| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2013 Google Inc. All rights reserved. | 2 * Copyright (C) 2013 Google Inc. All rights reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
| 6 * are met: | 6 * are met: |
| 7 * | 7 * |
| 8 * 1. Redistributions of source code must retain the above copyright | 8 * 1. Redistributions of source code must retain the above copyright |
| 9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
| 10 * 2. Redistributions in binary form must reproduce the above copyright | 10 * 2. Redistributions in binary form must reproduce the above copyright |
| (...skipping 13 matching lines...) Expand all Loading... |
| 24 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | 24 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
| 25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | 25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
| 26 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | 26 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
| 27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE | 27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE |
| 28 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 28 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 29 */ | 29 */ |
| 30 | 30 |
| 31 #include "config.h" | 31 #include "config.h" |
| 32 #include "core/dom/custom/CustomElementCallbackQueue.h" | 32 #include "core/dom/custom/CustomElementCallbackQueue.h" |
| 33 | 33 |
| 34 #include "core/dom/shadow/ShadowRoot.h" |
| 35 |
| 34 namespace blink { | 36 namespace blink { |
| 35 | 37 |
| 36 PassOwnPtrWillBeRawPtr<CustomElementCallbackQueue> CustomElementCallbackQueue::c
reate(PassRefPtrWillBeRawPtr<Element> element) | 38 PassOwnPtrWillBeRawPtr<CustomElementCallbackQueue> CustomElementCallbackQueue::c
reate(PassRefPtrWillBeRawPtr<Element> element) |
| 37 { | 39 { |
| 38 return adoptPtrWillBeNoop(new CustomElementCallbackQueue(element)); | 40 return adoptPtrWillBeNoop(new CustomElementCallbackQueue(element)); |
| 39 } | 41 } |
| 40 | 42 |
| 41 CustomElementCallbackQueue::CustomElementCallbackQueue(PassRefPtrWillBeRawPtr<El
ement> element) | 43 CustomElementCallbackQueue::CustomElementCallbackQueue(PassRefPtrWillBeRawPtr<El
ement> element) |
| 42 : m_element(element) | 44 : m_element(element) |
| 43 , m_owner(-1) | 45 , m_owner(-1) |
| 44 , m_index(0) | 46 , m_index(0) |
| 45 , m_inCreatedCallback(false) | 47 , m_inCreatedCallback(false) |
| 46 { | 48 { |
| 47 } | 49 } |
| 48 | 50 |
| 49 bool CustomElementCallbackQueue::processInElementQueue(ElementQueueId caller) | 51 bool CustomElementCallbackQueue::processInElementQueue(ElementQueueId caller) |
| 50 { | 52 { |
| 51 ASSERT(!m_inCreatedCallback); | 53 ASSERT(!m_inCreatedCallback); |
| 52 bool didWork = false; | 54 bool didWork = false; |
| 53 | 55 |
| 54 while (m_index < m_queue.size() && owner() == caller) { | 56 // Never run custom element callbacks in UA shadow roots since that would |
| 55 m_inCreatedCallback = m_queue[m_index]->isCreatedCallback(); | 57 // leak the UA root and it's elements into the page. |
| 58 ShadowRoot* shadowRoot = m_element->containingShadowRoot(); |
| 59 if (!shadowRoot || shadowRoot->type() != ShadowRootType::UserAgent) { |
| 60 while (m_index < m_queue.size() && owner() == caller) { |
| 61 m_inCreatedCallback = m_queue[m_index]->isCreatedCallback(); |
| 56 | 62 |
| 57 // dispatch() may cause recursion which steals this callback | 63 // dispatch() may cause recursion which steals this callback |
| 58 // queue and reenters processInQueue. owner() == caller | 64 // queue and reenters processInQueue. owner() == caller |
| 59 // detects this recursion and cedes processing. | 65 // detects this recursion and cedes processing. |
| 60 m_queue[m_index++]->dispatch(m_element.get()); | 66 m_queue[m_index++]->dispatch(m_element.get()); |
| 61 m_inCreatedCallback = false; | 67 m_inCreatedCallback = false; |
| 62 didWork = true; | 68 didWork = true; |
| 69 } |
| 63 } | 70 } |
| 64 | 71 |
| 65 if (owner() == caller && m_index == m_queue.size()) { | 72 if (owner() == caller && m_index == m_queue.size()) { |
| 66 // This processInQueue exhausted the queue; shrink it. | 73 // This processInQueue exhausted the queue; shrink it. |
| 67 m_index = 0; | 74 m_index = 0; |
| 68 m_queue.resize(0); | 75 m_queue.resize(0); |
| 69 m_owner = -1; | 76 m_owner = -1; |
| 70 } | 77 } |
| 71 | 78 |
| 72 return didWork; | 79 return didWork; |
| 73 } | 80 } |
| 74 | 81 |
| 75 DEFINE_TRACE(CustomElementCallbackQueue) | 82 DEFINE_TRACE(CustomElementCallbackQueue) |
| 76 { | 83 { |
| 77 visitor->trace(m_element); | 84 visitor->trace(m_element); |
| 78 visitor->trace(m_queue); | 85 visitor->trace(m_queue); |
| 79 } | 86 } |
| 80 | 87 |
| 81 } // namespace blink | 88 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1427783004:
Don't expose UA shadow roots in custom element callbacks (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master