/* * Copyright (C) 2000 Peter Kelly (pmk@post.com) * Copyright (C) 2005, 2006, 2008 Apple Inc. All rights reserved. * Copyright (C) 2006 Alexey Proskuryakov (ap@webkit.org) * Copyright (C) 2007 Samuel Weinig (sam@webkit.org) * Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies) * Copyright (C) 2008 Holger Hans Peter Freyther * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. (http://www.torchmobile.com/) * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Library General Public * License as published by the Free Software Foundation; either * version 2 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Library General Public License for more details. * * You should have received a copy of the GNU Library General Public License * along with this library; see the file COPYING.LIB. If not, write to * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, * Boston, MA 02110-1301, USA. */ #include "config.h" #include "XMLTokenizer.h" #include "CDATASection.h" #include "CString.h" #include "CachedScript.h" #include "Comment.h" #include "DocLoader.h" #include "Document.h" #include "DocumentFragment.h" #include "DocumentType.h" #include "Frame.h" #include "FrameLoader.h" #include "FrameView.h" #include "HTMLLinkElement.h" #include "HTMLStyleElement.h" #include "HTMLTokenizer.h" // for decodeNamedEntity #include "ProcessingInstruction.h" #include "ResourceError.h" #include "ResourceHandle.h" #include "ResourceRequest.h" #include "ResourceResponse.h" #include "ScriptController.h" #include "ScriptElement.h" #include "ScriptSourceCode.h" #include "ScriptValue.h" #include "TextResourceDecoder.h" #include "TransformSource.h" #include "XMLNSNames.h" #include "XMLTokenizerScope.h" #include <libxml/parser.h> #include <libxml/parserInternals.h> #include <wtf/Platform.h> #include <wtf/StringExtras.h> #include <wtf/Threading.h> #include <wtf/UnusedParam.h> #include <wtf/Vector.h> #if ENABLE(XSLT) #include <libxslt/xslt.h> #endif #if ENABLE(XHTMLMP) #include "HTMLNames.h" #include "HTMLScriptElement.h" #endif using namespace std; namespace WebCore { class PendingCallbacks : public Noncopyable { public: ~PendingCallbacks() { deleteAllValues(m_callbacks); } void appendStartElementNSCallback(const xmlChar* xmlLocalName, const xmlChar* xmlPrefix, const xmlChar* xmlURI, int nb_namespaces, const xmlChar** namespaces, int nb_attributes, int nb_defaulted, const xmlChar** attributes) { PendingStartElementNSCallback* callback = new PendingStartElementNSCallback; callback->xmlLocalName = xmlStrdup(xmlLocalName); callback->xmlPrefix = xmlStrdup(xmlPrefix); callback->xmlURI = xmlStrdup(xmlURI); callback->nb_namespaces = nb_namespaces; callback->namespaces = static_cast<xmlChar**>(xmlMalloc(sizeof(xmlChar*) * nb_namespaces * 2)); for (int i = 0; i < nb_namespaces * 2 ; i++) callback->namespaces[i] = xmlStrdup(namespaces[i]); callback->nb_attributes = nb_attributes; callback->nb_defaulted = nb_defaulted; callback->attributes = static_cast<xmlChar**>(xmlMalloc(sizeof(xmlChar*) * nb_attributes * 5)); for (int i = 0; i < nb_attributes; i++) { // Each attribute has 5 elements in the array: // name, prefix, uri, value and an end pointer. for (int j = 0; j < 3; j++) callback->attributes[i * 5 + j] = xmlStrdup(attributes[i * 5 + j]); int len = attributes[i * 5 + 4] - attributes[i * 5 + 3]; callback->attributes[i * 5 + 3] = xmlStrndup(attributes[i * 5 + 3], len); callback->attributes[i * 5 + 4] = callback->attributes[i * 5 + 3] + len; } m_callbacks.append(callback); } void appendEndElementNSCallback() { PendingEndElementNSCallback* callback = new PendingEndElementNSCallback; m_callbacks.append(callback); } void appendCharactersCallback(const xmlChar* s, int len) { PendingCharactersCallback* callback = new PendingCharactersCallback; callback->s = xmlStrndup(s, len); callback->len = len; m_callbacks.append(callback); } void appendProcessingInstructionCallback(const xmlChar* target, const xmlChar* data) { PendingProcessingInstructionCallback* callback = new PendingProcessingInstructionCallback; callback->target = xmlStrdup(target); callback->data = xmlStrdup(data); m_callbacks.append(callback); } void appendCDATABlockCallback(const xmlChar* s, int len) { PendingCDATABlockCallback* callback = new PendingCDATABlockCallback; callback->s = xmlStrndup(s, len); callback->len = len; m_callbacks.append(callback); } void appendCommentCallback(const xmlChar* s) { PendingCommentCallback* callback = new PendingCommentCallback; callback->s = xmlStrdup(s); m_callbacks.append(callback); } void appendInternalSubsetCallback(const xmlChar* name, const xmlChar* externalID, const xmlChar* systemID) { PendingInternalSubsetCallback* callback = new PendingInternalSubsetCallback; callback->name = xmlStrdup(name); callback->externalID = xmlStrdup(externalID); callback->systemID = xmlStrdup(systemID); m_callbacks.append(callback); } void appendErrorCallback(XMLTokenizer::ErrorType type, const xmlChar* message, int lineNumber, int columnNumber) { PendingErrorCallback* callback = new PendingErrorCallback; callback->message = xmlStrdup(message); callback->type = type; callback->lineNumber = lineNumber; callback->columnNumber = columnNumber; m_callbacks.append(callback); } void callAndRemoveFirstCallback(XMLTokenizer* tokenizer) { OwnPtr<PendingCallback> callback(m_callbacks.first()); m_callbacks.removeFirst(); callback->call(tokenizer); } bool isEmpty() const { return m_callbacks.isEmpty(); } private: struct PendingCallback { virtual ~PendingCallback() { } virtual void call(XMLTokenizer* tokenizer) = 0; }; struct PendingStartElementNSCallback : public PendingCallback { virtual ~PendingStartElementNSCallback() { xmlFree(xmlLocalName); xmlFree(xmlPrefix); xmlFree(xmlURI); for (int i = 0; i < nb_namespaces * 2; i++) xmlFree(namespaces[i]); xmlFree(namespaces); for (int i = 0; i < nb_attributes; i++) for (int j = 0; j < 4; j++) xmlFree(attributes[i * 5 + j]); xmlFree(attributes); } virtual void call(XMLTokenizer* tokenizer) { tokenizer->startElementNs(xmlLocalName, xmlPrefix, xmlURI, nb_namespaces, const_cast<const xmlChar**>(namespaces), nb_attributes, nb_defaulted, const_cast<const xmlChar**>(attributes)); } xmlChar* xmlLocalName; xmlChar* xmlPrefix; xmlChar* xmlURI; int nb_namespaces; xmlChar** namespaces; int nb_attributes; int nb_defaulted; xmlChar** attributes; }; struct PendingEndElementNSCallback : public PendingCallback { virtual void call(XMLTokenizer* tokenizer) { tokenizer->endElementNs(); } }; struct PendingCharactersCallback : public PendingCallback { virtual ~PendingCharactersCallback() { xmlFree(s); } virtual void call(XMLTokenizer* tokenizer) { tokenizer->characters(s, len); } xmlChar* s; int len; }; struct PendingProcessingInstructionCallback : public PendingCallback { virtual ~PendingProcessingInstructionCallback() { xmlFree(target); xmlFree(data); } virtual void call(XMLTokenizer* tokenizer) { tokenizer->processingInstruction(target, data); } xmlChar* target; xmlChar* data; }; struct PendingCDATABlockCallback : public PendingCallback { virtual ~PendingCDATABlockCallback() { xmlFree(s); } virtual void call(XMLTokenizer* tokenizer) { tokenizer->cdataBlock(s, len); } xmlChar* s; int len; }; struct PendingCommentCallback : public PendingCallback { virtual ~PendingCommentCallback() { xmlFree(s); } virtual void call(XMLTokenizer* tokenizer) { tokenizer->comment(s); } xmlChar* s; }; struct PendingInternalSubsetCallback : public PendingCallback { virtual ~PendingInternalSubsetCallback() { xmlFree(name); xmlFree(externalID); xmlFree(systemID); } virtual void call(XMLTokenizer* tokenizer) { tokenizer->internalSubset(name, externalID, systemID); } xmlChar* name; xmlChar* externalID; xmlChar* systemID; }; struct PendingErrorCallback: public PendingCallback { virtual ~PendingErrorCallback() { xmlFree(message); } virtual void call(XMLTokenizer* tokenizer) { tokenizer->handleError(type, reinterpret_cast<char*>(message), lineNumber, columnNumber); } XMLTokenizer::ErrorType type; xmlChar* message; int lineNumber; int columnNumber; }; Deque<PendingCallback*> m_callbacks; }; // -------------------------------- static int globalDescriptor = 0; static ThreadIdentifier libxmlLoaderThread = 0; static int matchFunc(const char*) { // Only match loads initiated due to uses of libxml2 from within XMLTokenizer to avoid // interfering with client applications that also use libxml2. http://bugs.webkit.org/show_bug.cgi?id=17353 return XMLTokenizerScope::currentDocLoader && currentThread() == libxmlLoaderThread; } class OffsetBuffer { public: OffsetBuffer(const Vector<char>& b) : m_buffer(b), m_currentOffset(0) { } int readOutBytes(char* outputBuffer, unsigned askedToRead) { unsigned bytesLeft = m_buffer.size() - m_currentOffset; unsigned lenToCopy = min(askedToRead, bytesLeft); if (lenToCopy) { memcpy(outputBuffer, m_buffer.data() + m_currentOffset, lenToCopy); m_currentOffset += lenToCopy; } return lenToCopy; } private: Vector<char> m_buffer; unsigned m_currentOffset; }; static bool shouldAllowExternalLoad(const KURL& url) { String urlString = url.string(); // On non-Windows platforms libxml asks for this URL, the // "XML_XML_DEFAULT_CATALOG", on initialization. if (urlString == "file:///etc/xml/catalog") return false; // On Windows, libxml computes a URL relative to where its DLL resides. if (urlString.startsWith("file:///", false) && urlString.endsWith("/etc/catalog", false)) return false; // The most common DTD. There isn't much point in hammering www.w3c.org // by requesting this URL for every XHTML document. if (urlString.startsWith("http://www.w3.org/TR/xhtml", false)) return false; // Similarly, there isn't much point in requesting the SVG DTD. if (urlString.startsWith("http://www.w3.org/Graphics/SVG", false)) return false; // The libxml doesn't give us a lot of context for deciding whether to // allow this request. In the worst case, this load could be for an // external entity and the resulting document could simply read the // retrieved content. If we had more context, we could potentially allow // the parser to load a DTD. As things stand, we take the conservative // route and allow same-origin requests only. if (!XMLTokenizerScope::currentDocLoader->doc()->securityOrigin()->canRequest(url)) { XMLTokenizerScope::currentDocLoader->printAccessDeniedMessage(url); return false; } return true; } static void* openFunc(const char* uri) { ASSERT(XMLTokenizerScope::currentDocLoader); ASSERT(currentThread() == libxmlLoaderThread); KURL url(KURL(), uri); if (!shouldAllowExternalLoad(url)) return &globalDescriptor; ResourceError error; ResourceResponse response; Vector<char> data; { DocLoader* docLoader = XMLTokenizerScope::currentDocLoader; XMLTokenizerScope scope(0); // FIXME: We should restore the original global error handler as well. if (docLoader->frame()) docLoader->frame()->loader()->loadResourceSynchronously(url, AllowStoredCredentials, error, response, data); } // We have to check the URL again after the load to catch redirects. // See <https://bugs.webkit.org/show_bug.cgi?id=21963>. if (!shouldAllowExternalLoad(response.url())) return &globalDescriptor; return new OffsetBuffer(data); } static int readFunc(void* context, char* buffer, int len) { // Do 0-byte reads in case of a null descriptor if (context == &globalDescriptor) return 0; OffsetBuffer* data = static_cast<OffsetBuffer*>(context); return data->readOutBytes(buffer, len); } static int writeFunc(void*, const char*, int) { // Always just do 0-byte writes return 0; } static int closeFunc(void* context) { if (context != &globalDescriptor) { OffsetBuffer* data = static_cast<OffsetBuffer*>(context); delete data; } return 0; } #if ENABLE(XSLT) static void errorFunc(void*, const char*, ...) { // FIXME: It would be nice to display error messages somewhere. } #endif static bool didInit = false; PassRefPtr<XMLParserContext> XMLParserContext::createStringParser(xmlSAXHandlerPtr handlers, void* userData) { if (!didInit) { xmlInitParser(); xmlRegisterInputCallbacks(matchFunc, openFunc, readFunc, closeFunc); xmlRegisterOutputCallbacks(matchFunc, openFunc, writeFunc, closeFunc); libxmlLoaderThread = currentThread(); didInit = true; } xmlParserCtxtPtr parser = xmlCreatePushParserCtxt(handlers, 0, 0, 0, 0); parser->_private = userData; parser->replaceEntities = true; const UChar BOM = 0xFEFF; const unsigned char BOMHighByte = *reinterpret_cast<const unsigned char*>(&BOM); xmlSwitchEncoding(parser, BOMHighByte == 0xFF ? XML_CHAR_ENCODING_UTF16LE : XML_CHAR_ENCODING_UTF16BE); return adoptRef(new XMLParserContext(parser)); } // Chunk should be encoded in UTF-8 PassRefPtr<XMLParserContext> XMLParserContext::createMemoryParser(xmlSAXHandlerPtr handlers, void* userData, const char* chunk) { if (!didInit) { xmlInitParser(); xmlRegisterInputCallbacks(matchFunc, openFunc, readFunc, closeFunc); xmlRegisterOutputCallbacks(matchFunc, openFunc, writeFunc, closeFunc); libxmlLoaderThread = currentThread(); didInit = true; } xmlParserCtxtPtr parser = xmlCreateMemoryParserCtxt(chunk, xmlStrlen((const xmlChar*)chunk)); if (!parser) return 0; // Copy the sax handler memcpy(parser->sax, handlers, sizeof(xmlSAXHandler)); // Set parser options. // XML_PARSE_NODICT: default dictionary option. // XML_PARSE_NOENT: force entities substitutions. xmlCtxtUseOptions(parser, XML_PARSE_NODICT | XML_PARSE_NOENT); // Internal initialization parser->sax2 = 1; parser->instate = XML_PARSER_CONTENT; // We are parsing a CONTENT parser->depth = 0; parser->str_xml = xmlDictLookup(parser->dict, BAD_CAST "xml", 3); parser->str_xmlns = xmlDictLookup(parser->dict, BAD_CAST "xmlns", 5); parser->str_xml_ns = xmlDictLookup(parser->dict, XML_XML_NAMESPACE, 36); parser->_private = userData; return adoptRef(new XMLParserContext(parser)); } // -------------------------------- XMLTokenizer::XMLTokenizer(Document* _doc, FrameView* _view) : m_doc(_doc) , m_view(_view) , m_context(0) , m_pendingCallbacks(new PendingCallbacks) , m_currentNode(_doc) , m_sawError(false) , m_sawXSLTransform(false) , m_sawFirstElement(false) , m_isXHTMLDocument(false) #if ENABLE(XHTMLMP) , m_isXHTMLMPDocument(false) , m_hasDocTypeDeclaration(false) #endif , m_parserPaused(false) , m_requestingScript(false) , m_finishCalled(false) , m_errorCount(0) , m_lastErrorLine(0) , m_lastErrorColumn(0) , m_pendingScript(0) , m_scriptStartLine(0) , m_parsingFragment(false) , m_scriptingPermission(FragmentScriptingAllowed) { } XMLTokenizer::XMLTokenizer(DocumentFragment* fragment, Element* parentElement, FragmentScriptingPermission scriptingPermission) : m_doc(fragment->document()) , m_view(0) , m_context(0) , m_pendingCallbacks(new PendingCallbacks) , m_currentNode(fragment) , m_sawError(false) , m_sawXSLTransform(false) , m_sawFirstElement(false) , m_isXHTMLDocument(false) #if ENABLE(XHTMLMP) , m_isXHTMLMPDocument(false) , m_hasDocTypeDeclaration(false) #endif , m_parserPaused(false) , m_requestingScript(false) , m_finishCalled(false) , m_errorCount(0) , m_lastErrorLine(0) , m_lastErrorColumn(0) , m_pendingScript(0) , m_scriptStartLine(0) , m_parsingFragment(true) , m_scriptingPermission(scriptingPermission) { fragment->ref(); if (m_doc) m_doc->ref(); // Add namespaces based on the parent node Vector<Element*> elemStack; while (parentElement) { elemStack.append(parentElement); Node* n = parentElement->parentNode(); if (!n || !n->isElementNode()) break; parentElement = static_cast<Element*>(n); } if (elemStack.isEmpty()) return; for (Element* element = elemStack.last(); !elemStack.isEmpty(); elemStack.removeLast()) { if (NamedNodeMap* attrs = element->attributes()) { for (unsigned i = 0; i < attrs->length(); i++) { Attribute* attr = attrs->attributeItem(i); if (attr->localName() == xmlnsAtom) m_defaultNamespaceURI = attr->value(); else if (attr->prefix() == xmlnsAtom) m_prefixToNamespaceMap.set(attr->localName(), attr->value()); } } } // If the parent element is not in document tree, there may be no xmlns attribute; just default to the parent's namespace. if (m_defaultNamespaceURI.isNull() && !parentElement->inDocument()) m_defaultNamespaceURI = parentElement->namespaceURI(); } XMLParserContext::~XMLParserContext() { if (m_context->myDoc) xmlFreeDoc(m_context->myDoc); xmlFreeParserCtxt(m_context); } XMLTokenizer::~XMLTokenizer() { clearCurrentNodeStack(); if (m_parsingFragment && m_doc) m_doc->deref(); if (m_pendingScript) m_pendingScript->removeClient(this); } void XMLTokenizer::doWrite(const String& parseString) { if (!m_context) initializeParserContext(); // Protect the libxml context from deletion during a callback RefPtr<XMLParserContext> context = m_context; // libXML throws an error if you try to switch the encoding for an empty string. if (parseString.length()) { // Hack around libxml2's lack of encoding overide support by manually // resetting the encoding to UTF-16 before every chunk. Otherwise libxml // will detect <?xml version="1.0" encoding="<encoding name>"?> blocks // and switch encodings, causing the parse to fail. const UChar BOM = 0xFEFF; const unsigned char BOMHighByte = *reinterpret_cast<const unsigned char*>(&BOM); xmlSwitchEncoding(context->context(), BOMHighByte == 0xFF ? XML_CHAR_ENCODING_UTF16LE : XML_CHAR_ENCODING_UTF16BE); XMLTokenizerScope scope(m_doc->docLoader()); xmlParseChunk(context->context(), reinterpret_cast<const char*>(parseString.characters()), sizeof(UChar) * parseString.length(), 0); } if (m_doc->decoder() && m_doc->decoder()->sawError()) { // If the decoder saw an error, report it as fatal (stops parsing) handleError(fatal, "Encoding error", context->context()->input->line, context->context()->input->col); } return; } static inline String toString(const xmlChar* str, unsigned len) { return UTF8Encoding().decode(reinterpret_cast<const char*>(str), len); } static inline String toString(const xmlChar* str) { if (!str) return String(); return UTF8Encoding().decode(reinterpret_cast<const char*>(str), strlen(reinterpret_cast<const char*>(str))); } struct _xmlSAX2Namespace { const xmlChar* prefix; const xmlChar* uri; }; typedef struct _xmlSAX2Namespace xmlSAX2Namespace; static inline void handleElementNamespaces(Element* newElement, const xmlChar** libxmlNamespaces, int nb_namespaces, ExceptionCode& ec, FragmentScriptingPermission scriptingPermission) { xmlSAX2Namespace* namespaces = reinterpret_cast<xmlSAX2Namespace*>(libxmlNamespaces); for (int i = 0; i < nb_namespaces; i++) { AtomicString namespaceQName = xmlnsAtom; String namespaceURI = toString(namespaces[i].uri); if (namespaces[i].prefix) namespaceQName = "xmlns:" + toString(namespaces[i].prefix); newElement->setAttributeNS(XMLNSNames::xmlnsNamespaceURI, namespaceQName, namespaceURI, ec, scriptingPermission); if (ec) // exception setting attributes return; } } struct _xmlSAX2Attributes { const xmlChar* localname; const xmlChar* prefix; const xmlChar* uri; const xmlChar* value; const xmlChar* end; }; typedef struct _xmlSAX2Attributes xmlSAX2Attributes; static inline void handleElementAttributes(Element* newElement, const xmlChar** libxmlAttributes, int nb_attributes, ExceptionCode& ec, FragmentScriptingPermission scriptingPermission) { xmlSAX2Attributes* attributes = reinterpret_cast<xmlSAX2Attributes*>(libxmlAttributes); for (int i = 0; i < nb_attributes; i++) { String attrLocalName = toString(attributes[i].localname); int valueLength = (int) (attributes[i].end - attributes[i].value); String attrValue = toString(attributes[i].value, valueLength); String attrPrefix = toString(attributes[i].prefix); String attrURI = attrPrefix.isEmpty() ? String() : toString(attributes[i].uri); String attrQName = attrPrefix.isEmpty() ? attrLocalName : attrPrefix + ":" + attrLocalName; newElement->setAttributeNS(attrURI, attrQName, attrValue, ec, scriptingPermission); if (ec) // exception setting attributes return; } } void XMLTokenizer::startElementNs(const xmlChar* xmlLocalName, const xmlChar* xmlPrefix, const xmlChar* xmlURI, int nb_namespaces, const xmlChar** libxmlNamespaces, int nb_attributes, int nb_defaulted, const xmlChar** libxmlAttributes) { if (m_parserStopped) return; if (m_parserPaused) { m_pendingCallbacks->appendStartElementNSCallback(xmlLocalName, xmlPrefix, xmlURI, nb_namespaces, libxmlNamespaces, nb_attributes, nb_defaulted, libxmlAttributes); return; } #if ENABLE(XHTMLMP) // check if the DOCTYPE Declaration of XHTMLMP document exists if (!m_hasDocTypeDeclaration && m_doc->isXHTMLMPDocument()) { handleError(fatal, "DOCTYPE declaration lost.", lineNumber(), columnNumber()); return; } #endif exitText(); String localName = toString(xmlLocalName); String uri = toString(xmlURI); String prefix = toString(xmlPrefix); if (m_parsingFragment && uri.isNull()) { if (!prefix.isNull()) uri = m_prefixToNamespaceMap.get(prefix); else uri = m_defaultNamespaceURI; } #if ENABLE(XHTMLMP) if (!m_sawFirstElement && isXHTMLMPDocument()) { // As per the section 7.1 of OMA-WAP-XHTMLMP-V1_1-20061020-A.pdf, // we should make sure that the root element MUST be 'html' and // ensure the name of the default namespace on the root elment 'html' // MUST be 'http://www.w3.org/1999/xhtml' if (localName != HTMLNames::htmlTag.localName()) { handleError(fatal, "XHTMLMP document expects 'html' as root element.", lineNumber(), columnNumber()); return; } if (uri.isNull()) { m_defaultNamespaceURI = HTMLNames::xhtmlNamespaceURI; uri = m_defaultNamespaceURI; } } #endif bool isFirstElement = !m_sawFirstElement; m_sawFirstElement = true; QualifiedName qName(prefix, localName, uri); RefPtr<Element> newElement = m_doc->createElement(qName, true); if (!newElement) { stopParsing(); return; } ExceptionCode ec = 0; handleElementNamespaces(newElement.get(), libxmlNamespaces, nb_namespaces, ec, m_scriptingPermission); if (ec) { stopParsing(); return; } ScriptController* jsProxy = m_doc->frame() ? m_doc->frame()->script() : 0; if (jsProxy && m_doc->frame()->script()->canExecuteScripts()) jsProxy->setEventHandlerLineNumber(lineNumber()); handleElementAttributes(newElement.get(), libxmlAttributes, nb_attributes, ec, m_scriptingPermission); if (ec) { stopParsing(); return; } if (jsProxy) jsProxy->setEventHandlerLineNumber(0); newElement->beginParsingChildren(); ScriptElement* scriptElement = toScriptElement(newElement.get()); if (scriptElement) m_scriptStartLine = lineNumber(); if (!m_currentNode->addChild(newElement.get())) { stopParsing(); return; } pushCurrentNode(newElement.get()); if (m_view && !newElement->attached()) newElement->attach(); if (!m_parsingFragment && isFirstElement && m_doc->frame()) m_doc->frame()->loader()->dispatchDocumentElementAvailable(); } void XMLTokenizer::endElementNs() { if (m_parserStopped) return; if (m_parserPaused) { m_pendingCallbacks->appendEndElementNSCallback(); return; } exitText(); Node* n = m_currentNode; n->finishParsingChildren(); if (m_scriptingPermission == FragmentScriptingNotAllowed && n->isElementNode() && toScriptElement(static_cast<Element*>(n))) { popCurrentNode(); ExceptionCode ec; n->remove(ec); return; } if (!n->isElementNode() || !m_view) { popCurrentNode(); return; } Element* element = static_cast<Element*>(n); // The element's parent may have already been removed from document. // Parsing continues in this case, but scripts aren't executed. if (!element->inDocument()) { popCurrentNode(); return; } ScriptElement* scriptElement = toScriptElement(element); if (!scriptElement) { popCurrentNode(); return; } // Don't load external scripts for standalone documents (for now). ASSERT(!m_pendingScript); m_requestingScript = true; #if ENABLE(XHTMLMP) if (!scriptElement->shouldExecuteAsJavaScript()) m_doc->setShouldProcessNoscriptElement(true); else #endif { String scriptHref = scriptElement->sourceAttributeValue(); if (!scriptHref.isEmpty()) { // we have a src attribute String scriptCharset = scriptElement->scriptCharset(); if (element->dispatchBeforeLoadEvent(scriptHref) && (m_pendingScript = m_doc->docLoader()->requestScript(scriptHref, scriptCharset))) { m_scriptElement = element; m_pendingScript->addClient(this); // m_pendingScript will be 0 if script was already loaded and ref() executed it if (m_pendingScript) pauseParsing(); } else m_scriptElement = 0; } else m_view->frame()->script()->executeScript(ScriptSourceCode(scriptElement->scriptContent(), m_doc->url(), m_scriptStartLine)); } m_requestingScript = false; popCurrentNode(); } void XMLTokenizer::characters(const xmlChar* s, int len) { if (m_parserStopped) return; if (m_parserPaused) { m_pendingCallbacks->appendCharactersCallback(s, len); return; } if (m_currentNode->isTextNode() || enterText()) m_bufferedText.append(s, len); } void XMLTokenizer::error(ErrorType type, const char* message, va_list args) { if (m_parserStopped) return; #if COMPILER(MSVC) || COMPILER(RVCT) char m[1024]; vsnprintf(m, sizeof(m) - 1, message, args); #else char* m; if (vasprintf(&m, message, args) == -1) return; #endif if (m_parserPaused) m_pendingCallbacks->appendErrorCallback(type, reinterpret_cast<const xmlChar*>(m), lineNumber(), columnNumber()); else handleError(type, m, lineNumber(), columnNumber()); #if !COMPILER(MSVC) && !COMPILER(RVCT) free(m); #endif } void XMLTokenizer::processingInstruction(const xmlChar* target, const xmlChar* data) { if (m_parserStopped) return; if (m_parserPaused) { m_pendingCallbacks->appendProcessingInstructionCallback(target, data); return; } exitText(); // ### handle exceptions int exception = 0; RefPtr<ProcessingInstruction> pi = m_doc->createProcessingInstruction( toString(target), toString(data), exception); if (exception) return; pi->setCreatedByParser(true); if (!m_currentNode->addChild(pi.get())) return; if (m_view && !pi->attached()) pi->attach(); pi->finishParsingChildren(); #if ENABLE(XSLT) m_sawXSLTransform = !m_sawFirstElement && pi->isXSL(); if (m_sawXSLTransform && !m_doc->transformSourceDocument()) stopParsing(); #endif } void XMLTokenizer::cdataBlock(const xmlChar* s, int len) { if (m_parserStopped) return; if (m_parserPaused) { m_pendingCallbacks->appendCDATABlockCallback(s, len); return; } exitText(); RefPtr<Node> newNode = CDATASection::create(m_doc, toString(s, len)); if (!m_currentNode->addChild(newNode.get())) return; if (m_view && !newNode->attached()) newNode->attach(); } void XMLTokenizer::comment(const xmlChar* s) { if (m_parserStopped) return; if (m_parserPaused) { m_pendingCallbacks->appendCommentCallback(s); return; } exitText(); RefPtr<Node> newNode = Comment::create(m_doc, toString(s)); m_currentNode->addChild(newNode.get()); if (m_view && !newNode->attached()) newNode->attach(); } void XMLTokenizer::startDocument(const xmlChar* version, const xmlChar* encoding, int standalone) { ExceptionCode ec = 0; if (version) m_doc->setXMLVersion(toString(version), ec); m_doc->setXMLStandalone(standalone == 1, ec); // possible values are 0, 1, and -1 if (encoding) m_doc->setXMLEncoding(toString(encoding)); } void XMLTokenizer::endDocument() { exitText(); #if ENABLE(XHTMLMP) m_hasDocTypeDeclaration = false; #endif } void XMLTokenizer::internalSubset(const xmlChar* name, const xmlChar* externalID, const xmlChar* systemID) { if (m_parserStopped) return; if (m_parserPaused) { m_pendingCallbacks->appendInternalSubsetCallback(name, externalID, systemID); return; } if (m_doc) { #if ENABLE(WML) || ENABLE(XHTMLMP) String extId = toString(externalID); #endif #if ENABLE(WML) if (isWMLDocument() && extId != "-//WAPFORUM//DTD WML 1.3//EN" && extId != "-//WAPFORUM//DTD WML 1.2//EN" && extId != "-//WAPFORUM//DTD WML 1.1//EN" && extId != "-//WAPFORUM//DTD WML 1.0//EN") handleError(fatal, "Invalid DTD Public ID", lineNumber(), columnNumber()); #endif #if ENABLE(XHTMLMP) String dtdName = toString(name); if (extId == "-//WAPFORUM//DTD XHTML Mobile 1.0//EN" || extId == "-//WAPFORUM//DTD XHTML Mobile 1.1//EN") { if (dtdName != HTMLNames::htmlTag.localName()) { handleError(fatal, "Invalid DOCTYPE declaration, expected 'html' as root element.", lineNumber(), columnNumber()); return; } if (m_doc->isXHTMLMPDocument()) setIsXHTMLMPDocument(true); else setIsXHTMLDocument(true); m_hasDocTypeDeclaration = true; } #endif #if ENABLE(XHTMLMP) m_doc->addChild(DocumentType::create(m_doc, dtdName, extId, toString(systemID))); #elif ENABLE(WML) m_doc->addChild(DocumentType::create(m_doc, toString(name), extId, toString(systemID))); #else m_doc->addChild(DocumentType::create(m_doc, toString(name), toString(externalID), toString(systemID))); #endif } } static inline XMLTokenizer* getTokenizer(void* closure) { xmlParserCtxtPtr ctxt = static_cast<xmlParserCtxtPtr>(closure); return static_cast<XMLTokenizer*>(ctxt->_private); } // This is a hack around http://bugzilla.gnome.org/show_bug.cgi?id=159219 // Otherwise libxml seems to call all the SAX callbacks twice for any replaced entity. static inline bool hackAroundLibXMLEntityBug(void* closure) { #if LIBXML_VERSION >= 20627 UNUSED_PARAM(closure); // This bug has been fixed in libxml 2.6.27. return false; #else return static_cast<xmlParserCtxtPtr>(closure)->node; #endif } static void startElementNsHandler(void* closure, const xmlChar* localname, const xmlChar* prefix, const xmlChar* uri, int nb_namespaces, const xmlChar** namespaces, int nb_attributes, int nb_defaulted, const xmlChar** libxmlAttributes) { if (hackAroundLibXMLEntityBug(closure)) return; getTokenizer(closure)->startElementNs(localname, prefix, uri, nb_namespaces, namespaces, nb_attributes, nb_defaulted, libxmlAttributes); } static void endElementNsHandler(void* closure, const xmlChar*, const xmlChar*, const xmlChar*) { if (hackAroundLibXMLEntityBug(closure)) return; getTokenizer(closure)->endElementNs(); } static void charactersHandler(void* closure, const xmlChar* s, int len) { if (hackAroundLibXMLEntityBug(closure)) return; getTokenizer(closure)->characters(s, len); } static void processingInstructionHandler(void* closure, const xmlChar* target, const xmlChar* data) { if (hackAroundLibXMLEntityBug(closure)) return; getTokenizer(closure)->processingInstruction(target, data); } static void cdataBlockHandler(void* closure, const xmlChar* s, int len) { if (hackAroundLibXMLEntityBug(closure)) return; getTokenizer(closure)->cdataBlock(s, len); } static void commentHandler(void* closure, const xmlChar* comment) { if (hackAroundLibXMLEntityBug(closure)) return; getTokenizer(closure)->comment(comment); } WTF_ATTRIBUTE_PRINTF(2, 3) static void warningHandler(void* closure, const char* message, ...) { va_list args; va_start(args, message); getTokenizer(closure)->error(XMLTokenizer::warning, message, args); va_end(args); } WTF_ATTRIBUTE_PRINTF(2, 3) static void fatalErrorHandler(void* closure, const char* message, ...) { va_list args; va_start(args, message); getTokenizer(closure)->error(XMLTokenizer::fatal, message, args); va_end(args); } WTF_ATTRIBUTE_PRINTF(2, 3) static void normalErrorHandler(void* closure, const char* message, ...) { va_list args; va_start(args, message); getTokenizer(closure)->error(XMLTokenizer::nonFatal, message, args); va_end(args); } // Using a static entity and marking it XML_INTERNAL_PREDEFINED_ENTITY is // a hack to avoid malloc/free. Using a global variable like this could cause trouble // if libxml implementation details were to change static xmlChar sharedXHTMLEntityResult[5] = {0, 0, 0, 0, 0}; static xmlEntityPtr sharedXHTMLEntity() { static xmlEntity entity; if (!entity.type) { entity.type = XML_ENTITY_DECL; entity.orig = sharedXHTMLEntityResult; entity.content = sharedXHTMLEntityResult; entity.etype = XML_INTERNAL_PREDEFINED_ENTITY; } return &entity; } static xmlEntityPtr getXHTMLEntity(const xmlChar* name) { UChar c = decodeNamedEntity(reinterpret_cast<const char*>(name)); if (!c) return 0; CString value = String(&c, 1).utf8(); ASSERT(value.length() < 5); xmlEntityPtr entity = sharedXHTMLEntity(); entity->length = value.length(); entity->name = name; memcpy(sharedXHTMLEntityResult, value.data(), entity->length + 1); return entity; } static xmlEntityPtr getEntityHandler(void* closure, const xmlChar* name) { xmlParserCtxtPtr ctxt = static_cast<xmlParserCtxtPtr>(closure); xmlEntityPtr ent = xmlGetPredefinedEntity(name); if (ent) { ent->etype = XML_INTERNAL_PREDEFINED_ENTITY; return ent; } ent = xmlGetDocEntity(ctxt->myDoc, name); if (!ent && (getTokenizer(closure)->isXHTMLDocument() #if ENABLE(XHTMLMP) || getTokenizer(closure)->isXHTMLMPDocument() #endif #if ENABLE(WML) || getTokenizer(closure)->isWMLDocument() #endif )) { ent = getXHTMLEntity(name); if (ent) ent->etype = XML_INTERNAL_GENERAL_ENTITY; } return ent; } static void startDocumentHandler(void* closure) { xmlParserCtxt* ctxt = static_cast<xmlParserCtxt*>(closure); getTokenizer(closure)->startDocument(ctxt->version, ctxt->encoding, ctxt->standalone); xmlSAX2StartDocument(closure); } static void endDocumentHandler(void* closure) { getTokenizer(closure)->endDocument(); xmlSAX2EndDocument(closure); } static void internalSubsetHandler(void* closure, const xmlChar* name, const xmlChar* externalID, const xmlChar* systemID) { getTokenizer(closure)->internalSubset(name, externalID, systemID); xmlSAX2InternalSubset(closure, name, externalID, systemID); } static void externalSubsetHandler(void* closure, const xmlChar*, const xmlChar* externalId, const xmlChar*) { String extId = toString(externalId); if ((extId == "-//W3C//DTD XHTML 1.0 Transitional//EN") || (extId == "-//W3C//DTD XHTML 1.1//EN") || (extId == "-//W3C//DTD XHTML 1.0 Strict//EN") || (extId == "-//W3C//DTD XHTML 1.0 Frameset//EN") || (extId == "-//W3C//DTD XHTML Basic 1.0//EN") || (extId == "-//W3C//DTD XHTML 1.1 plus MathML 2.0//EN") || (extId == "-//W3C//DTD XHTML 1.1 plus MathML 2.0 plus SVG 1.1//EN") #if !ENABLE(XHTMLMP) || (extId == "-//WAPFORUM//DTD XHTML Mobile 1.0//EN") #endif ) getTokenizer(closure)->setIsXHTMLDocument(true); // controls if we replace entities or not. } static void ignorableWhitespaceHandler(void*, const xmlChar*, int) { // nothing to do, but we need this to work around a crasher // http://bugzilla.gnome.org/show_bug.cgi?id=172255 // http://bugs.webkit.org/show_bug.cgi?id=5792 } void XMLTokenizer::initializeParserContext(const char* chunk) { xmlSAXHandler sax; memset(&sax, 0, sizeof(sax)); sax.error = normalErrorHandler; sax.fatalError = fatalErrorHandler; sax.characters = charactersHandler; sax.processingInstruction = processingInstructionHandler; sax.cdataBlock = cdataBlockHandler; sax.comment = commentHandler; sax.warning = warningHandler; sax.startElementNs = startElementNsHandler; sax.endElementNs = endElementNsHandler; sax.getEntity = getEntityHandler; sax.startDocument = startDocumentHandler; sax.endDocument = endDocumentHandler; sax.internalSubset = internalSubsetHandler; sax.externalSubset = externalSubsetHandler; sax.ignorableWhitespace = ignorableWhitespaceHandler; sax.entityDecl = xmlSAX2EntityDecl; sax.initialized = XML_SAX2_MAGIC; m_parserStopped = false; m_sawError = false; m_sawXSLTransform = false; m_sawFirstElement = false; XMLTokenizerScope scope(m_doc->docLoader()); if (m_parsingFragment) m_context = XMLParserContext::createMemoryParser(&sax, this, chunk); else m_context = XMLParserContext::createStringParser(&sax, this); } void XMLTokenizer::doEnd() { #if ENABLE(XSLT) if (m_sawXSLTransform) { void* doc = xmlDocPtrForString(m_doc->docLoader(), m_originalSourceForTransform, m_doc->url().string()); m_doc->setTransformSource(new TransformSource(doc)); m_doc->setParsing(false); // Make the doc think it's done, so it will apply xsl sheets. m_doc->updateStyleSelector(); m_doc->setParsing(true); m_parserStopped = true; } #endif if (m_context) { // Tell libxml we're done. { XMLTokenizerScope scope(m_doc->docLoader()); xmlParseChunk(context(), 0, 0, 1); } m_context = 0; } } #if ENABLE(XSLT) void* xmlDocPtrForString(DocLoader* docLoader, const String& source, const String& url) { if (source.isEmpty()) return 0; // Parse in a single chunk into an xmlDocPtr // FIXME: Hook up error handlers so that a failure to parse the main document results in // good error messages. const UChar BOM = 0xFEFF; const unsigned char BOMHighByte = *reinterpret_cast<const unsigned char*>(&BOM); XMLTokenizerScope scope(docLoader, errorFunc, 0); xmlDocPtr sourceDoc = xmlReadMemory(reinterpret_cast<const char*>(source.characters()), source.length() * sizeof(UChar), url.latin1().data(), BOMHighByte == 0xFF ? "UTF-16LE" : "UTF-16BE", XSLT_PARSE_OPTIONS); return sourceDoc; } #endif int XMLTokenizer::lineNumber() const { return context() ? context()->input->line : 1; } int XMLTokenizer::columnNumber() const { return context() ? context()->input->col : 1; } void XMLTokenizer::stopParsing() { Tokenizer::stopParsing(); if (context()) xmlStopParser(context()); } void XMLTokenizer::resumeParsing() { ASSERT(m_parserPaused); m_parserPaused = false; // First, execute any pending callbacks while (!m_pendingCallbacks->isEmpty()) { m_pendingCallbacks->callAndRemoveFirstCallback(this); // A callback paused the parser if (m_parserPaused) return; } // Then, write any pending data SegmentedString rest = m_pendingSrc; m_pendingSrc.clear(); write(rest, false); // Finally, if finish() has been called and write() didn't result // in any further callbacks being queued, call end() if (m_finishCalled && m_pendingCallbacks->isEmpty()) end(); } bool parseXMLDocumentFragment(const String& chunk, DocumentFragment* fragment, Element* parent, FragmentScriptingPermission scriptingPermission) { if (!chunk.length()) return true; XMLTokenizer tokenizer(fragment, parent, scriptingPermission); CString chunkAsUtf8 = chunk.utf8(); tokenizer.initializeParserContext(chunkAsUtf8.data()); xmlParseContent(tokenizer.context()); tokenizer.endDocument(); // Check if all the chunk has been processed. long bytesProcessed = xmlByteConsumed(tokenizer.context()); if (bytesProcessed == -1 || ((unsigned long)bytesProcessed) != chunkAsUtf8.length()) return false; // No error if the chunk is well formed or it is not but we have no error. return tokenizer.context()->wellFormed || xmlCtxtGetLastError(tokenizer.context()) == 0; } // -------------------------------- struct AttributeParseState { HashMap<String, String> attributes; bool gotAttributes; }; static void attributesStartElementNsHandler(void* closure, const xmlChar* xmlLocalName, const xmlChar* /*xmlPrefix*/, const xmlChar* /*xmlURI*/, int /*nb_namespaces*/, const xmlChar** /*namespaces*/, int nb_attributes, int /*nb_defaulted*/, const xmlChar** libxmlAttributes) { if (strcmp(reinterpret_cast<const char*>(xmlLocalName), "attrs") != 0) return; xmlParserCtxtPtr ctxt = static_cast<xmlParserCtxtPtr>(closure); AttributeParseState* state = static_cast<AttributeParseState*>(ctxt->_private); state->gotAttributes = true; xmlSAX2Attributes* attributes = reinterpret_cast<xmlSAX2Attributes*>(libxmlAttributes); for (int i = 0; i < nb_attributes; i++) { String attrLocalName = toString(attributes[i].localname); int valueLength = (int) (attributes[i].end - attributes[i].value); String attrValue = toString(attributes[i].value, valueLength); String attrPrefix = toString(attributes[i].prefix); String attrQName = attrPrefix.isEmpty() ? attrLocalName : attrPrefix + ":" + attrLocalName; state->attributes.set(attrQName, attrValue); } } HashMap<String, String> parseAttributes(const String& string, bool& attrsOK) { AttributeParseState state; state.gotAttributes = false; xmlSAXHandler sax; memset(&sax, 0, sizeof(sax)); sax.startElementNs = attributesStartElementNsHandler; sax.initialized = XML_SAX2_MAGIC; RefPtr<XMLParserContext> parser = XMLParserContext::createStringParser(&sax, &state); String parseString = "<?xml version=\"1.0\"?><attrs " + string + " />"; xmlParseChunk(parser->context(), reinterpret_cast<const char*>(parseString.characters()), parseString.length() * sizeof(UChar), 1); attrsOK = state.gotAttributes; return state.attributes; } }