mirror of
https://gitlab.winehq.org/wine/wine-gecko.git
synced 2024-09-13 09:24:08 -07:00
Bug 650501 - Avoid assuming that a parser object has a non-null content sink when an attempt to execute a script is made. r=Olli.Pettay.
This commit is contained in:
parent
c63d7da1cd
commit
183870ea59
@ -166,13 +166,15 @@ nsScriptElement::MaybeProcessScript()
|
||||
mAlreadyStarted = PR_TRUE;
|
||||
|
||||
nsIDocument* ownerDoc = cont->GetOwnerDoc();
|
||||
nsCOMPtr<nsIParser> parser = ((nsIScriptElement*)this)->GetCreatorParser();
|
||||
nsCOMPtr<nsIParser> parser = ((nsIScriptElement*) this)->GetCreatorParser();
|
||||
if (parser) {
|
||||
nsCOMPtr<nsIDocument> parserDoc =
|
||||
do_QueryInterface(parser->GetContentSink()->GetTarget());
|
||||
if (ownerDoc != parserDoc) {
|
||||
// Willful violation of HTML5 as of 2010-12-01
|
||||
return NS_OK;
|
||||
nsCOMPtr<nsIContentSink> sink = parser->GetContentSink();
|
||||
if (sink) {
|
||||
nsCOMPtr<nsIDocument> parserDoc = do_QueryInterface(sink->GetTarget());
|
||||
if (ownerDoc != parserDoc) {
|
||||
// Willful violation of HTML5 as of 2010-12-01
|
||||
return NS_OK;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
22
parser/htmlparser/tests/crashtests/650501-1.xhtml
Normal file
22
parser/htmlparser/tests/crashtests/650501-1.xhtml
Normal file
@ -0,0 +1,22 @@
|
||||
|
||||
<html xmlns="http://www.w3.org/1999/xhtml">
|
||||
<head>
|
||||
<script>
|
||||
<![CDATA[
|
||||
|
||||
function boom()
|
||||
{
|
||||
var a = document.createElement("div");
|
||||
a.innerHTML = "<script>1;<\/script>";
|
||||
|
||||
var b = document.createElement("div")
|
||||
try { b.innerHTML = "<"; } catch (invalidXML) { }
|
||||
|
||||
document.documentElement.appendChild(a);
|
||||
}
|
||||
|
||||
]]>
|
||||
</script>
|
||||
</head>
|
||||
<body onload="boom();"></body>
|
||||
</html>
|
@ -46,3 +46,4 @@ load 563514-1.html
|
||||
load 574884-1.html
|
||||
load 574884-2.html
|
||||
load 591330-1.html
|
||||
load 650501-1.xhtml
|
||||
|
Loading…
Reference in New Issue
Block a user