Bug 109764

Summary:

Make BackgroundHTMLParser work with doc.writes that enter or leave foreign content

Product:

WebKit

Reporter:

Tony Gentilcore <tonyg>

Component:

WebCore Misc.

Assignee:

Adam Barth <abarth>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

abarth, eric, esprehn+autocc, ojan.autocc, syoichi, webkit.review.bot

Priority:

Version:

528+ (Nightly build)

Hardware:

Unspecified

OS:

Unspecified

Bug Depends on:

Bug Blocks:

106127

Attachments:

Description	Flags
work in progress	none
Patch	none
Patch	none
Patch for landing	none
Patch for landing	none

Description Tony Gentilcore 2013-02-13 16:12:25 PST

Currently BackgroundHTMLParser keeps track of whether we are in foreign content mode. However, if a doc.write causes us to enter or leave foreign content mode, we'll miss it because doc.write is processed on the main thread.

Adam suggests we can fix this by reading the information from the stack of open elements and sending it to the background HTML parser in the Checkpoint sent in resumeFrom().

Comment 1 Adam Barth 2013-03-06 14:57:06 PST

This sounds important to fix.

Comment 2 Adam Barth 2013-03-11 14:41:42 PDT

Created attachment 192563 [details]
work in progress

Comment 3 Adam Barth 2013-03-11 15:29:54 PDT

Created attachment 192576 [details]
Patch

Comment 4 Adam Barth 2013-03-11 15:31:58 PDT

Comment on attachment 192576 [details]
Patch

Tweaks coming.

Comment 5 Adam Barth 2013-03-11 15:34:50 PDT

Created attachment 192578 [details]
Patch

Comment 6 Eric Seidel (no email) 2013-03-11 15:55:07 PDT

Comment on attachment 192578 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=192578&action=review

LGTM.  Please return the "simulator" prefix. :)

> Source/WebCore/html/parser/BackgroundHTMLParser.cpp:155
> +        if (!m_treeBuilder.simulate(m_pendingTokens->last(), m_tokenizer.get()) || m_pendingTokens->size() >= pendingTokenLimit)

This is a little confusing.  It's not really a tree-builder, and if it was you wouldn't tell it to "simulate". :)

> Source/WebCore/html/parser/HTMLTreeBuilder.h:71
> +    HTMLElementStack* openElements() const { return m_tree.openElements(); }

Should this be const?  We don't want folks modifying this. :)

> Source/WebCore/html/parser/HTMLTreeBuilderSimulator.cpp:136
> +    return namespaceStack;

You're going to end up copying the vector a couple times here.

Comment 7 Adam Barth 2013-03-11 16:01:30 PDT

(In reply to comment #6)
> (From update of attachment 192578 [details])
> View in context: https://bugs.webkit.org/attachment.cgi?id=192578&action=review
> 
> LGTM.  Please return the "simulator" prefix. :)

Done.

> > Source/WebCore/html/parser/BackgroundHTMLParser.cpp:155
> > +        if (!m_treeBuilder.simulate(m_pendingTokens->last(), m_tokenizer.get()) || m_pendingTokens->size() >= pendingTokenLimit)
> 
> This is a little confusing.  It's not really a tree-builder, and if it was you wouldn't tell it to "simulate". :)

Fixed.

> > Source/WebCore/html/parser/HTMLTreeBuilder.h:71
> > +    HTMLElementStack* openElements() const { return m_tree.openElements(); }
> 
> Should this be const?  We don't want folks modifying this. :)

Fixed.

> > Source/WebCore/html/parser/HTMLTreeBuilderSimulator.cpp:136
> > +    return namespaceStack;
> 
> You're going to end up copying the vector a couple times here.

Yeah, I'd be surprised if that was a big problem.  We only call this function after executing script.  I'm inclined to iterate in a future patch if we see this on a profile.

Comment 8 Adam Barth 2013-03-11 16:01:48 PDT

Created attachment 192583 [details]
Patch for landing

Comment 9 Adam Barth 2013-03-11 17:02:04 PDT

Created attachment 192598 [details]
Patch for landing

Comment 10 WebKit Review Bot 2013-03-11 19:12:00 PDT

Comment on attachment 192598 [details]
Patch for landing

Clearing flags on attachment: 192598

Committed r145464: <http://trac.webkit.org/changeset/145464>

Comment 11 WebKit Review Bot 2013-03-11 19:12:05 PDT

All reviewed patches have been landed.  Closing bug.