| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2005, 2006, 2007, 2008 Apple Inc. All rights reserved. | 2 * Copyright (C) 2005, 2006, 2007, 2008 Apple Inc. All rights reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
| 6 * are met: | 6 * are met: |
| 7 * 1. Redistributions of source code must retain the above copyright | 7 * 1. Redistributions of source code must retain the above copyright |
| 8 * notice, this list of conditions and the following disclaimer. | 8 * notice, this list of conditions and the following disclaimer. |
| 9 * 2. Redistributions in binary form must reproduce the above copyright | 9 * 2. Redistributions in binary form must reproduce the above copyright |
| 10 * notice, this list of conditions and the following disclaimer in the | 10 * notice, this list of conditions and the following disclaimer in the |
| (...skipping 55 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 66 #include "core/rendering/InlineTextBox.h" | 66 #include "core/rendering/InlineTextBox.h" |
| 67 #include "core/rendering/RenderBlock.h" | 67 #include "core/rendering/RenderBlock.h" |
| 68 #include "core/rendering/RenderText.h" | 68 #include "core/rendering/RenderText.h" |
| 69 | 69 |
| 70 using namespace std; | 70 using namespace std; |
| 71 | 71 |
| 72 namespace WebCore { | 72 namespace WebCore { |
| 73 | 73 |
| 74 using namespace HTMLNames; | 74 using namespace HTMLNames; |
| 75 | 75 |
| 76 namespace { | |
| 77 class ReentrancyGuard { | |
| 78 public: | |
| 79 static bool isRecursiveCall() { return s_nestingCounter; } | |
| 80 | |
| 81 class Scope { | |
| 82 public: | |
| 83 Scope() { ++s_nestingCounter; } | |
| 84 ~Scope() { --s_nestingCounter; } | |
| 85 }; | |
| 86 friend class Scope; | |
| 87 | |
| 88 private: | |
| 89 static int s_nestingCounter; | |
| 90 }; | |
| 91 int ReentrancyGuard::s_nestingCounter; | |
| 92 } | |
| 93 | |
| 94 PassRefPtr<EditCommandComposition> EditCommandComposition::create(Document* docu
ment, | 76 PassRefPtr<EditCommandComposition> EditCommandComposition::create(Document* docu
ment, |
| 95 const VisibleSelection& startingSelection, const VisibleSelection& endingSel
ection, EditAction editAction) | 77 const VisibleSelection& startingSelection, const VisibleSelection& endingSel
ection, EditAction editAction) |
| 96 { | 78 { |
| 97 return adoptRef(new EditCommandComposition(document, startingSelection, endi
ngSelection, editAction)); | 79 return adoptRef(new EditCommandComposition(document, startingSelection, endi
ngSelection, editAction)); |
| 98 } | 80 } |
| 99 | 81 |
| 100 EditCommandComposition::EditCommandComposition(Document* document, const Visible
Selection& startingSelection, const VisibleSelection& endingSelection, EditActio
n editAction) | 82 EditCommandComposition::EditCommandComposition(Document* document, const Visible
Selection& startingSelection, const VisibleSelection& endingSelection, EditActio
n editAction) |
| 101 : m_document(document) | 83 : m_document(document) |
| 102 , m_startingSelection(startingSelection) | 84 , m_startingSelection(startingSelection) |
| 103 , m_endingSelection(endingSelection) | 85 , m_endingSelection(endingSelection) |
| (...skipping 71 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 175 { | 157 { |
| 176 } | 158 } |
| 177 | 159 |
| 178 CompositeEditCommand::~CompositeEditCommand() | 160 CompositeEditCommand::~CompositeEditCommand() |
| 179 { | 161 { |
| 180 ASSERT(isTopLevelCommand() || !m_composition); | 162 ASSERT(isTopLevelCommand() || !m_composition); |
| 181 } | 163 } |
| 182 | 164 |
| 183 void CompositeEditCommand::apply() | 165 void CompositeEditCommand::apply() |
| 184 { | 166 { |
| 185 // We don't allow recusrive |apply()| to protect against attack code. | |
| 186 // Recursive call of |apply()| could be happened by moving iframe | |
| 187 // with script triggered by insertion, e.g. <iframe src="javascript:..."> | |
| 188 // <iframe onload="...">. This usage is valid as of the specification | |
| 189 // although, it isn't common use case, rather it is used as attack code. | |
| 190 if (ReentrancyGuard::isRecursiveCall()) | |
| 191 return; | |
| 192 | |
| 193 if (!endingSelection().isContentRichlyEditable()) { | 167 if (!endingSelection().isContentRichlyEditable()) { |
| 194 switch (editingAction()) { | 168 switch (editingAction()) { |
| 195 case EditActionTyping: | 169 case EditActionTyping: |
| 196 case EditActionPaste: | 170 case EditActionPaste: |
| 197 case EditActionDrag: | 171 case EditActionDrag: |
| 198 case EditActionSetWritingDirection: | 172 case EditActionSetWritingDirection: |
| 199 case EditActionCut: | 173 case EditActionCut: |
| 200 case EditActionUnspecified: | 174 case EditActionUnspecified: |
| 201 break; | 175 break; |
| 202 default: | 176 default: |
| 203 ASSERT_NOT_REACHED(); | 177 ASSERT_NOT_REACHED(); |
| 204 return; | 178 return; |
| 205 } | 179 } |
| 206 } | 180 } |
| 207 ensureComposition(); | 181 ensureComposition(); |
| 208 | 182 |
| 209 // Changes to the document may have been made since the last editing operati
on that require a layout, as in <rdar://problem/5658603>. | 183 // Changes to the document may have been made since the last editing operati
on that require a layout, as in <rdar://problem/5658603>. |
| 210 // Low level operations, like RemoveNodeCommand, don't require a layout beca
use the high level operations that use them perform one | 184 // Low level operations, like RemoveNodeCommand, don't require a layout beca
use the high level operations that use them perform one |
| 211 // if one is necessary (like for the creation of VisiblePositions). | 185 // if one is necessary (like for the creation of VisiblePositions). |
| 212 document().updateLayoutIgnorePendingStylesheets(); | 186 document().updateLayoutIgnorePendingStylesheets(); |
| 213 | 187 |
| 214 Frame* frame = document().frame(); | 188 Frame* frame = document().frame(); |
| 215 ASSERT(frame); | 189 ASSERT(frame); |
| 216 { | 190 { |
| 217 EventQueueScope eventQueueScope; | 191 EventQueueScope eventQueueScope; |
| 218 ReentrancyGuard::Scope reentrancyGuardScope; | |
| 219 doApply(); | 192 doApply(); |
| 220 } | 193 } |
| 221 | 194 |
| 222 // Only need to call appliedEditing for top-level commands, | 195 // Only need to call appliedEditing for top-level commands, |
| 223 // and TypingCommands do it on their own (see TypingCommand::typingAddedToOp
enCommand). | 196 // and TypingCommands do it on their own (see TypingCommand::typingAddedToOp
enCommand). |
| 224 if (!isTypingCommand()) | 197 if (!isTypingCommand()) |
| 225 frame->editor().appliedEditing(this); | 198 frame->editor().appliedEditing(this); |
| 226 setShouldRetainAutocorrectionIndicator(false); | 199 setShouldRetainAutocorrectionIndicator(false); |
| 227 } | 200 } |
| 228 | 201 |
| (...skipping 1251 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1480 return node.release(); | 1453 return node.release(); |
| 1481 } | 1454 } |
| 1482 | 1455 |
| 1483 PassRefPtr<Element> createBlockPlaceholderElement(Document& document) | 1456 PassRefPtr<Element> createBlockPlaceholderElement(Document& document) |
| 1484 { | 1457 { |
| 1485 RefPtr<Element> breakNode = document.createElement(brTag, false); | 1458 RefPtr<Element> breakNode = document.createElement(brTag, false); |
| 1486 return breakNode.release(); | 1459 return breakNode.release(); |
| 1487 } | 1460 } |
| 1488 | 1461 |
| 1489 } // namespace WebCore | 1462 } // namespace WebCore |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 141103006:
Protect document.execCommand() from recursive call and DOM mutation events (Closed)
Base URL: svn://svn.chromium.org/blink/trunk