summaryrefslogtreecommitdiffstats
path: root/parser/html
diff options
context:
space:
mode:
Diffstat (limited to 'parser/html')
-rw-r--r--parser/html/nsHtml5String.cpp15
-rw-r--r--parser/html/nsHtml5TreeOpExecutor.cpp7
2 files changed, 15 insertions, 7 deletions
diff --git a/parser/html/nsHtml5String.cpp b/parser/html/nsHtml5String.cpp
index 5fa9415f06..7e10080669 100644
--- a/parser/html/nsHtml5String.cpp
+++ b/parser/html/nsHtml5String.cpp
@@ -5,12 +5,11 @@
#include "nsHtml5String.h"
#include "nsCharTraits.h"
#include "nsHtml5TreeBuilder.h"
-#include "nsUTF8Utils.h"
void nsHtml5String::ToString(nsAString& aString) {
switch (GetKind()) {
case eStringBuffer:
- return AsStringBuffer()->ToString(Length(), aString);
+ return aString.Assign(AsStringBuffer(), Length());
case eAtom:
return AsAtom()->ToString(aString);
case eEmpty:
@@ -157,12 +156,14 @@ nsHtml5String nsHtml5String::FromString(const nsAString& aString) {
if (!length) {
return nsHtml5String(eEmpty);
}
- RefPtr<nsStringBuffer> buffer = nsStringBuffer::FromString(aString);
- if (buffer && (length == buffer->StorageSize() / sizeof(char16_t) - 1)) {
- return nsHtml5String(reinterpret_cast<uintptr_t>(buffer.forget().take()) |
- eStringBuffer);
+ if (nsStringBuffer* buffer = aString.GetStringBuffer()) {
+ if (length == buffer->StorageSize() / sizeof(char16_t) - 1) {
+ buffer->AddRef();
+ return nsHtml5String(reinterpret_cast<uintptr_t>(buffer) | eStringBuffer);
+ }
}
- buffer = nsStringBuffer::Alloc((length + 1) * sizeof(char16_t));
+ RefPtr<nsStringBuffer> buffer =
+ nsStringBuffer::Alloc((length + 1) * sizeof(char16_t));
if (!buffer) {
MOZ_CRASH("Out of memory.");
}
diff --git a/parser/html/nsHtml5TreeOpExecutor.cpp b/parser/html/nsHtml5TreeOpExecutor.cpp
index f2c47c42a6..f25949e6cc 100644
--- a/parser/html/nsHtml5TreeOpExecutor.cpp
+++ b/parser/html/nsHtml5TreeOpExecutor.cpp
@@ -1343,6 +1343,13 @@ void nsHtml5TreeOpExecutor::SetSpeculationBase(const nsAString& aURL) {
return;
}
+ // See
+ // https://html.spec.whatwg.org/multipage/semantics.html#set-the-frozen-base-url
+ // data: and javascript: base URLs are not allowed.
+ if (newBaseURI->SchemeIs("data") || newBaseURI->SchemeIs("javascript")) {
+ return;
+ }
+
// Check the document's CSP usually delivered via the CSP header.
if (nsCOMPtr<nsIContentSecurityPolicy> csp = mDocument->GetCsp()) {
// base-uri should not fallback to the default-src and preloads should not