diff options
Diffstat (limited to 'Source/WebCore/html/parser/HTMLDocumentParser.cpp')
-rw-r--r-- | Source/WebCore/html/parser/HTMLDocumentParser.cpp | 24 |
1 files changed, 19 insertions, 5 deletions
diff --git a/Source/WebCore/html/parser/HTMLDocumentParser.cpp b/Source/WebCore/html/parser/HTMLDocumentParser.cpp index 93e1309..2fe9486 100644 --- a/Source/WebCore/html/parser/HTMLDocumentParser.cpp +++ b/Source/WebCore/html/parser/HTMLDocumentParser.cpp @@ -39,7 +39,6 @@ #include "InspectorInstrumentation.h" #include "NestingLevelIncrementer.h" #include "Settings.h" -#include "XSSAuditor.h" #include <wtf/CurrentTime.h> #ifdef ANDROID_INSTRUMENT @@ -85,6 +84,7 @@ HTMLDocumentParser::HTMLDocumentParser(HTMLDocument* document, bool reportErrors , m_scriptRunner(HTMLScriptRunner::create(document, this)) , m_treeBuilder(HTMLTreeBuilder::create(this, document, reportErrors, usePreHTML5ParserQuirks(document))) , m_parserScheduler(HTMLParserScheduler::create(this)) + , m_xssFilter(this) , m_endWasDelayed(false) , m_writeNestingLevel(0) { @@ -96,6 +96,7 @@ HTMLDocumentParser::HTMLDocumentParser(DocumentFragment* fragment, Element* cont : ScriptableDocumentParser(fragment->document()) , m_tokenizer(HTMLTokenizer::create(usePreHTML5ParserQuirks(fragment->document()))) , m_treeBuilder(HTMLTreeBuilder::create(this, fragment, contextElement, scriptingPermission, usePreHTML5ParserQuirks(fragment->document()))) + , m_xssFilter(this) , m_endWasDelayed(false) , m_writeNestingLevel(0) { @@ -230,8 +231,13 @@ void HTMLDocumentParser::pumpTokenizer(SynchronousMode mode) if (!m_treeBuilder->isParsingFragment() && document()->frame() && document()->frame()->navigationScheduler()->locationChangePending()) break; + + m_sourceTracker.start(m_input, m_token); if (!m_tokenizer->nextToken(m_input.current(), m_token)) break; + m_sourceTracker.end(m_input, m_token); + + m_xssFilter.filterToken(m_token); m_treeBuilder->constructTreeFromToken(m_token); m_token.clear(); @@ -274,7 +280,12 @@ void HTMLDocumentParser::pumpTokenizer(SynchronousMode mode) bool HTMLDocumentParser::hasInsertionPoint() { - return m_input.hasInsertionPoint(); + // FIXME: The wasCreatedByScript() branch here might not be fully correct. + // Our model of the EOF character differs slightly from the one in + // the spec because our treatment is uniform between network-sourced + // and script-sourced input streams whereas the spec treats them + // differently. + return m_input.hasInsertionPoint() || (wasCreatedByScript() && !m_input.haveSeenEndOfFile()); } void HTMLDocumentParser::insert(const SegmentedString& source) @@ -414,6 +425,11 @@ bool HTMLDocumentParser::inScriptExecution() const return m_scriptRunner->isExecutingScript(); } +String HTMLDocumentParser::sourceForToken(const HTMLToken& token) +{ + return m_sourceTracker.sourceForToken(token); +} + int HTMLDocumentParser::lineNumber() const { return m_tokenizer->lineNumber(); @@ -460,9 +476,7 @@ void HTMLDocumentParser::stopWatchingForLoad(CachedResource* cachedScript) bool HTMLDocumentParser::shouldLoadExternalScriptFromSrc(const AtomicString& srcValue) { - if (!xssAuditor()) - return true; - return xssAuditor()->canLoadExternalScriptFromSrc(srcValue); + return document()->contentSecurityPolicy()->canLoadExternalScriptFromSrc(srcValue); } void HTMLDocumentParser::notifyFinished(CachedResource* cachedResource) |