From e22a34badbf7f0826c74af982030bff7fc825dc8 Mon Sep 17 00:00:00 2001 From: Max Wipfli Date: Fri, 16 Jul 2021 00:36:10 +0200 Subject: [PATCH] LibWeb: Fix assertion failures in HTMLTokenizer The *TagName states are all very similar, so it seems to be correct to apply the fix from #8761 to all of those states. This fixes #8788. --- .../LibWeb/HTML/Parser/HTMLTokenizer.cpp | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/Userland/Libraries/LibWeb/HTML/Parser/HTMLTokenizer.cpp b/Userland/Libraries/LibWeb/HTML/Parser/HTMLTokenizer.cpp index bb7e3a4590..c749dd2815 100644 --- a/Userland/Libraries/LibWeb/HTML/Parser/HTMLTokenizer.cpp +++ b/Userland/Libraries/LibWeb/HTML/Parser/HTMLTokenizer.cpp @@ -1910,6 +1910,8 @@ _StartOfFunction: { m_queued_tokens.enqueue(HTMLToken::make_character('<')); m_queued_tokens.enqueue(HTMLToken::make_character('/')); + // NOTE: The spec doesn't mention this, but it seems that m_current_token (an end tag) is just dropped in this case. + m_current_builder.clear(); for (auto code_point : m_temporary_buffer) m_queued_tokens.enqueue(HTMLToken::make_character(code_point)); RECONSUME_IN(RCDATA); @@ -2023,6 +2025,8 @@ _StartOfFunction: { m_queued_tokens.enqueue(HTMLToken::make_character('<')); m_queued_tokens.enqueue(HTMLToken::make_character('/')); + // NOTE: The spec doesn't mention this, but it seems that m_current_token (an end tag) is just dropped in this case. + m_current_builder.clear(); for (auto code_point : m_temporary_buffer) m_queued_tokens.enqueue(HTMLToken::make_character(code_point)); RECONSUME_IN(RAWTEXT); @@ -2192,6 +2196,8 @@ _StartOfFunction: m_queued_tokens.enqueue(HTMLToken::make_character('<')); m_queued_tokens.enqueue(HTMLToken::make_character('/')); + // NOTE: The spec doesn't mention this, but it seems that m_current_token (an end tag) is just dropped in this case. + m_current_builder.clear(); for (auto code_point : m_temporary_buffer) { m_queued_tokens.enqueue(HTMLToken::make_character(code_point)); } @@ -2205,6 +2211,8 @@ _StartOfFunction: m_queued_tokens.enqueue(HTMLToken::make_character('<')); m_queued_tokens.enqueue(HTMLToken::make_character('/')); + // NOTE: The spec doesn't mention this, but it seems that m_current_token (an end tag) is just dropped in this case. + m_current_builder.clear(); for (auto code_point : m_temporary_buffer) { m_queued_tokens.enqueue(HTMLToken::make_character(code_point)); } @@ -2218,6 +2226,8 @@ _StartOfFunction: m_queued_tokens.enqueue(HTMLToken::make_character('<')); m_queued_tokens.enqueue(HTMLToken::make_character('/')); + // NOTE: The spec doesn't mention this, but it seems that m_current_token (an end tag) is just dropped in this case. + m_current_builder.clear(); for (auto code_point : m_temporary_buffer) { m_queued_tokens.enqueue(HTMLToken::make_character(code_point)); } @@ -2239,6 +2249,8 @@ _StartOfFunction: { m_queued_tokens.enqueue(HTMLToken::make_character('<')); m_queued_tokens.enqueue(HTMLToken::make_character('/')); + // NOTE: The spec doesn't mention this, but it seems that m_current_token (an end tag) is just dropped in this case. + m_current_builder.clear(); for (auto code_point : m_temporary_buffer) { m_queued_tokens.enqueue(HTMLToken::make_character(code_point)); } @@ -2519,6 +2531,8 @@ _StartOfFunction: SWITCH_TO(BeforeAttributeName); m_queued_tokens.enqueue(HTMLToken::make_character('<')); m_queued_tokens.enqueue(HTMLToken::make_character('/')); + // NOTE: The spec doesn't mention this, but it seems that m_current_token (an end tag) is just dropped in this case. + m_current_builder.clear(); for (auto code_point : m_temporary_buffer) m_queued_tokens.enqueue(HTMLToken::make_character(code_point)); RECONSUME_IN(ScriptData); @@ -2530,6 +2544,8 @@ _StartOfFunction: SWITCH_TO(SelfClosingStartTag); m_queued_tokens.enqueue(HTMLToken::make_character('<')); m_queued_tokens.enqueue(HTMLToken::make_character('/')); + // NOTE: The spec doesn't mention this, but it seems that m_current_token (an end tag) is just dropped in this case. + m_current_builder.clear(); for (auto code_point : m_temporary_buffer) m_queued_tokens.enqueue(HTMLToken::make_character(code_point)); RECONSUME_IN(ScriptData); @@ -2541,6 +2557,8 @@ _StartOfFunction: SWITCH_TO_AND_EMIT_CURRENT_TOKEN(Data); m_queued_tokens.enqueue(HTMLToken::make_character('<')); m_queued_tokens.enqueue(HTMLToken::make_character('/')); + // NOTE: The spec doesn't mention this, but it seems that m_current_token (an end tag) is just dropped in this case. + m_current_builder.clear(); for (auto code_point : m_temporary_buffer) m_queued_tokens.enqueue(HTMLToken::make_character(code_point)); RECONSUME_IN(ScriptData);