Bug 1469580 - Ignore charset= in <meta content> if followed by unmatched quote.
MozReview-Commit-ID: 1Fpdu53sHfY
--- a/parser/html/javasrc/TreeBuilder.java
+++ b/parser/html/javasrc/TreeBuilder.java
@@ -3293,27 +3293,30 @@ public abstract class TreeBuilder<T> imp
case ';':
end = i;
break charsetloop;
default:
continue;
}
}
}
- String charset = null;
if (start != -1) {
if (end == -1) {
- end = buffer.length;
+ if (charsetState == CHARSET_UNQUOTED) {
+ end = buffer.length;
+ } else {
+ return null;
+ }
}
- charset = Portability.newStringFromBuffer(buffer, start, end
+ return Portability.newStringFromBuffer(buffer, start, end
- start
// CPPONLY: , tb, false
);
}
- return charset;
+ return null;
}
private void checkMetaCharset(HtmlAttributes attributes)
throws SAXException {
String charset = attributes.getValue(AttributeName.CHARSET);
if (charset != null) {
if (tokenizer.internalEncodingDeclaration(charset)) {
requestSuspension();
--- a/parser/html/nsHtml5TreeBuilder.cpp
+++ b/parser/html/nsHtml5TreeBuilder.cpp
@@ -2337,25 +2337,28 @@ nsHtml5TreeBuilder::extractCharsetFromCo
default: {
continue;
}
}
}
}
}
charsetloop_end:;
- nsHtml5String charset = nullptr;
if (start != -1) {
if (end == -1) {
- end = buffer.length;
+ if (charsetState == CHARSET_UNQUOTED) {
+ end = buffer.length;
+ } else {
+ return nullptr;
+ }
}
- charset = nsHtml5Portability::newStringFromBuffer(
+ return nsHtml5Portability::newStringFromBuffer(
buffer, start, end - start, tb, false);
}
- return charset;
+ return nullptr;
}
void
nsHtml5TreeBuilder::checkMetaCharset(nsHtml5HtmlAttributes* attributes)
{
nsHtml5String charset =
attributes->getValue(nsHtml5AttributeName::ATTR_CHARSET);
if (charset) {