summaryrefslogtreecommitdiffstats
path: root/parser
diff options
context:
space:
mode:
Diffstat (limited to 'parser')
-rw-r--r--parser/expat/lib/xmlparse.c20
-rw-r--r--parser/html/nsHtml5Tokenizer.cpp15
2 files changed, 15 insertions, 20 deletions
diff --git a/parser/expat/lib/xmlparse.c b/parser/expat/lib/xmlparse.c
index 93a817764..6ab140c89 100644
--- a/parser/expat/lib/xmlparse.c
+++ b/parser/expat/lib/xmlparse.c
@@ -335,7 +335,7 @@ initializeEncoding(XML_Parser parser);
static enum XML_Error
doProlog(XML_Parser parser, const ENCODING *enc, const char *s,
const char *end, int tok, const char *next, const char **nextPtr,
- XML_Bool haveMore);
+ XML_Bool haveMore, XML_Bool allowClosingDoctype);
static enum XML_Error
processInternalEntity(XML_Parser parser, ENTITY *entity,
XML_Bool betweenDecl);
@@ -3760,7 +3760,7 @@ externalParEntProcessor(XML_Parser parser,
processor = prologProcessor;
return doProlog(parser, encoding, s, end, tok, next,
- nextPtr, (XML_Bool)!ps_finalBuffer);
+ nextPtr, (XML_Bool)!ps_finalBuffer, XML_TRUE);
}
static enum XML_Error PTRCALL
@@ -3810,7 +3810,7 @@ prologProcessor(XML_Parser parser,
const char *next = s;
int tok = XmlPrologTok(encoding, s, end, &next);
return doProlog(parser, encoding, s, end, tok, next,
- nextPtr, (XML_Bool)!ps_finalBuffer);
+ nextPtr, (XML_Bool)!ps_finalBuffer, XML_TRUE);
}
static enum XML_Error
@@ -3821,7 +3821,8 @@ doProlog(XML_Parser parser,
int tok,
const char *next,
const char **nextPtr,
- XML_Bool haveMore)
+ XML_Bool haveMore,
+ XML_Bool allowClosingDoctype)
{
#ifdef XML_DTD
static const XML_Char externalSubsetName[] = { '#' , '\0' };
@@ -3987,6 +3988,11 @@ doProlog(XML_Parser parser,
}
break;
case XML_ROLE_DOCTYPE_CLOSE:
+ if (allowClosingDoctype != XML_TRUE) {
+ /* Must not close doctype from within expanded parameter entities */
+ return XML_ERROR_INVALID_TOKEN;
+ }
+
if (doctypeName) {
startDoctypeDeclHandler(handlerArg, doctypeName,
doctypeSysid, doctypePubid, 0);
@@ -4892,7 +4898,7 @@ processInternalEntity(XML_Parser parser, ENTITY *entity,
if (entity->is_param) {
int tok = XmlPrologTok(internalEncoding, textStart, textEnd, &next);
result = doProlog(parser, internalEncoding, textStart, textEnd, tok,
- next, &next, XML_FALSE);
+ next, &next, XML_FALSE, XML_FALSE);
}
else
#endif /* XML_DTD */
@@ -4959,7 +4965,7 @@ internalEntityProcessor(XML_Parser parser,
if (entity->is_param) {
int tok = XmlPrologTok(internalEncoding, textStart, textEnd, &next);
result = doProlog(parser, internalEncoding, textStart, textEnd, tok,
- next, &next, XML_FALSE);
+ next, &next, XML_FALSE, XML_TRUE);
}
else
#endif /* XML_DTD */
@@ -4986,7 +4992,7 @@ internalEntityProcessor(XML_Parser parser,
processor = prologProcessor;
tok = XmlPrologTok(encoding, s, end, &next);
return doProlog(parser, encoding, s, end, tok, next, nextPtr,
- (XML_Bool)!ps_finalBuffer);
+ (XML_Bool)!ps_finalBuffer, XML_TRUE);
}
else
#endif /* XML_DTD */
diff --git a/parser/html/nsHtml5Tokenizer.cpp b/parser/html/nsHtml5Tokenizer.cpp
index 4c815b0c0..5464d211d 100644
--- a/parser/html/nsHtml5Tokenizer.cpp
+++ b/parser/html/nsHtml5Tokenizer.cpp
@@ -1054,9 +1054,6 @@ nsHtml5Tokenizer::stateLoop(int32_t state, char16_t c, int32_t pos, char16_t* bu
}
c = checkChar(buf, pos);
switch(c) {
- case '\0': {
- NS_HTML5_BREAK(stateloop);
- }
case '-': {
clearStrBufAfterOneHyphen();
state = P::transition(mViewSource, NS_HTML5TOKENIZER_COMMENT_START, reconsume, pos);
@@ -1461,9 +1458,6 @@ nsHtml5Tokenizer::stateLoop(int32_t state, char16_t c, int32_t pos, char16_t* bu
NS_HTML5_BREAK(stateloop);
}
c = checkChar(buf, pos);
- if (c == '\0') {
- NS_HTML5_BREAK(stateloop);
- }
switch(c) {
case ' ':
case '\t':
@@ -1471,7 +1465,8 @@ nsHtml5Tokenizer::stateLoop(int32_t state, char16_t c, int32_t pos, char16_t* bu
case '\r':
case '\f':
case '<':
- case '&': {
+ case '&':
+ case '\0': {
emitOrAppendCharRefBuf(returnState);
if (!(returnState & NS_HTML5TOKENIZER_DATA_AND_RCDATA_MASK)) {
cstart = pos;
@@ -1519,9 +1514,6 @@ nsHtml5Tokenizer::stateLoop(int32_t state, char16_t c, int32_t pos, char16_t* bu
NS_HTML5_BREAK(stateloop);
}
c = checkChar(buf, pos);
- if (c == '\0') {
- NS_HTML5_BREAK(stateloop);
- }
int32_t hilo = 0;
if (c <= 'z') {
const int32_t* row = nsHtml5NamedCharactersAccel::HILO_ACCEL[c];
@@ -1556,9 +1548,6 @@ nsHtml5Tokenizer::stateLoop(int32_t state, char16_t c, int32_t pos, char16_t* bu
NS_HTML5_BREAK(stateloop);
}
c = checkChar(buf, pos);
- if (c == '\0') {
- NS_HTML5_BREAK(stateloop);
- }
entCol++;
for (; ; ) {
if (hi < lo) {