Commit bb0c24b5 authored by kocienda's avatar kocienda
Browse files

Initial revision

git-svn-id: 268f45cc-cd09-0410-ab3c-d52691b4dbfc
parent 985ad043
* new start with DOM (Lars 10.8.99)
<title>Internal design of khtml</title>
dt { font-weight: bold; }
<body bgcolor=white>
<h1>Internal design of khtml</h1>
This document tries to give a short overview about the internal design of the khtml
library. I've written this, because the lib has gotten quite big, and it is hard at first to find your
way in the source code. This doesn't mean that you'll understand khtml after reading this
document, but it'll hopefully make it easier for you to read the source code.
The library is build up out of several different parts. Basically, when you use the lib, you
create an instance of a KHTMLPart, and feed data to it. That's more or less all you need to
know if you want to use khtml for another application. If you want to start hacking khtml,
here's a sketch of the objects that will get constructed, when eg. running testkhtml with
a url argument.
In the following I'll assume that you're familiar with all the buzzwords used in current web
techology. In case you aren't here's a more or less complete list of references:
<b>Document Object model (DOM):</b><br>
<a href="">DOM Level1 and 2</a><br>
We support DOM Level2 except for the events model at the moment.
<a href="">HTML4 specs</a><br>
<a href="">xhtml specs</a><br>
We support almost all of HTML4 and xhtml.
<b>Cascading style sheets (CSS):</b><br>
<a href="">CSS2 specs</a><br>
We support almost all of CSS1, and most parts of CSS2.
insert some links here...<br>
<a href="">Microsoft javascript bindings</a><br>
<a href="">Netscape javascript reference</a><br>
Netscapes javascript bindings are outdated. We shouldn't follow them. Let's focus on getting the bindings
compatible to IE.
<a href="khtml_part.h">KHTMLPart</a> creates one instance of a
<a href="khtmlview.h">KHTMLView</a> (derived from QScrollView),
the widget showing the whole thing. At the same time a DOM tree
is built up from the HTML or XML found in the specified file.
Let me describe this with an example.
khtml makes use of the document object model (DOM) for storing the document
in a tree like structure. Imagine a some html like
h1: { color: red; }
some red text
more text
a paragraph with an
&lt;img src="foo.png"&gt;
embedded image.
In the following I'll show how this input will be processed step by step to generate the visible output
you will finally see on your screen. I'm describing the things as if they happen one after the other,
to make the priniciple more clear. In reality, to get visible output on the screen as soon as possible,
all these things (from tokenization to the build up and layouting of the rendering tree) happen
more or less in parallel.
<h2>Tokenizer and parser</h2>
The first thing that happens when you start parsing a new document is that a
DocumentImpl* (for XML documents) or an HTMLDocumentImpl* object will get
created by the Part (in khtml_part.cpp::begin()). A Tokenizer*
object is created as soon as DocumentImpl::open() is called by the part, also
in begin() (can be either an XMLTokenizer or an HTMLTokenizer).
The XMLTokenizer uses the QXML classes in Qt to parse the document, and it's SAX interface
to parse the stuff into khtmls DOM.
For HTML, the tokenizer is located in khtmltokenizer.cpp. The tokenizer uses the contents
of a HTML-file as input and breaks this contents up in a linked list of
tokens. The tokenizer recognizes HTML-entities and HTML-tags. Text between
begin- and end-tags is handled distinctly for several tags. The distinctions
are in the way how spaces, linefeeds, HTLM-entities and other tags are
The tokenizer is completly state-driven on a character by character base.
All text passed over to the tokenizer is directly tokenized. A complete
HTML-file can be passed to the tokenizer as a whole, character by character
(not very efficient) or in blocks of any (variable) size.
The HTMLTokenizer creates an HTMLParser which
interprets the stream of tokens provided by the tokenizer
and constructs the tree of Nodes representing the document according
to the Document Object Model.
One big difference between HTML and XML at the moment is, that the HTML parser and Tokenizer
can parse incrementally as the data arrives, while the XML Tokenizer (due to a limitation of
Qts XML parser) can at the moment only parse the document, once it has been loaded completely.
<h2>The DOM in khtml</h2>
Parsing the document given above gives the following DOM tree:
|--> HTMLHeadElement
| \--> HTMLStyleElement
| \--> CSSStyleSheet
\--> HTMLBodyElement
|--> HTMLHeadingElement
| \--> Text
|--> Text
\--> HTMLParagraphElement
|--> Text
|--> HTMLImageElement
\--> Text
Actually, the classes mentioned above are the interfaces for accessing the
DOM. The actual data is stored in *Impl classes, providing the implementation
for all of the above mentioned elements. So internally we have a tree
looking like:
|--> HTMLHeadElementImpl*
| \--> HTMLStyleElementImpl*
| \--> CSSStyleSheetImpl*
\--> HTMLBodyElementImpl*
|--> HTMLHeadingElementImpl*
| \--> TextImpl*
|--> TextImpl*
\--> HTMLParagraphElementImpl*
|--> TextImpl*
|--> HTMLImageElementImpl*
\--> TextImpl*
We use a refcounting scheme to assure, that all the objects get deleted, in
case the root element get deleted (as long as there's no interface class
holding a pointer to the Implementation).
The interface classes (the ones without the Impl) are defined in the <code>dom/</code>
subdirectory, and are not used by khtml itself at all. The only place they are used are in the
javascript bindings, which uses them to access the DOM tree. The big advantage of having this
separation between interface classes and imlementation classes, is that we can have several
interface objects pointing to the same implementation. This implements the requirement of
explicit sharing of the DOM specs.
Another advantage is, that (as the implementation classes are not exported) it gives us a lot
more freedom to make changes in the implementation without breaking binary compatibility.
You will find almost a one to one correspondence between the interface classes and the implementation
classes. In the implementation classes we have added a few more intermediate classes, that can
not be seen from the outside for various reasons (make implementation of shared features easier
or to reduce memory consumption).
In C++, you can access the whole DOM tree from outside KHTML by using the interface classes.
For a description see the <a href="">introduction to khtml</a> on<a href=""></a>.
One thing that has been omitted in the discussion above is the style sheet defined inside the
<code>&lt;style&gt;</code> element (as an example of a style sheet) and the image element
(as an example of an external resource that needs to be loaded). This will be done in the following
two sections.
<h2>CSS</h2> The contents of the <code>&lt;style&gt;</code> element (in this
case the <code>h1 { color: red; }</code> rule) will get passed to the
<a href="html/html_headimpl.h">HTMLStyleElementImpl object</a>. This object creates an
<a href="css/cssstylesheetimpl.h">CSSStyleSheetImpl object</a> and passes the
data to it. The <a href="css/cssparser.h">CSS parser</a> will take
the data, and parse it into a DOM structure for CSS (similar to the one for
HTML, see also the DOM level 2 specs). This will be later on used to define the
look of the HTML elements in the DOM tree.
Actually "later on" is relative, as we will see later, that this happens partly in parallel to
the build up of the DOM tree.
<h2>Loading external objects</h2>
Some HTML elements (as <code>&lt;img&gt;, &lt;link&gt;, &lt;object&gt;, etc.</code>) contain
references to extrenal objects, that have to be loaded. This is done by the
Loader and related classes (misc/loader.*). Objects that might need to load external objects
inherit from <a href="misc/loader_client.h">CachedObjectClient</a>, and can ask
the <a href="misc/loader.h">loader</a> (that also acts as a memory cache) to
download the object they need for them from the web.
Once the <a href="misc/loader.h">loader</a> has the requested object ready, it will notify the
<a href="misc/loader_client.h">CachedObjectClient</a> of this, and the client can
then process the received data.
<h2>Making it visible</h2>
Now once we have the DOM tree, and the associated style sheets and external objects, how
do we get the stuff actually displayed on the screen?
For this we have a rendering engine, that is completely based on CSS. The first
thing that is done is to collect all style sheets that apply to the document
and create a nice list of style rules that need to be applied to the
elements. This is done in the <a href="css/cssstyleselector.h">CSSStyleSelector</a> class.
It takes the <a href="css/html4.css">default HTML style sheet</a> (defined in css/html4.css),
an optional user defined style sheet, and all style sheets from the document,
and combines them to a nice list of parsed style rules (optimised for fast
lookup). The exact rules of how these style sheets should get applied to HTML
or XML documents can be found in the CSS2 specs.
Once we have this list, we can get a <a
href="rendering/render_style.h">RenderStyle object</a>
for every DOM element from the <a
href="css/cssstyleselector.h">CSSStyleSelector</a> by calling
"styleForElement(DOM::ElementImpl *".
The style object describes in a compact form all the
<a href="css/">CSS properties</a>
that should get applied to the Node.
After that, a rendering tree gets built up. Using the style object, the
<a href="xml/dom_nodeimpl.h">DOM Node</a> creates an appropriate render object
(all these are defined in the rendering subdirectory) and adds it to the
rendering tree. This will give another tree like structure, that resembles in
it's general structure the DOM tree, but might have some significant
differences too. First of all, so called
<a href="">anonymous boxes</a> - (see
<a href="">CSS specs</a>) that
have no DOM counterpart might get inserted into the rendering tree to satify
DOM requirements. Second, the display propery of the style affects which type
of rendering object is chosen to represent the current DOM object.
In the above example we would get the following rendering tree:
\--> RenderBody*
|--> RenderFlow* (&lt;H1&gt;)
| \--> RenderText* ("some red text")
|--> RenderFlow* (anonymous box)
| \--> RenderText* ("more text")
\--> RenderFlow* (&lt;P&gt;)
|--> RenderText* ("a paragraph with an")
|--> RenderImage*
\--> RenderText* ("embedded image.")
A call to of <a href="rendering/render_root.cpp">layout()</a> on the
<a href="rendering/render_root.h">RenderRoot </a> (the root of the rendering tree)
object causes the rendering tree to layout itself into the available space
(width) given by the the KHTMLView. After that, the drawContents() method of
KHTMLView can call RenderRoot->print() with appropriate parameters to actually
paint the document. This is not 100% correct, when parsing incrementally, but
is exactly what happens when you resize the document.
As you can see, the conversion to the rendering tree removed the head part of
the HTML code, and inserted an anonymous render object around the string "more
text". For an explanation why this is done, see the CSS specs.
<h2>Directory structure</h2>
A short explanation of the subdirectories in khtml.
<dt><a href="css/">css:</a>
<dd>Contains all the stuff relevant to the CSS part of DOM Level2 (implementation classes only),
the <a href="css/cssparser.h">CSS parser</a>, and the stuff to create
RenderStyle object out of Nodes and the CSS style sheets.
<dt><a href="dom/">dom: </a>
<dd>Contains the external DOM API (the DOM interface classes) for all of the DOM
<dt><a href="ecma/">ecma:</a>
<dd>The javascript bindings to the DOM and khtml.
<dt><a href="html/">html:</a>
<dd>The html subpart of the DOM (implementation only), the HTML tokenizer and parser and a class
that defines the DTD to use for HTML (used mainly in the parser).
<dt><a href="java/">java:</a>
<dd>Java related stuff.
<dt><a href="misc/>misc:</a>
<dd>Some misc stuff needed in khtml. Contains the image loader, some misc definitions and the
decoder class that converts the incoming stream to unicode.
<dt><a href="rendering">rendering:</a>
<dd>Everything thats related to bringing a DOM tree with CSS declarations to the screen. Contains
the definition of the objects used in the rendering tree, the layouting code, and the RenderStyle objects.
<dt><a href="xml/">xml:</a>
<dd>The XML part of the DOM implementation, the xml tokenizer.
<h2>Final words...</h2>
All the above is to give you a quick introduction into the way khtml brings an HTML/XML file to the screen.
It is by no way complete or even 100% correct. I left out many problems, I will perhaps add either on request
or when I find some time to do so. Let me name some of the missing things:
<li>The decoder to convert the incoming stream to Unicode
<li>interaction with konqueror/applications
<li>dynamic reflow and how to use the DOM to manipulate khtmls visual ouput
<li>mouse/event handling
<li>real interactions when parsing incrementally
Still I hope that this short introduction will make it easier for you to get a first hold of khtml and the way it works.
Now before I finish let me add a small <b>warning</b> and <b>advice</b> to all of you who plan hacking khtml themselves:
khtml is by now a quite big library and it takes some time to understand how it works. Don't let yourself get frustrated
if you don't immediatly understand how it works. On the other hand, it is by now one of the libraries that
get used a lot, that probably has the biggest number of remaining bugs (even though it's sometimes hard to
know if some behaviour is really a bug).
Some parts of it's code are however <b>extremely touchy</b> (especially the layouting algorithms),
and making changes there (that might fix a bug on on web page) might introduce severe bugs.
All the people developing khtml have already spend huge amounts of time searching for such bugs,
that only showed up on some web pages, and thus were found only a week after the change that
introduced the bug was made. This can be very frustrating for us, und we'd appreciate if people
that are not completely familiar with khtml post changes touching these critical regions to kfm-devel
for review before applying them.
<div style="margin-top: 2em; font-size: large;">
And now have fun hacking khtml.
<div style="margin-left: 10em; margin-bottom: 1em;">Lars</div>
# This file is part of the KDE libraries
# Copyright (C) 1997 Martin Jones (
# (C) 1997 Torben Weis (
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Library General Public
# License as published by the Free Software Foundation; either
# version 2 of the License, or (at your option) any later version.
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# Library General Public License for more details.
# You should have received a copy of the GNU Library General Public License
# along with this library; see the file COPYING.LIB. If not, write to
# the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
# Boston, MA 02111-1307, USA.
# for profiling.
# command line for line by line profiling (into seperate files):
# gprof -l -y
# AM_CXXFLAGS += -pg
SUBDIRS = misc dom css xml html rendering pics java . ecma
libkhtml_la_SOURCES = khtmlview.cpp khtml_part.cpp khtml_run.cpp khtml_factory.cpp \
khtml_events.cpp khtml_find.cpp khtml_ext.cpp khtml_pagecache.cpp
libkhtml_la_METASOURCES = AUTO
include_HEADERS = khtmlview.h khtml_part.h khtml_events.h khtml_settings.h khtmldefaults.h
noinst_HEADERS = design.h testkhtml.h testrender.h khtml_find.h khtml_ext.h khtml_pagecache.h \
libkhtml_la_LDFLAGS = -version-info 3:0 -module -no-undefined $(all_libraries)
libkhtml_la_LIBADD = ./xml/ ./html/ \
./rendering/ ./css/ \
./misc/ ./dom/ ./java/ \
../kio/ \
$(top_builddir)/kparts/ \
$(top_builddir)/kfile/ \
$(top_builddir)/kssl/ \
libkhtmlimage_la_SOURCES = khtmlimage.cpp
libkhtmlimage_la_LDFLAGS = $(KDE_PLUGIN) $(all_libraries)
libkhtmlimage_la_LIBADD =
INCLUDES = -I$(top_srcdir)/kjs -I$(top_srcdir)/kimgio -I$(top_srcdir)/kio \
-I$(srcdir)/java -I$(top_srcdir)/dcop -I$(srcdir)/misc \
-I$(srcdir)/dom -I$(srcdir)/xml -I$(srcdir)/html -I$(srcdir)/css \
-I$(top_srcdir)/kfile -I$(top_srcdir)/libltdl \
-I$(top_srcdir)/kssl -I$(top_srcdir)/kdeprint \
-I$(top_srcdir) $(all_includes)
servicedir = $(kde_servicesdir)
service_DATA = khtml.desktop khtmlimage.desktop
rcdir = $(kde_datadir)/khtml
rc_DATA = khtml.rc khtml_browser.rc khtml_popupmenu.rc
## generate lib documentation
$(mkinstalldirs) $(SRCDOC_DEST)
kdoc -H -d $(SRCDOC_DEST) kdecore \
$(include_HEADERS) -lqt
cd $(srcdir) && \
perl scripts/makeattrs && \
bash scripts/maketags && \
bash scripts/makeprop
## test program
check_PROGRAMS = testkhtml testcss testrender testkhtml_static
testkhtml_SOURCES = testkhtml.cpp domtreeview.cpp
testkhtml_LDADD =
testkhtml_static_SOURCES = testkhtml.cpp domtreeview.cpp $(libkhtml_la_SOURCES)
testkhtml_static_LDADD = $(LIB_KDEUI) $(libkhtml_la_LIBADD)
testcss_SOURCES = testcss.cpp
testcss_LDADD =
testrender_SOURCES = testrender.cpp
testrender_LDADD =
The first version was written by
Torben Weis <>
It was extended by
Josip A. Gracin <>,
Martin Jones <>,
Waldo Bastian <>
Lars Knoll <>
Antti Koivisto <>
Dirk Mueller <>
Peter Kelly <>
It is currently primarily maintained and developed by
Lars Knoll, Dirk Mueller and Antti Koivisto.
Revision History
This library is called libkhtml.
This library used to be called libkhtmlw. With the release of KDE 1.1 a
source incompatible version called libkhtml has been created.
libkhtmlw will not be maintained any more, all application writers are
urgently requested to make use of the new libkhtml library.
Starting Point
You can add the widget to your program by doing something like:
#include <khtml.h>
KHTMLWidget *view = new KHTMLWidget( parent, "Name" );
view->begin( "file:/tmp/test.html" );
view->write( "<HTML><TITLE>...." );
view->write( "..." );
view->write( "</HTML>" );
After doing this, control must be returned to the event loop as the HTML
is parsed in the background using a Qt timer.
For more information see the full documentation in JavaDoc format included
in the header files.
All tags known by KHTML are listed in
The maketags script generates a header file from this list.
It also makes a gperf input file. gperf is than used to create
the khtmltags.c file which contains a (almost) perfect hash
function for recognizing HTML-tags.
The HTML-tokenizer converts during parsing all tags to numeric
tag-IDs. These IDs can then be used to select functions fast and
to look up relevant CSS data.
khtmlparser.cpp contains a jump-table which indexes from tag-ID
to the relevant tag-open and tag-close functions. A 0-entry means
that no function should be called for this tag.
If you want to add a new tag, you can do so in the file "".
Please keep this file sorted. You then have to run ./maketags to
generate a new khtmltags.h and a new hash-function so that the new tag
will be recognized. Then you should manually update the jumptable in
"khtmlparer.cpp". If you do not want to implement the tag you can add
an entry for the tag at the right position and fill it with two zeros.
This document contains internet security issues. Discussion of security
issues should be directed to
Note to KDE-developers: When adding entries to this document, provide name,
date and additional URLs.
Malicious Redirects
Entry By: Waldo Bastian <>
Created: May 9th, 2000
See also:
I advice the following:
* We should never allow a redirect from a HTTP to any other protocol, including
HTTPS. (OK. The current implementation does not allow redirects to other
* We should provide a HTTP referer header iff the referer is on the same host
as the requested object. (We currently don't support referer headers)
* Either a) Don't allow POST or GET actions from javascript.
or b) _Always_ ask the user for confirmation when javascript requests a
POST or GET action.
Additional note: Simple requests for e.g. images are also GET actions,
disabling them would break a lot of javascript scripts.
SSL certificates
Entry By: Waldo Bastian <>
Created: May 13th, 2000
See also:
We never check SSL certificates. This makes https just as insecure as http.
Entry By: Peter Kelly <>
Created: May 26th, 2000
See also:
(chapter 14)
Before KDE 2.0 is released we *MUST* make sure there are checks in place for
what DOM properties are accessable/writable for the ECMAScript binding. Otherwise
malicious page authors may be able to access/set cookies from other sites, create
auto-submitting forms that upload files, and a whole host of other attacks. The
URL above has information about what properties netscape gives protection to.
We will need to make sure we do this at the right level, as if it is done too
close to the ECMAScript binding, there could be loopholes such as using
getAttributeNode(), etc to fool it into letting a script change the wrong properties.
Here's what's still missing (without order):
* text-align: Justify missing
* allow font elements in a block level context.
* @ rules in sheets
* lots of properties
* delete the old cssproperties in a style attribute in case
the style attribute changes.
* border shorthand properties. Unspecified properties get their default
values. border-width: medium; border-color: undefined (== text color)
* some functions in the Impl classes
* fix the set/retrieve functions, which use boolean values
-->> mostly done, still need to fix parseAttribute() calls
* DOM level 2
* DOM stylesheets, changes need to trigger the appropriate changes
in the rendering tree