Index: third_party/WebKit/Source/core/html/parser/HTMLDocumentParser.cpp |
diff --git a/third_party/WebKit/Source/core/html/parser/HTMLDocumentParser.cpp b/third_party/WebKit/Source/core/html/parser/HTMLDocumentParser.cpp |
index c0dbe2abde8735e9c052b093a1028ec244bdf7b2..55c5ccd9fe0ea4fd6293e40e1b5a3c4f9f98d14d 100644 |
--- a/third_party/WebKit/Source/core/html/parser/HTMLDocumentParser.cpp |
+++ b/third_party/WebKit/Source/core/html/parser/HTMLDocumentParser.cpp |
@@ -684,8 +684,13 @@ void HTMLDocumentParser::pumpTokenizer() { |
// http/tests/security/xssAuditor/dom-write-innerHTML.html |
if (std::unique_ptr<XSSInfo> xssInfo = |
m_xssAuditor.filterToken(FilterTokenRequest( |
- token(), m_sourceTracker, m_tokenizer->shouldAllowCDATA()))) |
+ token(), m_sourceTracker, m_tokenizer->shouldAllowCDATA()))) { |
m_xssAuditorDelegate.didBlockScript(*xssInfo); |
+ // If we're in blocking mode, we might stop the parser in |
+ // 'didBlockScript()'. In that case, exit early. |
+ if (!isParsing()) |
+ return; |
+ } |
} |
constructTreeFromHTMLToken(); |