[Webkit-unassigned] [Bug 33920] New: dispatchDocumentElementAvailable is fired for fragment parsing on XML and XHTML documents
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Jan 20 14:54:34 PST 2010
https://bugs.webkit.org/show_bug.cgi?id=33920
Summary: dispatchDocumentElementAvailable is fired for fragment
parsing on XML and XHTML documents
Product: WebKit
Version: 528+ (Nightly build)
Platform: PC
OS/Version: Mac OS X 10.5
Status: NEW
Severity: Normal
Priority: P2
Component: Layout and Rendering
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: mpcomplete at chromium.org
CC: hyatt at apple.com
Repro:
1. Visit an XHTML page, eg http://sorryrobot.com/chrometest.php
2. Put a breakpoint in dispatchDocumentElementAvailable.
3. Run this javascript URL:
javascript:var div = document.createElement('div');div.innerHTML =
'<p>hi</p>';
4. Breakpoint is hit.
This causes user scripts to get injected when they shouldn't. If the user
script contains javascript similar to #3, it will infinitely reinject itself.
I think the fix is simple. Adding a check for "!m_parsingFragment" to
XMLTokenizer::startElementNs before calling dispatchDocumentElementAvailable
seems to do the trick. It will just take me a bit to write a suitable test.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list