Closed Bug 1153920 Opened 10 years ago Closed 4 years ago

Bring htmlparser ampersand-error-reporting into conformance with HTML spec

Categories

(Core :: DOM: HTML Parser, defect)

Product:
Core
Component:
DOM: HTML Parser
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
93 Branch
Tracking Flags:
Tracking Status
firefox93 --- fixed

People

(Reporter: sideshowbarker, Assigned: hsivonen)

References

Details

Attachments

(1 file, 7 obsolete files)

Bug 1153920 - Conform ampersand error reporting to HTML spec.
47 bytes, text/x-phabricator-request
Details | Review
see https://bugzilla.validator.nu/show_bug.cgi?id=841 This is a long-standing known issue for which we continue to get validator bug reports. This is the issue that, e.g., ampersands in URLs in href and src values etc. such as http://example.com?foo=bar&hoge=moge are not errors according to the current HTML spec. So reporting errors for them is non-conforming.
Attached patch patch-validator-ampersands (obsolete) — Splinter Review
Attachment #8591755 - Flags: review?(hsivonen)
Attached patch patch for Java sources (obsolete) — Splinter Review
Attachment #8591755 - Attachment is obsolete: true
Attachment #8591755 - Flags: review?(hsivonen)
Attachment #8591774 - Flags: review?(hsivonen)
Attached patch patch for Gecko sources (obsolete) — Splinter Review
Attachment #8591781 - Flags: review?(hsivonen)
Comment on attachment 8591774 [details] [diff] [review] patch for Java sources Review of attachment 8591774 [details] [diff] [review]: ----------------------------------------------------------------- ::: src/nu/validator/htmlparser/impl/Tokenizer.java @@ +3244,5 @@ > // XXX reorder point > + case AMBIGUOUS_AMPERSAND: > + ampersandloop: for (;;) { > + if (reconsume) { > + reconsume = false; It seems that this state is special in the sense that it's always entered into with reconsume set to true. Perhaps that should be asserted here and the 'else' branch be removed. @@ +3259,5 @@ > + || (c >= 'a' && c <= 'z')) { > + appendLongStrBuf(c); > + continue; > + } > + pos--; This is a pattern that doesn't occur elsewhere in the tokenizer. It seems that what's wanted here is reconsume = true; reconsume is set to false near the start of this state. Right now, it seems to me that this state should never consume a character and should always be entered and left with reconsume set to true. This makes this state rather unusual. I will need to think more to understand why it is OK to call appendLongStrBuf(c) in this kind of state that doesn't consume anything and exists mainly for error reporting.
Attached patch Patch for Java sources. (obsolete) — Splinter Review
Attachment #8591774 - Attachment is obsolete: true
Attachment #8591774 - Flags: review?(hsivonen)
Attachment #8600565 - Flags: review?(hsivonen)
Attached patch Patch for Gecko sources. (obsolete) — Splinter Review
Attachment #8591781 - Attachment is obsolete: true
Attachment #8591781 - Flags: review?(hsivonen)
Attachment #8600590 - Flags: review?(hsivonen)
(In reply to Henri Sivonen (:hsivonen) from comment #4) > Comment on attachment 8591774 [details] [diff] [review] > patch for Java sources > > Review of attachment 8591774 [details] [diff] [review]: > ----------------------------------------------------------------- > > ::: src/nu/validator/htmlparser/impl/Tokenizer.java > @@ +3244,5 @@ > > // XXX reorder point > > + case AMBIGUOUS_AMPERSAND: > > + ampersandloop: for (;;) { > > + if (reconsume) { > > + reconsume = false; > > It seems that this state is special in the sense that it's always entered > into with reconsume set to true. Perhaps that should be asserted here and > the 'else' branch be removed. OK, I've made it so in the updated patches most-recently attached. > @@ +3259,5 @@ > > + || (c >= 'a' && c <= 'z')) { > > + appendLongStrBuf(c); > > + continue; > > + } > > + pos--; > > This is a pattern that doesn't occur elsewhere in the tokenizer. It seems > that what's wanted here is > reconsume = true; > > reconsume is set to false near the start of this state. Right now, it seems > to me that this state should never consume a character and should always be > entered and left with reconsume set to true. This makes this state rather > unusual. I will need to think more to understand why it is OK to call > appendLongStrBuf(c) in this kind of state that doesn't consume anything and > exists mainly for error reporting. For that, I've not made any change yet because I couldn't tell if you were saying that we should go ahead and make a change here or if you wanted to hold off any make a change for this until you've had a chance to consider it further.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Comment on attachment 8600565 [details] [diff] [review] Patch for Java sources. Review moved to GitHub after extreme delay. Sorry.
Attachment #8600565 - Flags: review?(hsivonen)
Comment on attachment 8600590 [details] [diff] [review] Patch for Gecko sources. Review moved to GitHub after extreme delay. Sorry.
Attachment #8600590 - Flags: review?(hsivonen)
Attachment #8600565 - Attachment is obsolete: true
Attachment #8600590 - Attachment is obsolete: true

This refines 9ce4bd4 by only buffering if we’re actually inside an
attribute value.

Assignee: nobody → hsivonen
Status: NEW → ASSIGNED

(In reply to Henri Sivonen (:hsivonen) (not reading bugmail until 2020-08-03) from comment #12)

This patch appears to change the DOM in an unwanted way:
https://treeherder.mozilla.org/#/jobs?repo=try&revision=59a15640760bc1c1a4629c90b849cfa43a20c057&selectedTaskRun=GdCS5FrVRbCXm2jscZdZkw.0

Using the current Java sources for the parser — including the https://phabricator.services.mozilla.com/D81992 patch to the Java sources — I can’t reproduce the test failures shown at https://treeherder.mozilla.org/#/jobs?repo=try&revision=59a15640760bc1c1a4629c90b849cfa43a20c057&selectedTaskRun=GdCS5FrVRbCXm2jscZdZkw.0

For example, given this input:

<html><head><body>&ammmp;

…the Java parser produces the expected output — specifically, it outputs the &ammmp; as expected.

See https://validator.w3.org/nu/parsetree/?parser=html5&content=%3Chtml%3E%3Chead%3E%3Cbody%3E%26ammmp%3B&submit=Print+Tree

So I’m wondering if it’s possible that some difference could be getting introduced during the Java-to-C++ translation.

The Java parser can also be tested by doing this:

curl -L -O https://github.com/validator/validator/releases/download/jar/vnu.jar \
  && echo "<html><head><body>&ammmp;" > TEST.html 
  && java -cp vnu.jar nu.validator.htmlparser.test.TreePrinter TEST.html

That outputs this tree:

| <html>
|   <head>
|   <body>
|     "&ammmp;
"

For Bugzilla record: This is being discussed on GitHub. The difference is not from C++ but from where the test harness puts buffer boundaries.

Attachment #9161183 - Attachment is obsolete: true
Attachment #9160900 - Attachment description: Bug 1153920 - Conform ampersand-error reporting to HTML spec. → Bug 1153920 - Conform ampersand-error reporting to HTML spec
Attachment #9160900 - Attachment description: Bug 1153920 - Conform ampersand-error reporting to HTML spec → Bug 1153920 - Conform ampersand error reporting to HTML spec.
Attachment #9237036 - Attachment is obsolete: true
Pushed by hsivonen@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/f8b2924ea4a3 Conform ampersand error reporting to HTML spec. r=smaug
Created web-platform-tests PR https://github.com/web-platform-tests/wpt/pull/30301 for changes under testing/web-platform/tests

https://hg.mozilla.org/mozilla-central/rev/f8b2924ea4a3

Status: ASSIGNED → RESOLVED
Closed: 4 years ago
status-firefox93: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 93 Branch
Upstream PR merged by moz-wptsync-bot
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: