Chromium Code Reviews Chromium Code Reviews
Issue 2369853002:
HTML parser: implementing throw-on-dynamic-markup-insertion counter (Closed)
| Index: third_party/WebKit/Source/core/dom/Document.cpp |
| diff --git a/third_party/WebKit/Source/core/dom/Document.cpp b/third_party/WebKit/Source/core/dom/Document.cpp |
| index 9c107592c0d797f84dfe57c01071d5e9ee4248ec..ea6d562826bacffaea60be5884c3c291d0458634 100644 |
| --- a/third_party/WebKit/Source/core/dom/Document.cpp |
| +++ b/third_party/WebKit/Source/core/dom/Document.cpp |
| @@ -432,6 +432,7 @@ Document::Document(const DocumentInit& initializer, DocumentClassFlags documentC |
| , m_containsPlugins(false) |
| , m_updateFocusAppearanceSelectionBahavior(SelectionBehaviorOnFocus::Reset) |
| , m_ignoreDestructiveWriteCount(0) |
| + , m_throwOnDynamicMarkupInsertionCount(0) |
| , m_markers(new DocumentMarkerController(*this)) |
| , m_updateFocusAppearanceTimer(this, &Document::updateFocusAppearanceTimerFired) |
| , m_cssTarget(nullptr) |
| @@ -2270,6 +2271,13 @@ void Document::shutdown() |
| m_timers.setTimerTaskRunner( |
| Platform::current()->currentThread()->scheduler()->timerTaskRunner()->clone()); |
| + // This is required, as our LocalFrame might delete itself as soon as it detaches |
| + // us. However, this violates Node::detachLayoutTree() semantics, as it's never |
| + // possible to re-attach. Eventually Document::detachLayoutTree() should be renamed, |
| + // or this setting of the frame to 0 could be made explicit in each of the |
| + // callers of Document::detachLayoutTree(). |
| + m_frame = nullptr; |
| + |
| if (m_mediaQueryMatcher) |
| m_mediaQueryMatcher->documentDetached(); |
| @@ -2282,13 +2290,6 @@ void Document::shutdown() |
| // a contextDestroyed() notification. This can happen for a document |
| // created by DOMImplementation::createDocument(). |
| ExecutionContext::notifyContextDestroyed(); |
|
dominicc (has gone to gerrit)
2016/09/28 08:01:03
Just curious--why did you move this?
|
| - |
| - // This is required, as our LocalFrame might delete itself as soon as it detaches |
| - // us. However, this violates Node::detachLayoutTree() semantics, as it's never |
| - // possible to re-attach. Eventually Document::detachLayoutTree() should be renamed, |
| - // or this setting of the frame to 0 could be made explicit in each of the |
| - // callers of Document::detachLayoutTree(). |
| - m_frame = nullptr; |
| } |
| void Document::removeAllEventListeners() |
| @@ -2393,6 +2394,11 @@ void Document::open(Document* enteredDocument, ExceptionState& exceptionState) |
| return; |
| } |
| + if (m_throwOnDynamicMarkupInsertionCount) { |
| + exceptionState.throwDOMException(InvalidStateError, "Custom Element constructor should not use open()."); |
| + return; |
| + } |
| + |
| if (enteredDocument) { |
| if (!getSecurityOrigin()->canAccess(enteredDocument->getSecurityOrigin())) { |
| exceptionState.throwSecurityError("Can only call open() on same-origin documents."); |
| @@ -2590,6 +2596,11 @@ void Document::close(ExceptionState& exceptionState) |
| return; |
| } |
| + if (m_throwOnDynamicMarkupInsertionCount) { |
| + exceptionState.throwDOMException(InvalidStateError, "Custom Element constructor should not use close()."); |
| + return; |
| + } |
| + |
| close(); |
| } |
| @@ -2853,6 +2864,11 @@ void Document::write(const SegmentedString& text, Document* enteredDocument, Exc |
| return; |
| } |
| + if (m_throwOnDynamicMarkupInsertionCount) { |
| + exceptionState.throwDOMException(InvalidStateError, "Custom Element constructor should not use write()."); |
| + return; |
| + } |
| + |
| if (enteredDocument && !getSecurityOrigin()->canAccess(enteredDocument->getSecurityOrigin())) { |
| exceptionState.throwSecurityError("Can only call write() on same-origin documents."); |
| return; |
