Open
Bug 503213
Opened 16 years ago
Updated 3 years ago
[HTML5] Ensure tokenizer and treebuilder don't insert nodes directly
Categories
(Core :: DOM: HTML Parser, enhancement, P5)
Core
DOM: HTML Parser
Tracking
()
NEW
People
(Reporter: jruderman, Unassigned)
Details
One possibility: in debug builds, add a scriptblocker when in the tokenizer or treebuilder, and just before removing it, assert that there are no queued script runners. This has the weirdness of making debug build behavior differ from release build behavior, but only in cases where the debug build would assert.
Another possibility: static analysis ;)
I think this is something that we could use elsewhere where we're running chunks of code that should never cause scripts even attempt to execute. Chunks of layout would probably be able to use this for example.
|
Reporter | |
Comment 2•16 years ago
|
||
I guess the static analysis in bug 477432 would cover this. But something simpler could work here.
|
||
Comment 3•16 years ago
|
||
Is there harm in having a script blocker there in release builds?
No, but it probably wouldn't do us any good either. Note that script blockers generally don't *block* scripts, they just delay them until the last scriptblocker is removed. So at the point when you remove the last scriptblocker you should expect scripts to execute.
The most important goal here though is to detect bugs in our code while fuzzing. Having a release-code scriptblocker doesn't help us with that.
|
|
||
Updated•16 years ago
|
Priority: -- → P5
|
||
Updated•3 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•