Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(534)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: third_party/WebKit/Source/core/html/parser/HTMLConstructionSite.cpp

Issue 1670203002: Block HTML Imports from loading when inserted via innerHTML. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 4 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« third_party/WebKit/Source/core/html/HTMLLinkElement.h ('K') | « third_party/WebKit/Source/core/html/parser/HTMLConstructionSite.h ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: third_party/WebKit/Source/core/html/parser/HTMLConstructionSite.cpp
diff --git a/third_party/WebKit/Source/core/html/parser/HTMLConstructionSite.cpp b/third_party/WebKit/Source/core/html/parser/HTMLConstructionSite.cpp
index cc5344d24e8ff07e7371e4340fbfbfc544fc5005..9ae457fb964fdc300f70cc93d3372330fad11616 100644
--- a/third_party/WebKit/Source/core/html/parser/HTMLConstructionSite.cpp
+++ b/third_party/WebKit/Source/core/html/parser/HTMLConstructionSite.cpp
@@ -38,6 +38,7 @@
#include "core/frame/LocalFrame.h"
#include "core/html/HTMLFormElement.h"
#include "core/html/HTMLHtmlElement.h"
+#include "core/html/HTMLLinkElement.h"
#include "core/html/HTMLPlugInElement.h"
#include "core/html/HTMLScriptElement.h"
#include "core/html/HTMLTemplateElement.h"
@@ -626,6 +627,14 @@ void HTMLConstructionSite::insertHTMLElement(AtomicHTMLToken* token)
void HTMLConstructionSite::insertSelfClosingHTMLElementDestroyingToken(AtomicHTMLToken* token)
{
ASSERT(token->type() == HTMLToken::StartTag);
+
+ // Link tags require special processing in order to ensure that they don't execute script when
+ // they ought not to.
+ if (token->name() == linkTag) {
+ insertLinkElement(token);
dglazkov 2016/02/05 18:25:53 Would it be better to just split linkTag from http
+ return;
+ }
+
// Normally HTMLElementStack is responsible for calling finishParsingChildren,
// but self-closing elements are never in the element stack so the stack
// doesn't get a chance to tell them that we're done parsing their children.
@@ -659,6 +668,19 @@ void HTMLConstructionSite::insertScriptElement(AtomicHTMLToken* token)
m_openElements.push(HTMLStackItem::create(element.release(), token));
}
+void HTMLConstructionSite::insertLinkElement(AtomicHTMLToken* token)
+{
+ // We use the same 'alreadyStarted' flag for link elements as we do for script elements. That isn't
+ // in the HTML spec, or in the HTML Imports spec, but we need it for sane behavior in the latter.
+ //
+ // See 'insertScriptElement()' above for detail.
+ const bool parserInserted = m_parserContentPolicy != AllowScriptingContentAndDoNotMarkAlreadyStarted;
kouhei (in TOK) 2016/02/08 01:30:24 I'm not sure if we should respect "AllowScriptingC
+ const bool alreadyStarted = m_isParsingFragment && parserInserted;
+ RefPtrWillBeRawPtr<HTMLLinkElement> element = HTMLLinkElement::create(ownerDocumentForCurrentNode(), parserInserted, alreadyStarted);
+ setAttributes(element.get(), token, m_parserContentPolicy);
+ attachLater(currentNode(), element, true);
+}
+
void HTMLConstructionSite::insertForeignElement(AtomicHTMLToken* token, const AtomicString& namespaceURI)
{
ASSERT(token->type() == HTMLToken::StartTag);
« third_party/WebKit/Source/core/html/HTMLLinkElement.h ('K') | « third_party/WebKit/Source/core/html/parser/HTMLConstructionSite.h ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698