33920 2010-01-20 14:54:33 -0800 dispatchDocumentElementAvailable is fired for fragment parsing on XML and XHTML documents 2010-01-27 03:44:08 -0800 1 1 1 Unclassified WebKit Layout and Rendering 528+ (Nightly build) PC OS X 10.5 RESOLVED FIXED P2 Normal --- 1 mpcomplete mpcomplete commit-queue eric hyatt pfeldman timothy oldest_to_newest 182928 0 mpcomplete 2010-01-20 14:54:33 -0800 Repro: 1. Visit an XHTML page, eg http://sorryrobot.com/chrometest.php 2. Put a breakpoint in dispatchDocumentElementAvailable. 3. Run this javascript URL: javascript:var div = document.createElement('div');div.innerHTML = '<p>hi</p>'; 4. Breakpoint is hit. This causes user scripts to get injected when they shouldn't. If the user script contains javascript similar to #3, it will infinitely reinject itself. I think the fix is simple. Adding a check for "!m_parsingFragment" to XMLTokenizer::startElementNs before calling dispatchDocumentElementAvailable seems to do the trick. It will just take me a bit to write a suitable test. 184456 1 47378 mpcomplete 2010-01-25 17:37:37 -0800 Created attachment 47378 small patch with tests 184457 2 47378 darin 2010-01-25 17:44:03 -0800 Comment on attachment 47378 small patch with tests Why does the test case need to be in userscripts? Can't this be tested with a normal script-tests test? 184460 3 mpcomplete 2010-01-25 17:54:41 -0800 (In reply to comment #2) > (From update of attachment 47378 [details]) > Why does the test case need to be in userscripts? Can't this be tested with a > normal script-tests test? It doesn't look like it. I think the only side effect of calling dispatchDocumentElementAvailable is that user scripts are injected. 184720 4 47378 eric 2010-01-26 14:07:06 -0800 Comment on attachment 47378 small patch with tests LGTM. 185020 5 47378 commit-queue 2010-01-27 03:44:01 -0800 Comment on attachment 47378 small patch with tests Clearing flags on attachment: 47378 Committed r53917: <http://trac.webkit.org/changeset/53917> 185021 6 commit-queue 2010-01-27 03:44:08 -0800 All reviewed patches have been landed. Closing bug. 47378 2010-01-25 17:37:37 -0800 2010-01-27 03:44:01 -0800 small patch with tests bug33920.patch text/plain 5041 mpcomplete SW5kZXg6IFdlYkNvcmUvQ2hhbmdlTG9nCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFdlYkNvcmUvQ2hhbmdlTG9n CShyZXZpc2lvbiA1MzgzMykKKysrIFdlYkNvcmUvQ2hhbmdlTG9nCSh3b3JraW5nIGNvcHkpCkBA IC0xLDMgKzEsMTYgQEAKKzIwMTAtMDEtMjUgIE1hdHQgUGVycnkgIDxtcGNvbXBsZXRlQGNocm9t aXVtLm9yZz4KKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAg ICBGaXggYSBidWcgd2hlcmUgZGlzcGF0Y2hEb2N1bWVudEVsZW1lbnRBdmFpbGFibGUgd2FzIGZp cmVkIGZvciBmcmFnbWVudCBwYXJzaW5nIG9uIFhNTCBkb2N1bWVudHMuCisgICAgICAgIGh0dHBz Oi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD0zMzkyMAorCisgICAgICAgIFRlc3Rz OiB1c2Vyc2NyaXB0cy9zY3JpcHQtbm90LXJ1bi1mb3ItZnJhZ21lbnRzLmh0bWwKKyAgICAgICAg ICAgICAgIHVzZXJzY3JpcHRzL3NjcmlwdC1ydW4tYXQtc3RhcnQuaHRtbAorCisgICAgICAgICog ZG9tL1hNTFRva2VuaXplckxpYnhtbDIuY3BwOgorICAgICAgICAoV2ViQ29yZTo6WE1MVG9rZW5p emVyOjpzdGFydEVsZW1lbnROcyk6CisKIDIwMTAtMDEtMjUgIENocmlzIE1hcnJpbiAgPGNtYXJy aW5AYXBwbGUuY29tPgogCiAgICAgICAgIFJldmlld2VkIGJ5IFNpbW9uIEZyYXNlci4KSW5kZXg6 IFdlYkNvcmUvZG9tL1hNTFRva2VuaXplckxpYnhtbDIuY3BwCj09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFdlYkNv cmUvZG9tL1hNTFRva2VuaXplckxpYnhtbDIuY3BwCShyZXZpc2lvbiA1MzY1MSkKKysrIFdlYkNv cmUvZG9tL1hNTFRva2VuaXplckxpYnhtbDIuY3BwCSh3b3JraW5nIGNvcHkpCkBAIC04MTEsNyAr ODExLDcgQEAgdm9pZCBYTUxUb2tlbml6ZXI6OnN0YXJ0RWxlbWVudE5zKGNvbnN0IAogICAgIGlm IChtX3ZpZXcgJiYgIW5ld0VsZW1lbnQtPmF0dGFjaGVkKCkpCiAgICAgICAgIG5ld0VsZW1lbnQt PmF0dGFjaCgpOwogCi0gICAgaWYgKGlzRmlyc3RFbGVtZW50ICYmIG1fZG9jLT5mcmFtZSgpKQor ICAgIGlmICghbV9wYXJzaW5nRnJhZ21lbnQgJiYgaXNGaXJzdEVsZW1lbnQgJiYgbV9kb2MtPmZy YW1lKCkpCiAgICAgICAgIG1fZG9jLT5mcmFtZSgpLT5sb2FkZXIoKS0+ZGlzcGF0Y2hEb2N1bWVu dEVsZW1lbnRBdmFpbGFibGUoKTsKIH0KIApJbmRleDogTGF5b3V0VGVzdHMvQ2hhbmdlTG9nCj09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT0KLS0tIExheW91dFRlc3RzL0NoYW5nZUxvZwkocmV2aXNpb24gNTM4MzMpCisrKyBM YXlvdXRUZXN0cy9DaGFuZ2VMb2cJKHdvcmtpbmcgY29weSkKQEAgLTEsMyArMSwxNyBAQAorMjAx MC0wMS0yNSAgTWF0dCBQZXJyeSAgPG1wY29tcGxldGVAY2hyb21pdW0ub3JnPgorCisgICAgICAg IFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAgIEZpeCBhIGJ1ZyB3aGVyZSBk aXNwYXRjaERvY3VtZW50RWxlbWVudEF2YWlsYWJsZSB3YXMgZmlyZWQgZm9yIGZyYWdtZW50IHBh cnNpbmcgb24gWE1MIGRvY3VtZW50cy4KKyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcv c2hvd19idWcuY2dpP2lkPTMzOTIwCisKKyAgICAgICAgKiB1c2Vyc2NyaXB0cy9yZXNvdXJjZXM6 IEFkZGVkLgorICAgICAgICAqIHVzZXJzY3JpcHRzL3Jlc291cmNlcy9ibGFuay54aHRtbDogQWRk ZWQuCisgICAgICAgICogdXNlcnNjcmlwdHMvc2NyaXB0LW5vdC1ydW4tZm9yLWZyYWdtZW50cy1l eHBlY3RlZC50eHQ6IEFkZGVkLgorICAgICAgICAqIHVzZXJzY3JpcHRzL3NjcmlwdC1ub3QtcnVu LWZvci1mcmFnbWVudHMuaHRtbDogQWRkZWQuCisgICAgICAgICogdXNlcnNjcmlwdHMvc2NyaXB0 LXJ1bi1hdC1zdGFydC1leHBlY3RlZC50eHQ6IEFkZGVkLgorICAgICAgICAqIHVzZXJzY3JpcHRz L3NjcmlwdC1ydW4tYXQtc3RhcnQuaHRtbDogQWRkZWQuCisKIDIwMTAtMDEtMjUgIEtlbnQgVGFt dXJhICA8dGtlbnRAY2hyb21pdW0ub3JnPgogCiAgICAgICAgIFJldmlld2VkIGJ5IERhcmluIEFk bGVyLgpJbmRleDogTGF5b3V0VGVzdHMvdXNlcnNjcmlwdHMvc2NyaXB0LW5vdC1ydW4tZm9yLWZy YWdtZW50cy1leHBlY3RlZC50eHQKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gTGF5b3V0VGVzdHMvdXNlcnNjcmlw dHMvc2NyaXB0LW5vdC1ydW4tZm9yLWZyYWdtZW50cy1leHBlY3RlZC50eHQJKHJldmlzaW9uIDAp CisrKyBMYXlvdXRUZXN0cy91c2Vyc2NyaXB0cy9zY3JpcHQtbm90LXJ1bi1mb3ItZnJhZ21lbnRz LWV4cGVjdGVkLnR4dAkocmV2aXNpb24gMCkKQEAgLTAsMCArMSwzIEBACitDT05TT0xFIE1FU1NB R0U6IGxpbmUgMDogaW5qZWN0ZWQKK0NPTlNPTEUgTUVTU0FHRTogbGluZSAwOiBpbmplY3RlZAor VGhpcyB0ZXN0IHNob3VsZCBub3QgaW5maW5pdGVseSBpbmplY3QgdXNlciBzY3JpcHRzLiAKSW5k ZXg6IExheW91dFRlc3RzL3VzZXJzY3JpcHRzL3NjcmlwdC1ub3QtcnVuLWZvci1mcmFnbWVudHMu aHRtbAo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09Ci0tLSBMYXlvdXRUZXN0cy91c2Vyc2NyaXB0cy9zY3JpcHQtbm90LXJ1 bi1mb3ItZnJhZ21lbnRzLmh0bWwJKHJldmlzaW9uIDApCisrKyBMYXlvdXRUZXN0cy91c2Vyc2Ny aXB0cy9zY3JpcHQtbm90LXJ1bi1mb3ItZnJhZ21lbnRzLmh0bWwJKHJldmlzaW9uIDApCkBAIC0w LDAgKzEsMTYgQEAKKzwhRE9DVFlQRSBIVE1MPgorPGh0bWw+Cis8aGVhZD4KKzxzY3JpcHQ+Citp ZiAod2luZG93LmxheW91dFRlc3RDb250cm9sbGVyKSB7CisgICAgbGF5b3V0VGVzdENvbnRyb2xs ZXIuZHVtcEFzVGV4dCgpOworICAgIGxheW91dFRlc3RDb250cm9sbGVyLndhaXRVbnRpbERvbmUo KTsKKyAgICBsYXlvdXRUZXN0Q29udHJvbGxlci5hZGRVc2VyU2NyaXB0KCJjb25zb2xlLmxvZygn aW5qZWN0ZWQnKTsgdmFyIGRpdiA9IGRvY3VtZW50LmNyZWF0ZUVsZW1lbnQoJ2RpdicpOyBkaXYu aW5uZXJIVE1MID0gJzxwPmhpPC9wPic7IiwgdHJ1ZSk7Cit9Cis8L3NjcmlwdD4KKzwvaGVhZD4K Kzxib2R5PgorVGhpcyB0ZXN0IHNob3VsZCBub3QgaW5maW5pdGVseSBpbmplY3QgdXNlciBzY3Jp cHRzLgorPGlmcmFtZSBzcmM9InJlc291cmNlcy9ibGFuay54aHRtbCI+PC9pZnJhbWU+Cis8L2Jv ZHk+Cis8L2h0bWw+CkluZGV4OiBMYXlvdXRUZXN0cy91c2Vyc2NyaXB0cy9zY3JpcHQtcnVuLWF0 LXN0YXJ0LWV4cGVjdGVkLnR4dAo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBMYXlvdXRUZXN0cy91c2Vyc2NyaXB0 cy9zY3JpcHQtcnVuLWF0LXN0YXJ0LWV4cGVjdGVkLnR4dAkocmV2aXNpb24gMCkKKysrIExheW91 dFRlc3RzL3VzZXJzY3JpcHRzL3NjcmlwdC1ydW4tYXQtc3RhcnQtZXhwZWN0ZWQudHh0CShyZXZp c2lvbiAwKQpAQCAtMCwwICsxLDMgQEAKK0NPTlNPTEUgTUVTU0FHRTogbGluZSAwOiBTVUNDRVNT CitDT05TT0xFIE1FU1NBR0U6IGxpbmUgMDogU1VDQ0VTUworVGhpcyB0ZXN0IHNob3VsZCBsb2cg YSBjb25zb2xlIG1lc3NhZ2Ugb24gc3VjY2Vzcy4gCkluZGV4OiBMYXlvdXRUZXN0cy91c2Vyc2Ny aXB0cy9zY3JpcHQtcnVuLWF0LXN0YXJ0Lmh0bWwKPT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gTGF5b3V0VGVzdHMv dXNlcnNjcmlwdHMvc2NyaXB0LXJ1bi1hdC1zdGFydC5odG1sCShyZXZpc2lvbiAwKQorKysgTGF5 b3V0VGVzdHMvdXNlcnNjcmlwdHMvc2NyaXB0LXJ1bi1hdC1zdGFydC5odG1sCShyZXZpc2lvbiAw KQpAQCAtMCwwICsxLDE1IEBACis8IURPQ1RZUEUgSFRNTD4KKzxodG1sPgorPGhlYWQ+Cis8c2Ny aXB0PgoraWYgKHdpbmRvdy5sYXlvdXRUZXN0Q29udHJvbGxlcikgeworICAgIGxheW91dFRlc3RD b250cm9sbGVyLmR1bXBBc1RleHQoKTsKKyAgICBsYXlvdXRUZXN0Q29udHJvbGxlci5hZGRVc2Vy U2NyaXB0KCJpZiAod2luZG93LmxvY2F0aW9uID09ICdhYm91dDpibGFuaycpIGNvbnNvbGUubG9n KCdTVUNDRVNTJyk7IiwgdHJ1ZSk7Cit9Cis8L3NjcmlwdD4KKzwvaGVhZD4KKzxib2R5PgorVGhp cyB0ZXN0IHNob3VsZCBsb2cgYSBjb25zb2xlIG1lc3NhZ2Ugb24gc3VjY2Vzcy4KKzxpZnJhbWUg c3JjPSJhYm91dDpibGFuayI+PC9pZnJhbWU+Cis8L2JvZHk+Cis8L2h0bWw+CkluZGV4OiBMYXlv dXRUZXN0cy91c2Vyc2NyaXB0cy9yZXNvdXJjZXMvYmxhbmsueGh0bWwKPT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0g TGF5b3V0VGVzdHMvdXNlcnNjcmlwdHMvcmVzb3VyY2VzL2JsYW5rLnhodG1sCShyZXZpc2lvbiAw KQorKysgTGF5b3V0VGVzdHMvdXNlcnNjcmlwdHMvcmVzb3VyY2VzL2JsYW5rLnhodG1sCShyZXZp c2lvbiAwKQpAQCAtMCwwICsxLDExIEBACis8IURPQ1RZUEUgaHRtbCBQVUJMSUMgIi0vL1czQy8v RFREIFhIVE1MIDEuMCBTdHJpY3QvL0VOIiAiaHR0cDovL3d3dy53My5vcmcvVFIveGh0bWwxL0RU RC94aHRtbDEtc3RyaWN0LmR0ZCI+Cis8aHRtbCB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMTk5 OS94aHRtbCIgeG1sOmxhbmc9ImVuIiBsYW5nPSJlbiI+Cis8Ym9keT4KKzxzY3JpcHQ+Cit3aW5k b3cub25sb2FkID0gZnVuY3Rpb24oKSB7CisgICAgaWYgKHdpbmRvdy5sYXlvdXRUZXN0Q29udHJv bGxlcikKKyAgICAgICAgbGF5b3V0VGVzdENvbnRyb2xsZXIubm90aWZ5RG9uZSgpOworfQorPC9z Y3JpcHQ+Cis8L2JvZHk+Cis8L2h0bWw+Cg==