diff options
| author | Jorge Arellano Cid <jcid@dillo.org> | 2013-08-07 11:25:56 -0400 |
|---|---|---|
| committer | Jorge Arellano Cid <jcid@dillo.org> | 2013-08-07 11:25:56 -0400 |
| commit | a29350364b3b340dfa74382f7b61e33f446ddf4d (patch) | |
| tree | 1550f016e33e99a3c64dca9ec896227baa864986 /src/form.cc | |
| parent | 0d0e61f454008dc27d49a3b6a5f1a97f9f81297a (diff) | |
Add nested inputs cleanup and handling.
This patch avoids a family of problems that arise from handling nested inputs.
from invalid memory access up to crashes.
e.g. details in bof-read-47_attachView.html.asan.
This patch is much wider than the above referred instance.
Diffstat (limited to 'src/form.cc')
| -rw-r--r-- | src/form.cc | 29 |
1 files changed, 6 insertions, 23 deletions
diff --git a/src/form.cc b/src/form.cc index 52f777f4..6da5567b 100644 --- a/src/form.cc +++ b/src/form.cc @@ -619,15 +619,7 @@ void Html_tag_open_isindex(DilloHtml *html, const char *tag, int tagsize) void Html_tag_open_textarea(DilloHtml *html, const char *tag, int tagsize) { - if (html->InFlags & IN_TEXTAREA) { - BUG_MSG("nested <textarea>\n"); - html->ReqTagClose = TRUE; - return; - } - if (html->InFlags & IN_SELECT) { - BUG_MSG("<textarea> element inside <select>\n"); - return; - } + assert((html->InFlags & (IN_BUTTON | IN_SELECT | IN_TEXTAREA)) == 0); html->InFlags |= IN_TEXTAREA; } @@ -722,8 +714,8 @@ void Html_tag_close_textarea(DilloHtml *html) ((MultiLineTextResource *)input->embed->getResource ())->setText(str); } - html->InFlags &= ~IN_TEXTAREA; } + html->InFlags &= ~IN_TEXTAREA; } /* @@ -735,10 +727,8 @@ void Html_tag_open_select(DilloHtml *html, const char *tag, int tagsize) const char *attrbuf; int rows = 0; - if (html->InFlags & IN_SELECT) { - BUG_MSG("nested <select>\n"); - return; - } + assert((html->InFlags & (IN_BUTTON | IN_SELECT | IN_TEXTAREA)) == 0); + html->InFlags |= IN_SELECT; html->InFlags &= ~IN_OPTION; @@ -915,16 +905,9 @@ void Html_tag_open_button(DilloHtml *html, const char *tag, int tagsize) DilloHtmlInputType inp_type; char *type; - if (html->InFlags & IN_BUTTON) { - BUG_MSG("nested <button>\n"); - return; - } - if (html->InFlags & IN_SELECT) { - BUG_MSG("<button> element inside <select>\n"); - return; - } - html->InFlags |= IN_BUTTON; + assert((html->InFlags & (IN_BUTTON | IN_SELECT | IN_TEXTAREA)) == 0); + html->InFlags |= IN_BUTTON; type = a_Html_get_attr_wdef(html, tag, tagsize, "type", ""); if (!dStrAsciiCasecmp(type, "button")) { |