessor.advance(source, m_lineNumber)) \
- return shouldEmitBufferedCharacterToken(source); \
+ return haveBufferedCharacterToken(); \
cc = m_inputStreamPreprocessor.nextInputCharacter(); \
goto stateName; \
} while (false)
@@ -165,7 +165,7 @@ inline bool HTMLTokenizer::processEntity(SegmentedString& source)
do { \
m_state = stateName; \
if (source.isEmpty() || !m_inputStreamPreprocessor.peek(source, m_lineNumber)) \
- return shouldEmitBufferedCharacterToken(source); \
+ return haveBufferedCharacterToken(); \
cc = m_inputStreamPreprocessor.nextInputCharacter(); \
goto stateName; \
} while (false)
@@ -202,7 +202,7 @@ bool HTMLTokenizer::emitAndReconsumeIn(SegmentedString&, State state)
// Check if we have buffered characters to emit first before emitting the EOF.
bool HTMLTokenizer::emitEndOfFile(SegmentedString& source)
{
- if (shouldEmitBufferedCharacterToken(source))
+ if (haveBufferedCharacterToken())
return true;
m_state = DataState;
source.advance(m_lineNumber);
@@ -229,7 +229,7 @@ bool HTMLTokenizer::flushBufferedEndTag(SegmentedString& source)
return true; \
if (source.isEmpty() \
|| !m_inputStreamPreprocessor.peek(source, m_lineNumber)) \
- return shouldEmitBufferedCharacterToken(source); \
+ return haveBufferedCharacterToken(); \
cc = m_inputStreamPreprocessor.nextInputCharacter(); \
goto stateName; \
} while (false)
@@ -260,7 +260,7 @@ bool HTMLTokenizer::nextToken(SegmentedString& source, HTMLToken& token)
}
if (source.isEmpty() || !m_inputStreamPreprocessor.peek(source, m_lineNumber))
- return shouldEmitBufferedCharacterToken(source);
+ return haveBufferedCharacterToken();
UChar cc = m_inputStreamPreprocessor.nextInputCharacter();
// http://www.whatwg.org/specs/web-apps/current-work/multipage/tokenization.html#parsing-main-inbody
@@ -308,7 +308,7 @@ bool HTMLTokenizer::nextToken(SegmentedString& source, HTMLToken& token)
BEGIN_STATE(CharacterReferenceInDataState) {
if (!processEntity(source))
- return shouldEmitBufferedCharacterToken(source);
+ return haveBufferedCharacterToken();
SWITCH_TO(DataState);
}
END_STATE()
@@ -329,7 +329,7 @@ bool HTMLTokenizer::nextToken(SegmentedString& source, HTMLToken& token)
BEGIN_STATE(CharacterReferenceInRCDATAState) {
if (!processEntity(source))
- return shouldEmitBufferedCharacterToken(source);
+ return haveBufferedCharacterToken();
SWITCH_TO(RCDATAState);
}
END_STATE()
@@ -1029,7 +1029,7 @@ bool HTMLTokenizer::nextToken(SegmentedString& source, HTMLToken& token)
bool notEnoughCharacters = false;
unsigned value = consumeHTMLEntity(source, notEnoughCharacters, m_additionalAllowedCharacter);
if (notEnoughCharacters)
- return shouldEmitBufferedCharacterToken(source);
+ return haveBufferedCharacterToken();
if (!value)
m_token->appendToAttributeValue('&');
else if (value < 0xFFFF)
@@ -1113,14 +1113,14 @@ bool HTMLTokenizer::nextToken(SegmentedString& source, HTMLToken& token)
m_token->beginComment();
SWITCH_TO(CommentStartState);
} else if (result == SegmentedString::NotEnoughCharacters)
- return shouldEmitBufferedCharacterToken(source);
+ return haveBufferedCharacterToken();
} else if (cc == 'D' || cc == 'd') {
SegmentedString::LookAheadResult result = source.lookAheadIgnoringCase(doctypeString);
if (result == SegmentedString::DidMatch) {
advanceStringAndASSERTIgnoringCase(source, "doctype");
SWITCH_TO(DOCTYPEState);
} else if (result == SegmentedString::NotEnoughCharacters)
- return shouldEmitBufferedCharacterToken(source);
+ return haveBufferedCharacterToken();
}
notImplemented();
// FIXME: We're still missing the bits about the insertion mode being in foreign content:
@@ -1333,14 +1333,14 @@ bool HTMLTokenizer::nextToken(SegmentedString& source, HTMLToken& token)
advanceStringAndASSERTIgnoringCase(source, "public");
SWITCH_TO(AfterDOCTYPEPublicKeywordState);
} else if (result == SegmentedString::NotEnoughCharacters)
- return shouldEmitBufferedCharacterToken(source);
+ return haveBufferedCharacterToken();
} else if (cc == 'S' || cc == 's') {
SegmentedString::LookAheadResult result = source.lookAheadIgnoringCase(systemString);
if (result == SegmentedString::DidMatch) {
advanceStringAndASSERTIgnoringCase(source, "system");
SWITCH_TO(AfterDOCTYPESystemKeywordState);
} else if (result == SegmentedString::NotEnoughCharacters)
- return shouldEmitBufferedCharacterToken(source);
+ return haveBufferedCharacterToken();
}
parseError();
m_token->setForceQuirks();
@@ -1649,10 +1649,9 @@ inline void HTMLTokenizer::parseError()
notImplemented();
}
-inline bool HTMLTokenizer::shouldEmitBufferedCharacterToken(const SegmentedString& source)
+inline bool HTMLTokenizer::haveBufferedCharacterToken()
{
- return source.isClosed() && m_token->type() == HTMLToken::Character;
+ return m_token->type() == HTMLToken::Character;
}
}
-
diff --git a/WebCore/html/HTMLTokenizer.h b/WebCore/html/HTMLTokenizer.h
index ca3183f..6fb3053 100644
--- a/WebCore/html/HTMLTokenizer.h
+++ b/WebCore/html/HTMLTokenizer.h
@@ -254,7 +254,7 @@ private:
inline void saveEndTagNameIfNeeded();
inline bool isAppropriateEndTag();
- inline bool shouldEmitBufferedCharacterToken(const SegmentedString&);
+ inline bool haveBufferedCharacterToken();
State m_state;
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list