Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(672)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/Source/web/WebPageSerializerImpl.cpp

Issue 1398453005: Make WebPageSerializerImpl to escape URL attribute values in result. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: 2015-10-13T17:56:56 Rebase Created 5 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | third_party/WebKit/Source/web/tests/WebPageSerializerTest.cpp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2009 Google Inc. All rights reserved. 2 * Copyright (C) 2009 Google Inc. All rights reserved.
3 * 3 *
4 * Redistribution and use in source and binary forms, with or without 4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions are 5 * modification, are permitted provided that the following conditions are
6 * met: 6 * met:
7 * 7 *
8 * * Redistributions of source code must retain the above copyright 8 * * Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer. 9 * notice, this list of conditions and the following disclaimer.
10 * * Redistributions in binary form must reproduce the above 10 * * Redistributions in binary form must reproduce the above
(...skipping 269 matching lines...) Expand 10 before | Expand all | Expand 10 after
280 m_dataBuffer.clear(); 280 m_dataBuffer.clear();
281 281
282 CString encodedContent = param->textEncoding.normalizeAndEncode(content, WTF ::EntitiesForUnencodables); 282 CString encodedContent = param->textEncoding.normalizeAndEncode(content, WTF ::EntitiesForUnencodables);
283 283
284 // Send result to the client. 284 // Send result to the client.
285 m_client->didSerializeDataForFrame(param->url, 285 m_client->didSerializeDataForFrame(param->url,
286 WebCString(encodedContent.data(), encoded Content.length()), 286 WebCString(encodedContent.data(), encoded Content.length()),
287 status); 287 status);
288 } 288 }
289 289
290 // TODO(yosin): We should utilize |MarkupFormatter| here to share code,
291 // especially escaping attribute values, done by |WebEntities| |m_htmlEntities|
292 // and |m_xmlEntities|.
290 void WebPageSerializerImpl::openTagToString(Element* element, 293 void WebPageSerializerImpl::openTagToString(Element* element,
291 SerializeDomParam* param) 294 SerializeDomParam* param)
292 { 295 {
293 bool needSkip; 296 bool needSkip;
294 StringBuilder result; 297 StringBuilder result;
295 // Do pre action for open tag. 298 // Do pre action for open tag.
296 result.append(preActionBeforeSerializeOpenTag(element, param, &needSkip)); 299 result.append(preActionBeforeSerializeOpenTag(element, param, &needSkip));
297 if (needSkip) 300 if (needSkip)
298 return; 301 return;
299 // Add open tag 302 // Add open tag
300 result.append('<'); 303 result.append('<');
301 result.append(element->nodeName().lower()); 304 result.append(element->nodeName().lower());
302 // Go through all attributes and serialize them. 305 // Go through all attributes and serialize them.
303 AttributeCollection attributes = element->attributes(); 306 AttributeCollection attributes = element->attributes();
304 AttributeCollection::iterator end = attributes.end(); 307 AttributeCollection::iterator end = attributes.end();
305 for (AttributeCollection::iterator it = attributes.begin(); it != end; ++it) { 308 for (AttributeCollection::iterator it = attributes.begin(); it != end; ++it) {
306 result.append(' '); 309 result.append(' ');
307 // Add attribute pair 310 // Add attribute pair
308 result.append(it->name().toString()); 311 result.append(it->name().toString());
309 result.appendLiteral("=\""); 312 result.appendLiteral("=\"");
310 if (!it->value().isEmpty()) { 313 if (!it->value().isEmpty()) {
311 const String& attrValue = it->value(); 314 const String& attrValue = it->value();
312 315
313 // Check whether we need to replace some resource links 316 // Check whether we need to replace some resource links
314 // with local resource paths. 317 // with local resource paths.
315 const QualifiedName& attrName = it->name(); 318 const QualifiedName& attrName = it->name();
316 if (element->hasLegalLinkAttribute(attrName)) { 319 if (element->hasLegalLinkAttribute(attrName)) {
317 // For links start with "javascript:", we do not change it. 320 // For links start with "javascript:", we do not change it.
318 if (attrValue.startsWith("javascript:", TextCaseInsensitive)) { 321 if (attrValue.startsWith("javascript:", TextCaseInsensitive)) {
319 result.append(attrValue); 322 result.append(m_htmlEntities.convertEntitiesInString(attrVal ue));
320 } else { 323 } else {
321 // Get the absolute link 324 // Get the absolute link
322 WebLocalFrameImpl* subFrame = WebLocalFrameImpl::fromFrameOw nerElement(element); 325 WebLocalFrameImpl* subFrame = WebLocalFrameImpl::fromFrameOw nerElement(element);
323 String completeURL = subFrame ? subFrame->frame()->document( )->url() : 326 String completeURL = subFrame ? subFrame->frame()->document( )->url() :
324 param->document->completeURL (attrValue); 327 param->document->completeURL (attrValue);
325 // Check whether we have local files for those link. 328 // Check whether we have local files for those link.
326 if (m_localLinks.contains(completeURL)) { 329 if (m_localLinks.contains(completeURL)) {
327 if (!param->directoryName.isEmpty()) { 330 if (!param->directoryName.isEmpty()) {
328 result.appendLiteral("./"); 331 result.appendLiteral("./");
329 result.append(param->directoryName); 332 result.append(param->directoryName);
330 result.append('/'); 333 result.append('/');
331 } 334 }
332 result.append(m_localLinks.get(completeURL)); 335 result.append(m_htmlEntities.convertEntitiesInString(m_l ocalLinks.get(completeURL)));
333 } else { 336 } else {
334 result.append(completeURL); 337 result.append(m_htmlEntities.convertEntitiesInString(com pleteURL));
335 } 338 }
336 } 339 }
337 } else { 340 } else {
338 if (param->isHTMLDocument) 341 if (param->isHTMLDocument)
339 result.append(m_htmlEntities.convertEntitiesInString(attrVal ue)); 342 result.append(m_htmlEntities.convertEntitiesInString(attrVal ue));
340 else 343 else
341 result.append(m_xmlEntities.convertEntitiesInString(attrValu e)); 344 result.append(m_xmlEntities.convertEntitiesInString(attrValu e));
342 } 345 }
343 } 346 }
344 result.append('\"'); 347 result.append('\"');
(...skipping 128 matching lines...) Expand 10 before | Expand all | Expand 10 after
473 476
474 encodeAndFlushBuffer(WebPageSerializerClient::CurrentFrameIsFinished, &p aram, ForceFlush); 477 encodeAndFlushBuffer(WebPageSerializerClient::CurrentFrameIsFinished, &p aram, ForceFlush);
475 } 478 }
476 479
477 ASSERT(m_dataBuffer.isEmpty()); 480 ASSERT(m_dataBuffer.isEmpty());
478 m_client->didSerializeDataForFrame(KURL(), WebCString("", 0), WebPageSeriali zerClient::AllFramesAreFinished); 481 m_client->didSerializeDataForFrame(KURL(), WebCString("", 0), WebPageSeriali zerClient::AllFramesAreFinished);
479 return didSerialization; 482 return didSerialization;
480 } 483 }
481 484
482 } // namespace blink 485 } // namespace blink
OLDNEW
« no previous file with comments | « no previous file | third_party/WebKit/Source/web/tests/WebPageSerializerTest.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698