| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
|
|
|
|
On some site (m.bahn.de) the meta element looked like this:
<meta http-equiv="Refresh" content="0;http://www.bahn.de/m/;fitScript=0/">
To handle the missing 'url=' in the content attribute we extend the
parsing to skip beyond the ';' in case there is no 'url='
reported-by: Andreas Kemnade
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
e.g. details in gbof-read-0_Html_get_attr2.html.asan
|
|
|
|
dw::core::ImgRenderer, not dw::Image (which now implements the former) anymore.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Its content model is 'transparent', meaning that it's supposed to use the
content model of its parent.
|
|
The spec also has some rules about how, for instance, a footer can't go inside
a header, and that sort of thing, but that can wait until we have something
more sophisticated than a collection of IN_* flags.
|
|
Avoids overflow of Num_HEAD variable, its potential problems
and improves HTML bug messages.
The handling algorithm changed to not only care gracefully for
some tag soup cases, but also for malicious HTML.
|
|
Avoids overflow of Num_BODY variable, its potential problems
and improves HTML bug messages.
e.g. details in crash-null_preprocessAttrs.html.asan.
The num-head, num-title, num-body, num-html patch series is a
bundle for the same type of problem/solution.
|
|
Avoids overflow of Num_HTML variable, its potential problems
and improves HTML bug messages.
|
|
Avoids overflow of Num_TITLE variable and improves HTML bug messages.
|
|
It also served to avoid bugs due to nested content in textarea, but this
is handled separately now by the parser (see nested_inputs patch) allowing
the parsing mode to be changed without side effects.
BTW, this patch mimics Firefox's behaviour.
|
|
This patch avoids a family of problems that arise from handling nested inputs.
from invalid memory access up to crashes.
e.g. details in bof-read-47_attachView.html.asan.
This patch is much wider than the above referred instance.
|
|
Problem details in bof-read-0_Html_parse_doctype.html.asan.
Added a strlen check that makes the code work safely for malformed HTML.
(the problem lied in an assumption of well formedness)
|
|
Problem details are in getCurTagLineNumber.html.asan file.
This solution adds a flag to avoid potential HTML bug messages generation for
injected HTML. The problem is that injected HTML lies in a separate buffer
so the line number counter gets lost. BTW, there's no point in the bug message
because the user never sees the browser-injected HTML sources.
In this particular case there was a bug in the original html file that
went unreported. This patch also fixes this.
|
|
I wrote nearly all of this last year, and I've just been going back over it
now. As I recall, I initially also tried: select holds optgroups and options,
and optgroups hold options (instead of this flat array of options, optgroups,
and close-optgroups), but the code wasn't coming out any cleaner, so...
|
|
These lines were a left-over from a previous merge.
noticed-by: corvid <corvid@lavabit.com>
|
|
|
|
I was just looking at distrowatch, and noticed that a menu looked odd.
It turns out that their code goes like
Amarok Live<option value="amaroklive">Amarok Live</option>
Amber<option value="amber">Amber</option>
Ankur Bangla<option value="ankur">Ankur Bangla</option>
Annvix<option value="annvix">Annvix</option>
AnNyung<option value="annyung">AnNyung</option>
Anonym.OS<option value="anonymos">Anonym.OS</option>
for some crazy reason. This led to dillo showing labels like
"AnNyung Anonym.OS".
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
