[PATCH] Handle skipMode() getting set in JS-generated HTML (#42623)
Maks Orlovich
mo002j at mail.rochester.edu
Wed Sep 4 22:13:51 BST 2002
Hi..
The attached patch is what I think is the fix for #42623...
The problem in that website (and also on populaephotography.com)
is basically with the above fragment:
<script type="text/javascript">
<!--
document.write("<iframe>");
-->
</script>
</iframe>
Foo
When handling it in HTMLTokenizer::scriptHandler, according to my tracing,
the rest of the document after the javascript gets saved into pendingSrc,
then the script is executed.. When parsing the JavaScirpt output, the parser
sets discard_until = </iframe>, which means parser->skipMode() is now true,
so upon returning form JavaScript, the pendingSrc isn't handle, and the the
rest of the document is lost -- which on real sites is a lot more than the
foo here..
The attached tries to fix it by saving the value of parser->skipMode() before
the JavaScript, and then using the original value after the JavaScript -- so
if the discard mode is set in advance, the behavior is not changed, and if
it's toggled within the script, the saved input is still used...
Thanks..
-Maks Orlovich
-------------- next part --------------
A non-text attachment was scrubbed...
Name: tokenizer_skip.diff
Type: text/x-diff
Size: 1239 bytes
Desc: not available
URL: <https://mail.kde.org/mailman/private/kfm-devel/attachments/20020904/d85c6c9a/attachment.diff>
More information about the kfm-devel
mailing list