Commit bf066274 authored by darin's avatar darin

LayoutTests:

        Reviewed by Darin.

        - Tests for http://bugzilla.opendarwin.org/show_bug.cgi?id=6314
        Unclosed <style> element in <head> makes page completely blank

        * fast/js/exception-linenums-in-html-3-expected.txt: Added.
        * fast/js/exception-linenums-in-html-3.html: Added.

        Identical to fast/js/exception-linenums-in-html-1.html except that it contains
        an unclosed <style> tag, which causes the code path for Bug 6314 to be tested.

        * fast/js/missing-style-end-tag-js-expected.txt: Added.
        * fast/js/missing-style-end-tag-js.html: Added.

        While developing a fix for Bug 6314, a state variable (scriptCodeSize) was not
        reset in the tokenizer causing the next <script></script> tags to contain the
        entire contents of the document after the open <title> tag.  This test case
        tests for that condition.

        * fast/tokenizer/missing-style-end-tag-1-expected.checksum: Added.
        * fast/tokenizer/missing-style-end-tag-1-expected.png: Added.
        * fast/tokenizer/missing-style-end-tag-1-expected.txt: Added.
        * fast/tokenizer/missing-style-end-tag-1.html: Added.
        * fast/tokenizer/missing-style-end-tag-2-expected.checksum: Added.
        * fast/tokenizer/missing-style-end-tag-2-expected.png: Added.
        * fast/tokenizer/missing-style-end-tag-2-expected.txt: Added.
        * fast/tokenizer/missing-style-end-tag-2.html: Added.

        The first test case contains an unclosed <style> tag in <head>, while the
        second test case contains an unclosed <style> tag in <body>.  These two test
        cases result in different code paths being taken.

WebCore:

        Reviewed by Darin.

        - Fix for http://bugzilla.opendarwin.org/show_bug.cgi?id=6314
        Unclosed <style> element in <head> makes page completely blank

        Test: fast/js/exception-linenums-in-html-3.html
        Test: fast/js/missing-style-end-tag-js.html
        Test: fast/tokenizer/missing-style-end-tag-1.html
        Test: fast/tokenizer/missing-style-end-tag-2.html

        * khtml/html/htmlparser.cpp:
        (WebCore::HTMLParser::handleError): Add check for missing </style> tag and handle
        this condition if identified.
        * khtml/html/htmltokenizer.cpp:
        (WebCore::HTMLTokenizer::parseTag): If parseSpecial() consumes the rest of the
        document looking for a </style> tag, reset the state of the tokenizer and
        retokenize with no special handling for <style>.  The parser will handle the
        missing </style> tag in HTMLParser::handleError().



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@13381 268f45cc-cd09-0410-ab3c-d52691b4dbfc
parent 3353029e
2006-03-18 David Kilzer <ddkilzer@kilzer.net>
Reviewed by Darin.
- Tests for http://bugzilla.opendarwin.org/show_bug.cgi?id=6314
Unclosed <style> element in <head> makes page completely blank
* fast/js/exception-linenums-in-html-3-expected.txt: Added.
* fast/js/exception-linenums-in-html-3.html: Added.
Identical to fast/js/exception-linenums-in-html-1.html except that it contains
an unclosed <style> tag, which causes the code path for Bug 6314 to be tested.
* fast/js/missing-style-end-tag-js-expected.txt: Added.
* fast/js/missing-style-end-tag-js.html: Added.
While developing a fix for Bug 6314, a state variable (scriptCodeSize) was not
reset in the tokenizer causing the next <script></script> tags to contain the
entire contents of the document after the open <title> tag. This test case
tests for that condition.
* fast/tokenizer/missing-style-end-tag-1-expected.checksum: Added.
* fast/tokenizer/missing-style-end-tag-1-expected.png: Added.
* fast/tokenizer/missing-style-end-tag-1-expected.txt: Added.
* fast/tokenizer/missing-style-end-tag-1.html: Added.
* fast/tokenizer/missing-style-end-tag-2-expected.checksum: Added.
* fast/tokenizer/missing-style-end-tag-2-expected.png: Added.
* fast/tokenizer/missing-style-end-tag-2-expected.txt: Added.
* fast/tokenizer/missing-style-end-tag-2.html: Added.
The first test case contains an unclosed <style> tag in <head>, while the
second test case contains an unclosed <style> tag in <body>. These two test
cases result in different code paths being taken.
2006-03-18 Alexey Proskuryakov <ap@nypop.com>
Reviewed by Darin.
......
This test exercises the source URL and line number that is embedded in JavaScript exceptions, which is displayed in places like the JavaScript console. It differs from exception-linenums-in-html-1.html in that it only works if Bugzilla Bug 6314 has been fixed.
On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
PASS typeof e.sourceURL is "string"
PASS e.line is 23
PASS typeof e.sourceURL is "string"
PASS e.line is 33
PASS typeof e.sourceURL is "string"
PASS e.line is 43
PASS typeof e.sourceURL is "string"
PASS e.line is 53
PASS typeof e.sourceURL is "string"
PASS e.line is 16
PASS successfullyParsed is true
TEST COMPLETE
<html>
<head>
<style>
body { white-space: normal; }
<link rel="stylesheet" href="resources/js-test-style.css">
<script src="resources/js-test-pre.js"></script>
</head>
<body>
<p id="description"></p>
<div id="console"></div>
<script>
description('This test exercises the source URL and line number that is embedded in JavaScript exceptions, which is displayed in places like the JavaScript console. It differs from <span style="font-family: monospace;">exception-linenums-in-html-1.html</span> in that it only works if <a href="http://bugzilla.opendarwin.org/show_bug.cgi?id=6314">Bugzilla Bug 6314</a> has been fixed.');
function exceptionInFunction()
{
throw Exception();
}
var e = undefined;
try {
// Raises an exception that gets picked up by KJS_CHECKEXCEPTION
document.documentElement.innerHTML(foo);
} catch (exception) {
e = exception;
}
shouldBe("typeof e.sourceURL", '"string"');
shouldBe("e.line", '23');
e = undefined;
try {
// Raises an exception that gets picked up by KJS_CHECKEXCEPTIONVALUE
document.documentElement.appendChild('').prefix = '';
} catch (exception) {
e = exception;
}
shouldBe("typeof e.sourceURL", '"string"');
shouldBe("e.line", '33');
e = undefined;
try {
// Raises an exception that gets picked up by KJS_CHECKEXCEPTIONREFERENCE
document.documentElement.appendChild('').innerHTML = '';
} catch (exception) {
e = exception;
}
shouldBe("typeof e.sourceURL", '"string"');
shouldBe("e.line", '43');
e = undefined;
try {
// Raises an exception that gets picked up by KJS_CHECKEXCEPTIONLIST
document.getElementById(1());
} catch (exception) {
e = exception;
}
shouldBe("typeof e.sourceURL", '"string"');
shouldBe("e.line", '53');
e = undefined;
// Raises an exception inside a function to check that its line number
// isn't overwritten in the assignment node.
try {
var a = exceptionInFunction();
} catch (exception) {
e = exception;
}
shouldBe("typeof e.sourceURL", '"string"');
shouldBe("e.line", '16');
var successfullyParsed = true;
</script>
<script src="resources/js-test-post.js"></script>
</body>
</html>
This test checks that the first <script> tag after an unclosed <style> tag is parsed correctly. Early versions of the patch for Bugzilla Bug 6314 did not reset a state variable properly, causing the first <script></script> tag in the document to contain everything after the <style> tag.
This text should also be blue.
On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
PASS successfullyParsed is true
TEST COMPLETE
<html>
<head>
<style>
.different { color: #0000ff; }
<link rel="stylesheet" href="resources/js-test-style.css">
<script>
var successfullyParsed = true;
if (window.layoutTestController) {
layoutTestController.dumpAsText();
layoutTestController.dumpPixels();
}
</script>
<script src="resources/js-test-pre.js"></script>
</head>
<body>
<p id="description"></p>
<div id="console"></div>
<script>
description('This test checks that the first &lt;script&gt; tag after an unclosed &lt;style&gt; tag is parsed correctly. Early versions of the patch for <a href="http://bugzilla.opendarwin.org/show_bug.cgi?id=6314">Bugzilla Bug 6314</a> did not reset a state variable properly, causing the first &lt;script&gt;&lt;/script&gt; tag in the document to contain everything after the &lt;style&gt; tag. <p class="different">This text should also be blue.</p>');
</script>
<script src="resources/js-test-post.js"></script>
</body>
</html>
b2143a64532af6bc89a2baf5f5c82ee9
\ No newline at end of file
layer at (0,0) size 800x600
RenderCanvas at (0,0) size 800x600
layer at (0,0) size 800x600
RenderBlock {HTML} at (0,0) size 800x600
RenderBody {BODY} at (8,8) size 784x579
RenderBlock {DIV} at (0,0) size 784x36
RenderText {TEXT} at (0,0) size 779x36
text run at (0,0) width 332: "This document is missing its </style> tag in its head. "
text run at (332,0) width 447: "The tokenizer should retokenize this document after consuming all of it"
text run at (0,18) width 504: "looking for the missing end tag, then let the parser clean up the missing tag. See "
RenderInline {A} at (0,0) size 120x18 [color=#0000EE]
RenderText {TEXT} at (504,18) size 120x18
text run at (504,18) width 120: "Bugzilla Bug 6314"
RenderText {TEXT} at (624,18) size 4x18
text run at (624,18) width 4: "."
RenderBlock {P} at (0,49) size 784x15
RenderText {TEXT} at (0,0) size 280x15
text run at (0,0) width 280: "This text should also be monospace."
<html>
<head>
<style>
p { font-family: monospace; }
</head>
<body>
<div>This document is missing its &lt;/style&gt; tag in its head. The tokenizer should retokenize
this document after consuming all of it looking for the missing end tag, then let the parser clean
up the missing tag.
See <a href="http://bugzilla.opendarwin.org/show_bug.cgi?id=6314">Bugzilla Bug 6314</a>.</div>
<p>This text should also be monospace.</p>
</body>
</html>
f8f76ddf9c676bfec58b9dff1580aaa2
\ No newline at end of file
layer at (0,0) size 800x600
RenderCanvas at (0,0) size 800x600
layer at (0,0) size 800x600
RenderBlock {HTML} at (0,0) size 800x600
RenderBody {BODY} at (8,8) size 784x579
RenderBlock {DIV} at (0,0) size 784x36
RenderText {TEXT} at (0,0) size 781x36
text run at (0,0) width 334: "This document is missing its </style> tag in its body. "
text run at (334,0) width 447: "The tokenizer should retokenize this document after consuming all of it"
text run at (0,18) width 504: "looking for the missing end tag, then let the parser clean up the missing tag. See "
RenderInline {A} at (0,0) size 120x18 [color=#0000EE]
RenderText {TEXT} at (504,18) size 120x18
text run at (504,18) width 120: "Bugzilla Bug 6314"
RenderText {TEXT} at (624,18) size 4x18
text run at (624,18) width 4: "."
RenderBlock {P} at (0,49) size 784x15
RenderText {TEXT} at (0,0) size 280x15
text run at (0,0) width 280: "This text should also be monospace."
<html>
<head>
</head>
<body>
<style>
p { font-family: monospace; }
<div>This document is missing its &lt;/style&gt; tag in its body. The tokenizer should retokenize
this document after consuming all of it looking for the missing end tag, then let the parser clean
up the missing tag.
See <a href="http://bugzilla.opendarwin.org/show_bug.cgi?id=6314">Bugzilla Bug 6314</a>.</div>
<p>This text should also be monospace.</p>
</body>
</html>
2006-03-15 Rob Buis <buis@kde.org>
2006-03-18 David Kilzer <ddkilzer@kilzer.net>
Reviewed by Darin.
- Fix for http://bugzilla.opendarwin.org/show_bug.cgi?id=6314
Unclosed <style> element in <head> makes page completely blank
Test: fast/js/exception-linenums-in-html-3.html
Test: fast/js/missing-style-end-tag-js.html
Test: fast/tokenizer/missing-style-end-tag-1.html
Test: fast/tokenizer/missing-style-end-tag-2.html
* khtml/html/htmlparser.cpp:
(WebCore::HTMLParser::handleError): Add check for missing </style> tag and handle
this condition if identified.
* khtml/html/htmltokenizer.cpp:
(WebCore::HTMLTokenizer::parseTag): If parseSpecial() consumes the rest of the
document looking for a </style> tag, reset the state of the tokenizer and
retokenize with no special handling for <style>. The parser will handle the
missing </style> tag in HTMLParser::handleError().
2006-03-18 Rob Buis <buis@kde.org>
Reviewed by Darin.
......@@ -468,7 +468,7 @@ bool HTMLParser::handleError(NodeImpl* n, bool flat, const AtomicString& localNa
}
}
} else if (h->hasLocalName(addressTag) || h->hasLocalName(dlTag) || h->hasLocalName(dtTag)
|| h->hasLocalName(fontTag) || h->hasLocalName(titleTag)) {
|| h->hasLocalName(fontTag) || h->hasLocalName(styleTag) || h->hasLocalName(titleTag)) {
popBlock(currentTagName);
handled = true;
} else if (h->hasLocalName(captionTag)) {
......
......@@ -1252,8 +1252,20 @@ HTMLTokenizer::State HTMLTokenizer::parseTag(SegmentedString &src, State state)
if (beginTag) {
searchStopper = styleEnd;
searchStopperLen = 7;
State savedState = state;
SegmentedString savedSrc = src;
long savedLineno = lineno;
state.setInStyle(true);
state = parseSpecial(src, state);
if (state.inStyle() && src.isEmpty()) {
// We just ate the rest of the document as the style #text node!
// Reset the state then retokenize without special style handling.
// Let the html parser clean up the missing </style> tag.
state = savedState;
src = savedSrc;
lineno = savedLineno;
scriptCodeSize = 0;
}
}
} else if (tagName == textareaTag) {
if (beginTag) {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment