bool HTMLFrameElementBase::isURLAllowed(const AtomicString& URLString) const { if (URLString.isEmpty()) return true; KURL completeURL(document()->completeURL(URLString.deprecatedString())); completeURL.setRef(DeprecatedString::null); // Don't allow more than 200 total frames in a set. This seems // like a reasonable upper bound, and otherwise mutually recursive // frameset pages can quickly bring the program to its knees with // exponential growth in the number of frames. // FIXME: This limit could be higher, but WebKit has some // algorithms that happen while loading which appear to be N^2 or // worse in the number of frames if (Frame* parentFrame = document()->frame()) if (parentFrame->page()->frameCount() > 200) return false; // We allow one level of self-reference because some sites depend on that. // But we don't allow more than one. bool foundSelfReference = false; for (Frame* frame = document()->frame(); frame; frame = frame->tree()->parent()) { KURL frameURL = frame->loader()->url(); frameURL.setRef(DeprecatedString::null); if (frameURL == completeURL) { if (foundSelfReference) return false; foundSelfReference = true; } } return true; }
void SVGTransformable::parseTransformAttribute(SVGTransformList *list, const AtomicString& transform) { // Split string for handling 1 transform statement at a time DeprecatedStringList subtransforms = DeprecatedStringList::split(')', transform.deprecatedString().simplifyWhiteSpace()); DeprecatedStringList::ConstIterator it = subtransforms.begin(); DeprecatedStringList::ConstIterator end = subtransforms.end(); for (; it != end; ++it) { DeprecatedStringList subtransform = DeprecatedStringList::split('(', (*it)); if (subtransform.count() < 2) break; // invalid transform, ignore. subtransform[0] = subtransform[0].stripWhiteSpace().lower(); subtransform[1] = subtransform[1].simplifyWhiteSpace(); RegularExpression reg("([-]?\\d*\\.?\\d+(?:e[-]?\\d+)?)"); int pos = 0; DeprecatedStringList params; while (pos >= 0) { pos = reg.search(subtransform[1], pos); if (pos != -1) { params += reg.cap(1); pos += reg.matchedLength(); } } if (params.count() < 1) break; if (subtransform[0].startsWith(";") || subtransform[0].startsWith(",")) subtransform[0] = subtransform[0].right(subtransform[0].length() - 1); RefPtr<SVGTransform> t(new SVGTransform()); if (subtransform[0] == "rotate") { if (params.count() == 3) t->setRotate(params[0].toDouble(), params[1].toDouble(), params[2].toDouble()); else if (params.count() == 1) t->setRotate(params[0].toDouble(), 0, 0); } else if (subtransform[0] == "translate") { if (params.count() == 2) t->setTranslate(params[0].toDouble(), params[1].toDouble()); else if (params.count() == 1) // Spec: if only one param given, assume 2nd param to be 0 t->setTranslate(params[0].toDouble(), 0); } else if (subtransform[0] == "scale") { if (params.count() == 2) t->setScale(params[0].toDouble(), params[1].toDouble()); else if (params.count() == 1) // Spec: if only one param given, assume uniform scaling t->setScale(params[0].toDouble(), params[0].toDouble()); } else if (subtransform[0] == "skewx" && (params.count() == 1)) t->setSkewX(params[0].toDouble()); else if (subtransform[0] == "skewy" && (params.count() == 1)) t->setSkewY(params[0].toDouble()); else if (subtransform[0] == "matrix" && (params.count() == 6)) { SVGMatrix *ret = new SVGMatrix(params[0].toDouble(), params[1].toDouble(), params[2].toDouble(), params[3].toDouble(), params[4].toDouble(), params[5].toDouble()); t->setMatrix(ret); } if (t->type() == SVG_TRANSFORM_UNKNOWN) break; // failed to parse a valid transform, abort. list->appendItem(t.release().release()); } }