Prevent recursion in critical part of CustomElementRegistry::define.

third_party/WebKit/Source/core/dom/custom/CustomElementRegistry.cpp

 // Copyright 2016 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "core/dom/custom/CustomElementRegistry.h"
 
 #include "bindings/core/v8/ExceptionState.h"
 #include "bindings/core/v8/ScriptCustomElementDefinitionBuilder.h"
 #include "bindings/core/v8/ScriptPromise.h"
 #include "bindings/core/v8/ScriptPromiseResolver.h"
@@ skipping 21 matching lines @@
 {
     if (CustomElement::isValidName(name))
         return false;
     exceptionState.throwDOMException(
         SyntaxError,
         "\"" + name + "\" is not a valid custom element name");
     return true;
 }
 
 
-class CustomElementRegistry::NameIsBeingDefined final {
+class CustomElementRegistry::ElementDefinitionIsRunning final {
     STACK_ALLOCATED();
-    DISALLOW_IMPLICIT_CONSTRUCTORS(NameIsBeingDefined);
+    DISALLOW_IMPLICIT_CONSTRUCTORS(ElementDefinitionIsRunning);
 public:
-    NameIsBeingDefined(
-        CustomElementRegistry* registry,
-        const AtomicString& name)
-        : m_registry(registry)
-        , m_name(name)
+    ElementDefinitionIsRunning(bool& flag)
+        : m_flag(flag)
     {
-        DCHECK(!m_registry->m_namesBeingDefined.contains(name));
-        m_registry->m_namesBeingDefined.add(name);
+        DCHECK(!m_flag);
+        m_flag = true;
     }
 
-    ~NameIsBeingDefined()
+    ~ElementDefinitionIsRunning()
     {
-        m_registry->m_namesBeingDefined.remove(m_name);
+        DCHECK(m_flag);
+        m_flag = false;
     }
 
 private:
-    Member<CustomElementRegistry> m_registry;
-    const AtomicString& m_name;
+    bool& m_flag;
 };
 
 CustomElementRegistry* CustomElementRegistry::create(
     const LocalDOMWindow* owner)
 {
     CustomElementRegistry* registry = new CustomElementRegistry(owner);
     Document* document = owner->document();
     if (V0CustomElementRegistrationContext* v0 =
         document ? document->registrationContext() : nullptr)
         registry->entangle(v0);
     return registry;
 }
 
 CustomElementRegistry::CustomElementRegistry(const LocalDOMWindow* owner)
-    : m_owner(owner)
+    : m_elementDefinitionIsRunning(false)
+    , m_owner(owner)
     , m_v0 (new V0RegistrySet())
     , m_upgradeCandidates(new UpgradeCandidateMap())
 {
 }
 
 DEFINE_TRACE(CustomElementRegistry)
 {
     visitor->trace(m_definitions);
     visitor->trace(m_owner);
     visitor->trace(m_v0);
@@ skipping 22 matching lines @@
     CustomElementDefinitionBuilder& builder,
     const ElementRegistrationOptions& options,
     ExceptionState& exceptionState)
 {
     if (!builder.checkConstructorIntrinsics())
         return;
 
     if (throwIfInvalidName(name, exceptionState))
         return;
 
-    if (m_namesBeingDefined.contains(name)) {
-        exceptionState.throwDOMException(
-            NotSupportedError,
-            "this name is already being defined in this registry");
-        return;
-    }
-    NameIsBeingDefined defining(this, name);
-
     if (nameIsDefined(name) || v0NameIsDefined(name)) {
         exceptionState.throwDOMException(
             NotSupportedError,
             "this name has already been used with this registry");
         return;
     }
 
     if (!builder.checkConstructorNotRegistered())
         return;
 
-    // TODO(dominicc): Implement steps:
-    // 5: localName
-    // 6-7: extends processing
-
-    // 8-9: observed attributes caching is done below, together with callbacks.
-    // TODO(kojii): https://github.com/whatwg/html/issues/1373 for the ordering.
-    // When it's resolved, revisit if this code needs changes.
+    // TODO(dominicc): Implement steps 6-7 for customized built-in elements
 
     // TODO(dominicc): Add a test where the prototype getter destroys
     // the context.
 
-    if (!builder.checkPrototype())
+    // 8. If this CustomElementRegistry's element definition is
+    // running flag is set, then throw a "NotSupportedError"
+    // DOMException and abort these steps.
+    if (m_elementDefinitionIsRunning) {
+        exceptionState.throwDOMException(
+            NotSupportedError,
+            "an element definition is already being processed");
         return;
+    }
 
-    // 8-9: observed attributes caching
-    // 12-13: connected callback
-    // 14-15: disconnected callback
-    // 16-17: attribute changed callback
+    {
+        // 9. Set this CustomElementRegistry's element definition is
+        // running flag.
+        ElementDefinitionIsRunning defining(m_elementDefinitionIsRunning);
 
-    if (!builder.rememberOriginalProperties())
-        return;
+        // 10.1-2
+        if (!builder.checkPrototype())
+            return;
 
-    // TODO(dominicc): Add a test where retrieving the prototype
-    // recursively calls define with the same name.
+        // 10.3-6
+        if (!builder.rememberOriginalProperties())
+            return;
+
+        // "Then, perform the following substep, regardless of whether
+        // the above steps threw an exception or not: Unset this
+        // CustomElementRegistry's element definition is running
+        // flag."
+        // (ElementDefinitionIsRunning destructor does this.)
+    }
 
     CustomElementDescriptor descriptor(name, name);
     CustomElementDefinition* definition = builder.build(descriptor);
     CHECK(!exceptionState.hadException());
     CHECK(definition->descriptor() == descriptor);
     DefinitionMap::AddResult result =
         m_definitions.add(descriptor.name(), definition);
     CHECK(result.isNewEntry);
 
     HeapVector<Member<Element>> candidates;
     collectCandidates(descriptor, &candidates);
     for (Element* candidate : candidates)
         definition->enqueueUpgradeReaction(candidate);
 
-    // 19: when-defined promise processing
+    // 16: when-defined promise processing
     const auto& entry = m_whenDefinedPromiseMap.find(name);
     if (entry == m_whenDefinedPromiseMap.end())
         return;
     entry->value->resolve();
     m_whenDefinedPromiseMap.remove(entry);
 }
 
 // https://html.spec.whatwg.org/multipage/scripting.html#dom-customelementsregistry-get
 ScriptValue CustomElementRegistry::get(const AtomicString& name)
 {
@@ skipping 98 matching lines @@
     m_upgradeCandidates->remove(it);
 
     Document* document = m_owner->document();
     if (!document)
         return;
 
     sorter.sorted(elements, document);
 }
 
 } // namespace blink