Source/core/dom/ContainerNode.cpp - Issue 1163863005: Check documentElement conditions in parser* DOM mutation methods

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: Source/core/dom/ContainerNode.cpp

Issue 1163863005: Check documentElement conditions in parser* DOM mutation methods (Closed) Base URL: svn://svn.chromium.org/blink/trunk

Patch Set: Add the test again. Created 5 years, 7 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: Source/core/dom/ContainerNode.cpp

diff --git a/Source/core/dom/ContainerNode.cpp b/Source/core/dom/ContainerNode.cpp

index cfbe083d297fa80cef24edb9d062aa92c1ab508d..a759ec6a9c2cc1f579def6d5b02a2e271385356c 100644

--- a/Source/core/dom/ContainerNode.cpp

+++ b/Source/core/dom/ContainerNode.cpp

@@ -85,8 +85,11 @@ void ContainerNode::removeDetachedChildren()

void ContainerNode::parserTakeAllChildrenFrom(ContainerNode& oldParent)

{

- while (RefPtrWillBeRawPtr<Node> child = oldParent.firstChild())

+ while (RefPtrWillBeRawPtr<Node> child = oldParent.firstChild()) {

+ // Explicitly remove since appending can fail, but this loop shouldn't be infinite.

+ oldParent.parserRemoveChild(*child);

parserAppendChild(child.get());

+ }

}

ContainerNode::~ContainerNode()

@@ -289,6 +292,15 @@ void ContainerNode::appendChildCommon(Node& child)

setLastChild(&child);

}

+bool ContainerNode::checkParserAcceptChild(const Node& newChild) const

+ if (!isDocumentNode())

+ return true;

+ // TODO(esprehn): Are there other conditions where the parser can create

+ // invalid trees?

+ return toDocument(*this).canAcceptChild(newChild, nullptr, IGNORE_EXCEPTION);

void ContainerNode::parserInsertBefore(PassRefPtrWillBeRawPtr<Node> newChild, Node& nextChild)

{

ASSERT(newChild);

@@ -299,6 +311,9 @@ void ContainerNode::parserInsertBefore(PassRefPtrWillBeRawPtr<Node> newChild, No

if (nextChild.previousSibling() == newChild || &nextChild == newChild) // nothing to do

return;

+ if (!checkParserAcceptChild(*newChild))

+ return;

RefPtrWillBeRawPtr<Node> protect(this);

// FIXME: parserRemoveChild can run script which could then insert the

@@ -763,6 +778,9 @@ void ContainerNode::parserAppendChild(PassRefPtrWillBeRawPtr<Node> newChild)

ASSERT(!newChild->isDocumentFragment());

ASSERT(!isHTMLTemplateElement(this));

+ if (!checkParserAcceptChild(*newChild))

+ return;

RefPtrWillBeRawPtr<Node> protect(this);

// FIXME: parserRemoveChild can run script which could then insert the

« no previous file with comments | « Source/core/dom/ContainerNode.h ('k') | Source/core/editing/markup.cpp » ('j') | no next file with comments »