Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(251)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/core/html/HTMLElement.cpp

Issue 67813002: Protect contextElement during insertAdjacentHTML call (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: Address review comments Created 7 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « LayoutTests/fast/dom/insertAdjacentHTML-afterend-crash-expected.txt ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org) 2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org)
3 * (C) 1999 Antti Koivisto (koivisto@kde.org) 3 * (C) 1999 Antti Koivisto (koivisto@kde.org)
4 * Copyright (C) 2004, 2005, 2006, 2007, 2008 Apple Inc. All rights reserved. 4 * Copyright (C) 2004, 2005, 2006, 2007, 2008 Apple Inc. All rights reserved.
5 * Copyright (C) 2009 Torch Mobile Inc. All rights reserved. (http://www.torchmo bile.com/) 5 * Copyright (C) 2009 Torch Mobile Inc. All rights reserved. (http://www.torchmo bile.com/)
6 * Copyright (C) 2011 Motorola Mobility. All rights reserved. 6 * Copyright (C) 2011 Motorola Mobility. All rights reserved.
7 * 7 *
8 * This library is free software; you can redistribute it and/or 8 * This library is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Library General Public 9 * modify it under the terms of the GNU Library General Public
10 * License as published by the Free Software Foundation; either 10 * License as published by the Free Software Foundation; either
(...skipping 504 matching lines...) Expand 10 before | Expand all | Expand 10 after
515 return toElement(parent); 515 return toElement(parent);
516 } 516 }
517 if (equalIgnoringCase(where, "afterBegin") || equalIgnoringCase(where, "befo reEnd")) 517 if (equalIgnoringCase(where, "afterBegin") || equalIgnoringCase(where, "befo reEnd"))
518 return element; 518 return element;
519 es.throwUninformativeAndGenericDOMException(SyntaxError); 519 es.throwUninformativeAndGenericDOMException(SyntaxError);
520 return 0; 520 return 0;
521 } 521 }
522 522
523 void HTMLElement::insertAdjacentHTML(const String& where, const String& markup, ExceptionState& es) 523 void HTMLElement::insertAdjacentHTML(const String& where, const String& markup, ExceptionState& es)
524 { 524 {
525 Element* contextElement = contextElementForInsertion(where, this, es); 525 RefPtr<Element> contextElement = contextElementForInsertion(where, this, es) ;
526 if (!contextElement) 526 if (!contextElement)
527 return; 527 return;
528 528
529 RefPtr<DocumentFragment> fragment = createFragmentForInnerOuterHTML(markup, contextElement, AllowScriptingContent, "insertAdjacentHTML", es); 529 RefPtr<DocumentFragment> fragment = createFragmentForInnerOuterHTML(markup, contextElement.get(), AllowScriptingContent, "insertAdjacentHTML", es);
530 if (!fragment) 530 if (!fragment)
531 return; 531 return;
532 insertAdjacent(where, fragment.get(), es); 532 insertAdjacent(where, fragment.get(), es);
533 } 533 }
534 534
535 void HTMLElement::insertAdjacentText(const String& where, const String& text, Ex ceptionState& es) 535 void HTMLElement::insertAdjacentText(const String& where, const String& text, Ex ceptionState& es)
536 { 536 {
537 RefPtr<Text> textNode = document().createTextNode(text); 537 RefPtr<Text> textNode = document().createTextNode(text);
538 insertAdjacent(where, textNode.get(), es); 538 insertAdjacent(where, textNode.get(), es);
539 } 539 }
(...skipping 532 matching lines...) Expand 10 before | Expand all | Expand 10 after
1072 #ifndef NDEBUG 1072 #ifndef NDEBUG
1073 1073
1074 // For use in the debugger 1074 // For use in the debugger
1075 void dumpInnerHTML(WebCore::HTMLElement*); 1075 void dumpInnerHTML(WebCore::HTMLElement*);
1076 1076
1077 void dumpInnerHTML(WebCore::HTMLElement* element) 1077 void dumpInnerHTML(WebCore::HTMLElement* element)
1078 { 1078 {
1079 printf("%s\n", element->innerHTML().ascii().data()); 1079 printf("%s\n", element->innerHTML().ascii().data());
1080 } 1080 }
1081 #endif 1081 #endif
OLDNEW
« no previous file with comments | « LayoutTests/fast/dom/insertAdjacentHTML-afterend-crash-expected.txt ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698