Commit 20c53674 authored by ggaren@apple.com's avatar ggaren@apple.com

Honor the setting for whether JavaScript markup is enabled

https://bugs.webkit.org/show_bug.cgi?id=113122

Reviewed by Ryosuke Niwa.

Source/WebCore: 

* dom/ScriptableDocumentParser.cpp:
(WebCore::ScriptableDocumentParser::ScriptableDocumentParser): Applied the
setting here, so all document parsing would be covered. This is similar
to what we do for plug-in stripping.

* html/parser/HTMLConstructionSite.cpp:
(WebCore::HTMLConstructionSite::insertForeignElement): Fixed a bug where
we would insert an SVG script element into the document even in script
markup disabled mode.

(This bug has existed for copy/paste for a long time, but other bugs and
quirks in SVG copy/paste papered over it. It's a serious issue now
that non-paste clients will rely on this mode.)

* html/parser/HTMLTreeBuilder.cpp:
(WebCore::HTMLTreeBuilder::processTokenInForeignContent): Fixed the same
bug -- this time in the part of the parser that executes scripts as they
parse.

I adopted the toScriptElement() convention for testing for a script
element to match the XML parser.

LayoutTests: 

* editing/unsupported-content/script-markup-enabled-setting-expected.txt: Added.
* editing/unsupported-content/script-markup-enabled-setting.html: Added.


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@147018 268f45cc-cd09-0410-ab3c-d52691b4dbfc
parent 62292722
2013-03-22 Geoffrey Garen <ggaren@apple.com>
Honor the setting for whether JavaScript markup is enabled
https://bugs.webkit.org/show_bug.cgi?id=113122
Reviewed by Ryosuke Niwa.
* editing/unsupported-content/script-markup-enabled-setting-expected.txt: Added.
* editing/unsupported-content/script-markup-enabled-setting.html: Added.
2013-03-27 Zan Dobersek <zdobersek@igalia.com>
Unreviewed GTK gardening. Rebaselining after r146992.
This test verifies that script elements are not inserted into the document if the WebCore scriptMarkupEnabled setting is false.
PASS: documentWithScript.getElementsByTagName("script").length should be 0 and is.
PASS: documentWithSVGScript.getElementsByTagName("script").length should be 0 and is.
<p>This test verifies that script elements are not inserted into the document if the WebCore scriptMarkupEnabled setting is false.</p>
<pre id="log"></pre>
<script>
function log(s)
{
document.getElementById("log").appendChild(document.createTextNode(s + "\n"));
}
function shouldBe(aDescription, a, b)
{
if (a == b) {
log("PASS: " + aDescription + " should be " + b + " and is.");
return;
}
log("FAIL: " + aDescription + " should be " + b + " but instead is " + a + ".");
}
if (window.testRunner) {
testRunner.dumpAsText();
window.internals.settings.setScriptMarkupEnabled(false);
} else
log("This test depends on the JavaScriptMarkupEnabled setting being false.");
window.onload = function test()
{
var documentWithScript = frames[0].document;
shouldBe('documentWithScript.getElementsByTagName("script").length', documentWithScript.getElementsByTagName("script").length, 0);
var documentWithSVGScript = frames[1].document;
shouldBe('documentWithSVGScript.getElementsByTagName("script").length', documentWithSVGScript.getElementsByTagName("script").length, 0);
}
</script>
<iframe srcdoc="<script>var pwned = 1;</script>"></iframe>
<iframe srcdoc="<svg><script>var pwned = 1;</script></svg>"></iframe>
2013-03-22 Geoffrey Garen <ggaren@apple.com>
Honor the setting for whether JavaScript markup is enabled
https://bugs.webkit.org/show_bug.cgi?id=113122
Reviewed by Ryosuke Niwa.
* dom/ScriptableDocumentParser.cpp:
(WebCore::ScriptableDocumentParser::ScriptableDocumentParser): Applied the
setting here, so all document parsing would be covered. This is similar
to what we do for plug-in stripping.
* html/parser/HTMLConstructionSite.cpp:
(WebCore::HTMLConstructionSite::insertForeignElement): Fixed a bug where
we would insert an SVG script element into the document even in script
markup disabled mode.
(This bug has existed for copy/paste for a long time, but other bugs and
quirks in SVG copy/paste papered over it. It's a serious issue now
that non-paste clients will rely on this mode.)
* html/parser/HTMLTreeBuilder.cpp:
(WebCore::HTMLTreeBuilder::processTokenInForeignContent): Fixed the same
bug -- this time in the part of the parser that executes scripts as they
parse.
I adopted the toScriptElement() convention for testing for a script
element to match the XML parser.
2013-03-27 Dean Jackson <dino@apple.com>
Chromium Mac fails to build after r146995 because the new NSFont category
......@@ -40,6 +40,9 @@ ScriptableDocumentParser::ScriptableDocumentParser(Document* document, ParserCon
{
if (!pluginContentIsAllowed(m_parserContentPolicy) && (!document->settings() || document->settings()->unsafePluginPastingEnabled()))
m_parserContentPolicy = allowPluginContent(m_parserContentPolicy);
if (scriptingContentIsAllowed(m_parserContentPolicy) && (document->settings() && !document->settings()->scriptMarkupEnabled()))
m_parserContentPolicy = disallowScriptingContent(m_parserContentPolicy);
}
};
......@@ -41,6 +41,7 @@
#include "HTMLHtmlElement.h"
#include "HTMLNames.h"
#include "HTMLParserIdioms.h"
#include "HTMLPlugInElement.h"
#include "HTMLScriptElement.h"
#include "HTMLStackItem.h"
#include "HTMLTemplateElement.h"
......@@ -106,6 +107,9 @@ static inline void executeTask(HTMLConstructionSiteTask& task)
void HTMLConstructionSite::attachLater(ContainerNode* parent, PassRefPtr<Node> prpChild, bool selfClosing)
{
ASSERT(scriptingContentIsAllowed(m_parserContentPolicy) || !toElement(prpChild.get()) || !toScriptElement(toElement(prpChild.get())));
ASSERT(pluginContentIsAllowed(m_parserContentPolicy) || !prpChild->isPluginElement());
HTMLConstructionSiteTask task;
task.parent = parent;
task.child = prpChild;
......@@ -462,7 +466,8 @@ void HTMLConstructionSite::insertForeignElement(AtomicHTMLToken* token, const At
notImplemented(); // parseError when xmlns or xmlns:xlink are wrong.
RefPtr<Element> element = createElement(token, namespaceURI);
attachLater(currentNode(), element, token->selfClosing());
if (scriptingContentIsAllowed(m_parserContentPolicy) || !toScriptElement(element.get()))
attachLater(currentNode(), element, token->selfClosing());
if (!token->selfClosing())
m_openElements.push(HTMLStackItem::create(element.release(), token, namespaceURI));
}
......
......@@ -2868,7 +2868,8 @@ void HTMLTreeBuilder::processTokenInForeignContent(AtomicHTMLToken* token)
adjustSVGTagNameCase(token);
if (token->name() == SVGNames::scriptTag && m_tree.currentStackItem()->hasTagName(SVGNames::scriptTag)) {
m_scriptToProcess = m_tree.currentElement();
if (scriptingContentIsAllowed(m_tree.parserContentPolicy()))
m_scriptToProcess = m_tree.currentElement();
m_tree.openElements()->pop();
return;
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment