[Webkit-unassigned] [Bug 35284] The libxml WebKit used may create multiple CDATA sections for original single CDATA section, which may break some web apps

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Feb 23 03:17:38 PST 2010 

https://bugs.webkit.org/show_bug.cgi?id=35284


Johnny Ding <jnd at chromium.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |darin at apple.com,
                   |                            |jnd at chromium.org




--- Comment #3 from Johnny Ding <jnd at chromium.org>  2010-02-23 03:17:38 PST ---
Thanks Mark!
I am preparing to file a bug to libxml2. But I think both libxml2 and WebKit
all need to change.

I use xmllint(libxml2 v2.7.6) to debug the parser of libxml2 by using push mode
(WebKit also uses push mode), the results are good for my above test case, no
multiple cdata sections are generated. After digging in the libxml2 code, I
found different behaviorbetween libxml2 default SAX cdataBlock handler and
WebKit XMLTokenizer::cdataBlock.

In libxml2 default SAX cdataBlock (SAX2.c, line 2679), it checked whether last
child node was CDATA section. If yes, it appended the current contents of CDATA
section to the last CDATA section node. If not, it created a new CDATA section
node. That was why there was no multiple CDATA section generated by xmllint.
But this behavior would cause another issue, multiple adjacent CDATA sections
would automatically combine to one single CDATA sections, which also did not
exactly reappear the original xml structure.

In XMLTokenizer::cdataBlock(XMLTokenizerlibxml2.cpp, line 956), it didn't check
whether the previous node (last child node) was CDATA section and try to merge
them if yes. So WebKit got multiple CDATA sections for single CDATA section.

I will file a bug to libxml2 to propose solutions to let libxml2 parse out
exact reappearance of the original xml structure. Then may change the
XMLTokenizer::cdataBlock to correct the wrong behavior.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list