[chromium-blink-merge.git] / third_party / WebKit / Source / core / html / parser / HTMLDocumentParser.cpp
| blob | 868e71e8c160c3c41f126250859126989ad402f7 |
1 /*
2 * Copyright (C) 2010 Google, Inc. All Rights Reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the
11 * documentation and/or other materials provided with the distribution.
12 *
13 * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
14 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
16 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
17 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
18 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
19 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
20 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
21 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
23 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24 */
62 // This is a direct transcription of step 4 from:
63 // http://www.whatwg.org/specs/web-apps/current-work/multipage/the-end.html#fragment-case
64 static HTMLTokenizer::State tokenizerStateForContextElement(Element* contextElement, bool reportErrors, const HTMLParserOptions& options)
65 {
85 }
87 class ParserDataReceiver final : public RefCountedWillBeGarbageCollectedFinalized<ParserDataReceiver>, public ThreadedDataReceiver, public DocumentLifecycleObserver {
90 static PassRefPtrWillBeRawPtr<ParserDataReceiver> create(WeakPtr<BackgroundHTMLParser> backgroundParser, Document* document)
91 {
93 }
95 #if !ENABLE(OILPAN)
98 #endif
100 // ThreadedDataReceiver
102 {
106 }
109 {
114 }
117 void acceptMainthreadDataNotification(const char* data, int dataLength, int encodedDataLength) override
118 {
121 lifecycleContext()->loader()->acceptDataFromThreadedReceiver(data, dataLength, encodedDataLength);
122 }
125 {
127 }
133 {
134 }
137 };
139 HTMLDocumentParser::HTMLDocumentParser(HTMLDocument& document, bool reportErrors, ParserSynchronizationPolicy syncPolicy)
143 , m_tokenizer(syncPolicy == ForceSynchronousParsing ? HTMLTokenizer::create(m_options) : nullptr)
145 , m_treeBuilder(HTMLTreeBuilder::create(this, &document, parserContentPolicy(), reportErrors, m_options))
157 {
159 }
161 // FIXME: Member variables should be grouped into self-initializing structs to
162 // minimize code duplication between these constructors.
163 HTMLDocumentParser::HTMLDocumentParser(DocumentFragment* fragment, Element* contextElement, ParserContentPolicy parserContentPolicy)
168 , m_treeBuilder(HTMLTreeBuilder::create(this, fragment, contextElement, this->parserContentPolicy(), m_options))
177 {
179 m_tokenizer->setState(tokenizerStateForContextElement(contextElement, reportErrors, m_options));
181 }
184 {
185 #if ENABLE(OILPAN)
188 // In Oilpan, HTMLDocumentParser can die together with Document, and
189 // detach() is not called in this case.
190 #else
196 // FIXME: We should be able to ASSERT(m_speculations.isEmpty()),
197 // but there are cases where that's not true currently. For example,
198 // we we're told to stop parsing before we've consumed all the input.
199 #endif
200 }
203 {
210 }
213 {
220 // FIXME: It seems wrong that we would have a preload scanner here.
221 // Yet during fast/dom/HTMLScriptElement/script-load-events.html we do.
227 }
228 // Oilpan: It is important to clear m_token to deallocate backing memory of
229 // HTMLToken::m_data and let the allocator reuse the memory for
230 // HTMLToken::m_data of a next HTMLDocumentParser. We need to clear
231 // m_tokenizer first because m_tokenizer has a raw pointer to m_token.
234 }
237 {
242 }
245 }
247 // This kicks off "Once the user agent stops parsing" as described by:
248 // http://www.whatwg.org/specs/web-apps/current-work/multipage/the-end.html#the-end
250 {
251 // FIXME: It may not be correct to disable this for the background parser.
252 // That means hasInsertionPoint() may not be correct in some cases.
255 // pumpTokenizer can cause this parser to be detached from the Document,
256 // but we need to ensure it isn't deleted yet.
259 // NOTE: This pump should only ever emit buffered character tokens.
263 }
270 // We will not have a scriptRunner when parsing a DocumentFragment.
274 // Setting the ready state above can fire mutation event and detach us
275 // from underneath. In that case, just bail out.
280 }
283 {
285 }
288 {
290 }
293 {
298 }
301 {
303 }
305 // Used by HTMLParserScheduler
307 {
311 // pumpPendingSpeculations can cause this parser to be detached from the Document,
312 // but we need to ensure it isn't deleted yet.
315 }
318 {
322 RefPtrWillBeRawPtr<Element> scriptElement = m_treeBuilder->takeScriptToProcess(scriptStartPosition);
323 // We will not have a scriptRunner when parsing a DocumentFragment.
326 }
329 {
334 // If we're paused waiting for a script, we try to execute scripts before continuing.
340 }
342 // FIXME: It's wrong for the HTMLDocumentParser to reach back to the
343 // LocalFrame, but this approach is how the old parser handled
344 // stopping when the page assigns window.location. What really
345 // should happen is that assigning window.location causes the
346 // parser to stop parsing cleanly. The problem is we're not
347 // perpared to do that at every point where we run JavaScript.
353 }
355 void HTMLDocumentParser::didReceiveParsedChunkFromBackgroundParser(PassOwnPtr<ParsedChunk> chunk)
356 {
362 // ApplicationCache needs to be initialized before issuing preloads.
363 // We suspend preload until HTMLHTMLElement is inserted and
364 // ApplicationCache is initialized.
369 // We can safely assume that there are no queued preloads request after
370 // the document element is available, as we empty the queue immediately
371 // after the document element is created in pumpPendingSpeculations().
374 }
381 else
383 }
384 }
386 void HTMLDocumentParser::didReceiveEncodingDataFromBackgroundParser(const DocumentEncodingData& data)
387 {
389 }
392 {
395 // We're waiting on a network script, just save the chunk, we'll get
396 // a second validateSpeculations call after the script completes.
397 // This call should have been made immediately after runScriptsForPausedTreeBuilder
398 // which may have started a network load and left us waiting.
402 }
409 // There must not have been any changes to the HTMLTokenizer state on
410 // the main thread, which means the speculation buffer is correct.
412 }
414 // Currently we're only smart enough to reuse the speculation buffer if the tokenizer
415 // both starts and ends in the DataState. That state is simplest because the HTMLToken
416 // is always in the Uninitialized state. We should consider whether we can reuse the
417 // speculation buffer in other states, but we'd likely need to do something more
418 // sophisticated with the HTMLToken.
425 }
428 }
430 void HTMLDocumentParser::discardSpeculationsAndResumeFrom(PassOwnPtr<ParsedChunk> lastChunkBeforeScript, PassOwnPtr<HTMLToken> token, PassOwnPtr<HTMLTokenizer> tokenizer)
431 {
435 OwnPtr<BackgroundHTMLParser::Checkpoint> checkpoint = adoptPtr(new BackgroundHTMLParser::Checkpoint);
446 HTMLParserThread::shared()->postTask(threadSafeBind(&BackgroundHTMLParser::resumeFrom, AllowCrossThreadAccess(m_backgroundParser), checkpoint.release()));
447 }
449 size_t HTMLDocumentParser::processParsedChunkFromBackgroundParser(PassOwnPtr<ParsedChunk> popChunk)
450 {
458 #if !ENABLE(OILPAN)
459 // ASSERT that this object is both attached to the Document and protected.
461 #endif
471 HTMLParserThread::shared()->postTask(threadSafeBind(&BackgroundHTMLParser::startedChunkWithCheckpoint, AllowCrossThreadAccess(m_backgroundParser), chunk->inputCheckpoint));
478 }
480 for (Vector<CompactHTMLToken>::const_iterator it = tokens->begin(); it != tokens->end(); ++it) {
483 if (!chunk->startingScript && (it->type() == HTMLToken::StartTag || it->type() == HTMLToken::EndTag))
484 elementTokenCount++;
486 if (document()->frame() && document()->frame()->navigationScheduler().locationChangePending()) {
488 // To match main-thread parser behavior (which never checks locationChangePending on the EOF path)
489 // we peek to see if this chunk has an EOF and process it anyway.
493 }
495 }
508 ASSERT(it + 1 == tokens->end()); // The </script> is assumed to be the last token of this bunch.
512 }
519 }
523 }
525 // Make sure all required pending text nodes are emitted before returning.
526 // This leaves "script", "style" and "svg" nodes text nodes intact.
533 }
536 {
537 #if !ENABLE(OILPAN)
538 // ASSERT that this object is both attached to the Document and protected.
540 #endif
541 // If this assert fails, you need to call validateSpeculations to make sure
542 // m_tokenizer and m_token don't have state that invalidates m_speculations.
551 // FIXME: Here should never be reached when there is a blocking script,
552 // but it happens in unknown scenarios. See https://crbug.com/440901
556 }
558 // Do not allow pumping speculations in nested event loops.
562 }
564 // FIXME: Pass in current input length.
565 TRACE_EVENT_BEGIN1("devtools.timeline", "ParseHTML", "beginData", InspectorParseHtmlEvent::beginData(document(), lineNumber().zeroBasedInt()));
567 SpeculationsPumpSession session(m_pumpSpeculationsSessionNestingLevel, contextForParsingSession());
573 // Always check isParsing first as m_document may be null.
574 // Surprisingly, isScheduledForResume() may be set here as a result of
575 // processParsedChunkFromBackgroundParser running arbitrary javascript
576 // which invokes nested event loops. (e.g. inspector breakpoints)
580 if (m_speculations.isEmpty() || m_parserScheduler->yieldIfNeeded(session, m_speculations.first()->startingScript))
582 }
584 TRACE_EVENT_END1("devtools.timeline", "ParseHTML", "endData", InspectorParseHtmlEvent::endData(lineNumber().zeroBasedInt() - 1));
585 TRACE_EVENT_INSTANT1(TRACE_DISABLED_BY_DEFAULT("devtools.timeline"), "UpdateCounters", TRACE_EVENT_SCOPE_THREAD, "data", InspectorUpdateCountersEvent::data());
586 }
589 {
591 // This method is called before any data is appended, so we have to start
592 // the background parser ourselves.
596 HTMLParserThread::shared()->postTask(threadSafeBind(&BackgroundHTMLParser::forcePlaintextForTextDocument, AllowCrossThreadAccess(m_backgroundParser)));
599 }
602 {
603 // The parsing session should interact with the document only when parsing
604 // non-fragments. Otherwise, we might delay the load event mistakenly.
608 }
611 {
613 #if !ENABLE(OILPAN)
614 // ASSERT that this object is both attached to the Document and protected.
616 #endif
622 // We tell the InspectorInstrumentation about every pump, even if we
623 // end up pumping nothing. It can filter out empty pumps itself.
624 // FIXME: m_input.current().length() is only accurate if we
625 // end up parsing the whole buffer in this pump. We should pass how
626 // much we parsed as part of didWriteHTML instead of willWriteHTML.
627 TRACE_EVENT_BEGIN1("devtools.timeline", "ParseHTML", "beginData", InspectorParseHtmlEvent::beginData(document(), m_input.current().currentLine().zeroBasedInt()));
642 // We do not XSS filter innerHTML, which means we (intentionally) fail
643 // http/tests/security/xssAuditor/dom-write-innerHTML.html
644 if (OwnPtr<XSSInfo> xssInfo = m_xssAuditor.filterToken(FilterTokenRequest(token(), m_sourceTracker, m_tokenizer->shouldAllowCDATA())))
646 }
650 }
652 #if !ENABLE(OILPAN)
653 // Ensure we haven't been totally deref'ed after pumping. Any caller of this
654 // function should be holding a RefPtr to this to ensure we weren't deleted.
656 #endif
661 // There should only be PendingText left since the tree-builder always flushes
662 // the task queue before returning. In case that ever changes, crash.
670 // TODO(kouhei): m_preloader should be always available for synchronous parsing case,
671 // adding paranoia if for speculative crash fix for crbug.com/465478
678 }
680 }
681 }
683 TRACE_EVENT_END1("devtools.timeline", "ParseHTML", "endData", InspectorParseHtmlEvent::endData(m_input.current().currentLine().zeroBasedInt() - 1));
684 }
687 {
690 // We clear the m_token in case constructTreeFromAtomicToken
691 // synchronously re-enters the parser. We don't clear the token immedately
692 // for Character tokens because the AtomicHTMLToken avoids copying the
693 // characters by keeping a pointer to the underlying buffer in the
694 // HTMLToken. Fortunately, Character tokens can't cause us to re-enter
695 // the parser.
696 //
697 // FIXME: Stop clearing the m_token once we start running the parser off
698 // the main thread or once we stop allowing synchronous JavaScript
699 // execution from parseAttribute.
705 // FIXME: constructTree may synchronously cause Document to be detached.
712 }
713 }
715 void HTMLDocumentParser::constructTreeFromCompactHTMLToken(const CompactHTMLToken& compactToken)
716 {
719 }
722 {
723 // FIXME: The wasCreatedByScript() branch here might not be fully correct.
724 // Our model of the EOF character differs slightly from the one in
725 // the spec because our treatment is uniform between network-sourced
726 // and script-sourced input streams whereas the spec treats them
727 // differently.
729 }
732 {
738 // pumpTokenizer can cause this parser to be detached from the Document,
739 // but we need to ensure it isn't deleted yet.
747 }
755 // Check the document.write() output with a separate preload scanner as
756 // the main scanner can't deal with insertions.
761 }
765 }
768 }
771 {
778 RefPtr<WeakReference<BackgroundHTMLParser>> reference = WeakReference<BackgroundHTMLParser>::createUnbound();
781 // FIXME(oysteine): Disabled due to crbug.com/398076 until a full fix can be implemented.
784 loader->attachThreadedDataReceiver(ParserDataReceiver::create(m_backgroundParser, document()->contextDocument().get()));
785 }
787 OwnPtr<BackgroundHTMLParser::Configuration> config = adoptPtr(new BackgroundHTMLParser::Configuration);
792 config->preloadScanner = adoptPtr(new TokenPreloadScanner(document()->url().copy(), CachedDocumentParameters::create(document())));
796 config->outstandingTokenLimit = document()->settings()->backgroundHtmlParserOutstandingTokenLimit();
799 }
803 HTMLParserThread::shared()->postTask(threadSafeBind(&BackgroundHTMLParser::start, reference.release(), config.release(),
805 }
808 {
813 HTMLParserThread::shared()->postTask(threadSafeBind(&BackgroundHTMLParser::stop, AllowCrossThreadAccess(m_backgroundParser)));
815 }
818 {
822 // We should never reach this point if we're using a parser thread,
823 // as appendBytes() will directly ship the data to the thread.
826 // pumpTokenizer can cause this parser to be detached from the Document,
827 // but we need to ensure it isn't deleted yet.
829 TRACE_EVENT1(TRACE_DISABLED_BY_DEFAULT("blink.debug"), "HTMLDocumentParser::append", "size", inputSource.length());
834 // We have parsed until the end of the current input and so are now moving ahead of the preload scanner.
835 // Clear the scanner so we know to scan starting from the current input point if we block again.
841 }
842 }
847 // We've gotten data off the network in a nested write.
848 // We don't want to consume any more of the input stream now. Do
849 // not worry. We'll consume this data in a less-nested write().
851 }
856 }
859 {
866 // Informs the the rest of WebCore that parsing is really finished (and deletes this).
870 }
873 {
875 // FIXME: It may not be correct to disable this for the background parser.
876 // That means hasInsertionPoint() may not be correct in some cases.
881 }
884 {
885 // finish() indicates we will not receive any more data. If we are waiting on
886 // an external script to load, we can't finish parsing quite yet.
891 }
893 }
896 {
897 // If we've already been detached, don't bother ending.
906 }
909 {
910 // FIXME: We should ASSERT(!m_parserStopped) here, since it does not
911 // makes sense to call any methods on DocumentParser once it's been stopped.
912 // However, FrameLoader::stop calls DocumentParser::finish unconditionally.
914 // flush may ending up executing arbitrary script, and possibly detach the parser.
920 // Empty documents never got an append() call, and thus have never started
921 // a background parser. In those cases, we ignore shouldUseThreading()
922 // and fall through to the non-threading case.
926 HTMLParserThread::shared()->postTask(threadSafeBind(&BackgroundHTMLParser::finish, AllowCrossThreadAccess(m_backgroundParser)));
928 }
932 // We're finishing before receiving any data. Rather than booting up
933 // the background parser just to spin it down, we finish parsing
934 // synchronously.
937 }
939 // We're not going to get any more data off the network, so we tell the
940 // input stream we've reached the end of file. finish() can be called more
941 // than once, if the first time does not call end().
946 }
949 {
953 }
956 {
958 }
961 {
966 }
969 {
978 }
981 {
982 // When the TreeBuilder encounters a </script> tag, it returns to the HTMLDocumentParser
983 // where the script is transfered from the treebuilder to the script runner.
984 // The script runner will hold the script until its loaded and run. During
985 // any of this time, we want to count ourselves as "waiting for a script" and thus
986 // run the preload scanner, as well as delay completion of parsing.
988 bool scriptRunnerHasBlockingScript = m_scriptRunner && m_scriptRunner->hasParserBlockingScript();
989 // Since the parser is paused while a script runner has a blocking script, it should
990 // never be possible to end up with both objects holding a blocking script.
992 // If either object has a blocking script, the parser should be paused.
994 }
997 {
1004 // processParsedChunkFromBackgroundParser can cause this parser to be detached from the Document,
1005 // but we need to ensure it isn't deleted yet.
1009 }
1014 }
1017 {
1021 }
1024 {
1025 // pumpTokenizer can cause this parser to be detached from the Document,
1026 // but we need to ensure it isn't deleted yet.
1034 }
1039 }
1044 }
1047 {
1048 // Document only calls this when the Document owns the DocumentParser
1049 // so this will not be called in the DocumentFragment case.
1051 // Ignore calls unless we have a script blocking the parser waiting on a
1052 // stylesheet load. Otherwise we are currently parsing and this
1053 // is a re-entrant call from encountering a </ style> tag.
1057 // pumpTokenizer can cause this parser to be detached from the Document,
1058 // but we need to ensure it isn't deleted yet.
1063 }
1065 void HTMLDocumentParser::parseDocumentFragment(const String& source, DocumentFragment* fragment, Element* contextElement, ParserContentPolicy parserContentPolicy)
1066 {
1067 RefPtrWillBeRawPtr<HTMLDocumentParser> parser = HTMLDocumentParser::create(fragment, contextElement, parserContentPolicy);
1072 }
1075 {
1080 }
1083 {
1088 }
1091 {
1101 TRACE_EVENT1(TRACE_DISABLED_BY_DEFAULT("blink.debug"), "HTMLDocumentParser::appendBytes", "size", (unsigned)length);
1103 HTMLParserThread::shared()->postTask(threadSafeBind(&BackgroundHTMLParser::appendRawBytesFromMainThread, AllowCrossThreadAccess(m_backgroundParser), buffer.release()));
1105 }
1108 }
1111 {
1112 // If we've got no decoder, we never received any data.
1117 HTMLParserThread::shared()->postTask(threadSafeBind(&BackgroundHTMLParser::flush, AllowCrossThreadAccess(m_backgroundParser)));
1118 else
1120 }
1123 {
1128 HTMLParserThread::shared()->postTask(threadSafeBind(&BackgroundHTMLParser::setDecoder, AllowCrossThreadAccess(m_backgroundParser), takeDecoder()));
1129 }
1131 }