Closed Bug 292733 Opened 19 years ago Closed 19 years ago

Bad parsing of ]> in CDATA in view source

Categories

(Core :: XML, defect)

Product:
Core
Component:
XML
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
trivial

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: xanthor+bz, Assigned: mrbkap)

References

(
URL
)

Details

Attachments

(1 file)

patch v1
2.41 KB, patch
bzbarsky
: review+
brendan
: superreview+
brendan
: approval1.8b2+
Details | Diff | Splinter Review 
User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8b) Gecko/20050217
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8b2) Gecko/20050405

If we have "]>" in a CDATA section, view-source think that it's the end of the
CDATA section.

Reproducible: Always

Steps to Reproduce:
1. Load the testcase
or
2. put "]>" between "<![CDATA[" and "]]>"
Then :
3. view source
Actual Results:  
The hightlighted CDATA section ends at ]> instead of ]]>
(And for example, non valid XML escaped in this CDATA section, but after the
"]>", are highlighted as error)

Expected Results:  
The view-source parser should recognized the end of the CDATA section correctly

Verified on Moz and Fx
(I don't know is XML is a good composant. I didn't find anything related to the
view-source parser, which seems different of the XML one...)
Status -> NEW

I was about to file this bug, first saw it on the SVG Tetris page
(http://www.croczilla.com/svg/samples/svgtetris/svgtetris.svg) View Source ends
the CDATA section at: 

return (coord[0]>

In the script of the SVG because of the "]>" but the CDATA delimiter is "]]>".

Note: Only View-Source closes the CDATA early. The actual CDATA doesn't end
until the real delimiter (i.e. the document is treated correctly.) This can be
confirmed by trying to convert an entity after "]>" but before "]]>". It doesn't
get parsed.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.8b2) Gecko/20050429 Firefox/1.0+

could this bug be the cause of Firefox crashing on
http://www.croczilla.com/svg/samples/svgtetris/svgtetris.svg
when svg is enabled (default), but gdiplus.dll not installed (default for
Windows older than WinXP)? Bug 292222

Other svg doesn´t crash, and it doesn´t crash on Mozilla Suite. Seems the pref
is displayed, but svg not enabled in the suite.

the svg enabled firefox, gdiplus.dll installed, or deleted, shows the full
source, but syntax highlighting shows this bug starting past: return (coord[0]>

  cellInBounds : function(coord) {
    return (coord[0]>=0 && coord[1]>=0 && coord[0]<this._cols &&
coord[1]<this._rows);
Attached patch patch v1Splinter Review 
This patch makes us enforce the correct terminator for CDATA endings (namely,
]]> instead of ]>). This only affects view source.
Assignee: xml → mrbkap
Status: NEW → ASSIGNED
Attachment #182509 - Flags: review?(bzbarsky)
(In reply to comment #2)
> could this bug be the cause of Firefox crashing on
> http://www.croczilla.com/svg/samples/svgtetris/svgtetris.svg

It's doubtful, since this is simply a bug in the view-source tokenization of the
page. XML documents are sent through a real XML parser (and not our HTML parser,
which is where view source tokenization happens).
Attachment #182509 - Flags: review?(bzbarsky) → review+
Attachment #182509 - Flags: superreview?(brendan)
Comment on attachment 182509 [details] [diff] [review]
patch v1

sr=me, and approving for 1.8b2.

/be
Attachment #182509 - Flags: superreview?(brendan)
Attachment #182509 - Flags: superreview+
Attachment #182509 - Flags: approval1.8b2+
Fix checked in.
Status: ASSIGNED → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: