[SCM] WebKit Debian packaging branch, debian/unstable, updated. debian/1.1.15-1-40151-g37bb677
hyatt
hyatt at 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Sat Sep 26 07:43:37 UTC 2009
The following commit has been merged in the debian/unstable branch:
commit aaedfd50a81647639f1e92888484c5184d8d4c69
Author: hyatt <hyatt at 268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Fri May 30 17:41:36 2003 +0000
Fix for 3263156, stack overflow at www.liceo.edu.mx. This
site nests about 500 bold tags, only closes some of them,
and then opens 500 more, etc.
The fix for this problem is to stop honoring tags in the parser
after you see 20 identical tags. We do this only for fontstyle HTML
tags.
Reviewed by john/darin
* khtml/html/htmlparser.cpp:
(KHTMLParser::getElement):
(KHTMLParser::allowNestedRedundantTag):
* khtml/html/htmlparser.h:
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@4455 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/WebCore/ChangeLog-2003-10-25 b/WebCore/ChangeLog-2003-10-25
index 2ec0360..99350b8 100644
--- a/WebCore/ChangeLog-2003-10-25
+++ b/WebCore/ChangeLog-2003-10-25
@@ -1,3 +1,20 @@
+2003-05-29 David Hyatt <hyatt at apple.com>
+
+ Fix for 3263156, stack overflow at www.liceo.edu.mx. This
+ site nests about 500 bold tags, only closes some of them,
+ and then opens 500 more, etc.
+
+ The fix for this problem is to stop honoring tags in the parser
+ after you see 20 identical tags. We do this only for fontstyle HTML
+ tags.
+
+ Reviewed by john/darin
+
+ * khtml/html/htmlparser.cpp:
+ (KHTMLParser::getElement):
+ (KHTMLParser::allowNestedRedundantTag):
+ * khtml/html/htmlparser.h:
+
2003-05-30 John Sullivan <sullivan at apple.com>
Reviewed by Chris
diff --git a/WebCore/ChangeLog-2005-08-23 b/WebCore/ChangeLog-2005-08-23
index 2ec0360..99350b8 100644
--- a/WebCore/ChangeLog-2005-08-23
+++ b/WebCore/ChangeLog-2005-08-23
@@ -1,3 +1,20 @@
+2003-05-29 David Hyatt <hyatt at apple.com>
+
+ Fix for 3263156, stack overflow at www.liceo.edu.mx. This
+ site nests about 500 bold tags, only closes some of them,
+ and then opens 500 more, etc.
+
+ The fix for this problem is to stop honoring tags in the parser
+ after you see 20 identical tags. We do this only for fontstyle HTML
+ tags.
+
+ Reviewed by john/darin
+
+ * khtml/html/htmlparser.cpp:
+ (KHTMLParser::getElement):
+ (KHTMLParser::allowNestedRedundantTag):
+ * khtml/html/htmlparser.h:
+
2003-05-30 John Sullivan <sullivan at apple.com>
Reviewed by Chris
diff --git a/WebCore/khtml/html/htmlparser.cpp b/WebCore/khtml/html/htmlparser.cpp
index eee62de..d32614a 100644
--- a/WebCore/khtml/html/htmlparser.cpp
+++ b/WebCore/khtml/html/htmlparser.cpp
@@ -1021,7 +1021,9 @@ NodeImpl *KHTMLParser::getElement(Token* t)
case ID_STRIKE:
case ID_BIG:
case ID_SMALL:
-
+ if (!allowNestedRedundantTag(t->id))
+ return 0;
+ // Fall through and get handled with the rest of the tags
// %phrase
case ID_EM:
case ID_STRONG:
@@ -1079,6 +1081,20 @@ NodeImpl *KHTMLParser::getElement(Token* t)
return n;
}
+#define MAX_REDUNDANT 20
+
+bool KHTMLParser::allowNestedRedundantTag(int _id)
+{
+ // www.liceo.edu.mx is an example of a site that achieves a level of nesting of
+ // about 1500 tags, all from a bunch of <b>s. We will only allow at most 20
+ // nested tags of the same type before just ignoring them all together.
+ int i = 0;
+ for (HTMLStackElem* curr = blockStack;
+ i < MAX_REDUNDANT && curr && curr->id == _id;
+ curr = curr->next, i++);
+ return i != MAX_REDUNDANT;
+}
+
void KHTMLParser::processCloseTag(Token *t)
{
// support for really broken html. Can't believe I'm supporting such crap (lars)
diff --git a/WebCore/khtml/html/htmlparser.h b/WebCore/khtml/html/htmlparser.h
index be98c79..4f2a113 100644
--- a/WebCore/khtml/html/htmlparser.h
+++ b/WebCore/khtml/html/htmlparser.h
@@ -131,6 +131,8 @@ protected:
bool isAffectedByResidualStyle(int _id);
void handleResidualStyleCloseTagAcrossBlocks(HTMLStackElem* elem);
void reopenResidualStyleTags(HTMLStackElem* elem, bool inMalformedTable);
+
+ bool allowNestedRedundantTag(int _id);
ushort *forbiddenTag;
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list