Closed
Bug 500616
Opened 15 years ago
Closed 15 years ago
[HTML5] alert() might fire parser continue events from within script
Categories
(Core :: DOM: HTML Parser, defect, P4)
Tracking
()
RESOLVED
FIXED
People
(Reporter: hsivonen, Assigned: hsivonen)
Details
Attachments
(1 file)
|
(deleted),
patch
|
mozilla+ben
:
review+
|
Details | Diff | Splinter Review |
(In reply to bug 487949 comment #71)
> (In reply to bug 487949 comment #63)
> > No, there may still be unparsed data in the buffer chain if the caller did:
> > document.write("<script></script>trailing data");
> > document.close();
> >
> > Even without trailing data, posting a continue event ensures that onload is
> > fired from the event loop rather than from within a script.
>
> This is a drive-by comment, and may not apply... Just posting an event may not
> be enough here since modal dialogs etc process events, so a nested
> document.write() that causes a continue event to be posted and then does
> alert("foo") could process that event from within the script.
It's unclear if this is a problem. Need to investigate if it is.
|
Assignee | |
Comment 1•15 years ago
|
||
I'm pretty sure that after bug 503473, this isn't a problem for non-script-created parsers. However, in the case of script-created parsers, it might be necessary to deflect continue events if the parser is on the stack and have them flip a bit on the parser. Then, when the parser returns later, it should check the flag and re-post the event.
|
|
Assignee | |
Comment 2•15 years ago
|
||
Thinking more about the script-created case:
Only document.write() and document.close() feed data to the parser. They both tokenize to completion or until a script blocks.
If they tokenize to completion, no continue event is needed. If a script blocks, nsContentSink posts a runnable for continuing when the script has run, no parser-level continue event is needed.
If a nested event loop is created on </script>, there will be an nsContentSink-level continue runnable when the script has run, so that guarantees that the parse continues.
If something other than </script> creates a nested event loop, the parser is running document.write() or document.close() to completion or a subsequent script, so there's no need for a continue event.
Unless I'm missing something, it seems to me nsHtml5Parser-level continue events can be removed altogether.
|
|
Assignee | |
Comment 3•15 years ago
|
||
|
||
Comment 4•15 years ago
|
||
Comment on attachment 410764 [details] [diff] [review]
Remove continue event from nsHtml5Parser
Glad to see this go!
Attachment #410764 -
Flags: review?(bnewman) → review+
|
|
Assignee | |
Updated•15 years ago
|
Priority: -- → P4
|
||
Comment 5•15 years ago
|
||
a=beltzner to land on mozilla-central as this is pref'd off by default and so I'm happy to consider it NPOTB for now.
|
|
Assignee | |
Comment 6•15 years ago
|
||
Thanks for r & a. Pushed:
http://hg.mozilla.org/mozilla-central/rev/f4c2cd474968
Status: ASSIGNED → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•