-
Notifications
You must be signed in to change notification settings - Fork 10k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
XFA - Add a parser for XFA files #12879
Conversation
calixteman
commented
Jan 20, 2021
- the parser is base on a class extending XMLParserBase
- it handle xml namespaces:
- each namespace is assocated with a builder
- builder builds nodes belonging to the namespace
- when a node is inserted in the parent namespace compatibility is checked (if required)
- to avoid name collision between xml names and object properties, use Symbol.
The objects in |
0961ba4
to
125b6a5
Compare
125b6a5
to
e5f51d7
Compare
this.element = null; | ||
} | ||
|
||
[$onChild](child) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How does this syntax work? It doesn't look like a valid function name with these special characters in it; is this some kind of way to insert a variable as the function name?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
$onChild
is defined in xfa_object
like this: const $onChild = Symbol();
And the way to use this symbol as a function name is to use brackets:
https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Symbol#symbol_wrapper_objects_as_property_keys
The only way to call this function is to have the symbol so there's no access by name (as a string).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Cool, learned something new then :-)
It's not entirely clear yet as to why this is needed exactly (i.e., why access by name causes conflicts here), but that requires a more in-depth look. This syntax was just something I noticed and didn't know; thanks for explaining this!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In the specs there is something call SOM expressions to select nodes:
http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.364.2157&rep=rep1&type=pdf#page=101&zoom=auto,-207,766
These expressions seem to be used in different places.
And so in order to make easy their interpretation, each part of the expression can be searched as a own property of the object without the need to keep a flag somewhere to check if the property exists by spec or if it is an implementation detail.
And I guess it'll avoid any bad use an attacker could do with specific expressions.
So my idea was to have objects which are the exact reflection of specs in hiding implementations details and thx to that we can enjoy the object model stuff like overriding $onChildCheck
method when a specific node can accept a node from another namespace.
So from my pov, it makes the implementation safer, simpler and reduce memory use (no need to track spec properties...).
And since it's unusual I added this $
symbols to help to see them.
- the parser is base on a class extending XMLParserBase - it handle xml namespaces: * each namespace is assocated with a builder * builder builds nodes belonging to the namespace * when a node is inserted in the parent namespace compatibility is checked (if required) - to avoid name collision between xml names and object properties, use Symbol.
e5f51d7
to
0ff5cd7
Compare
/botio test |
From: Bot.io (Windows)ReceivedCommand cmd_test from @brendandahl received. Current queue size: 0 Live output at: http://3.101.106.178:8877/7363845babd30f9/output.txt |
From: Bot.io (Linux m4)ReceivedCommand cmd_test from @brendandahl received. Current queue size: 0 Live output at: http://54.67.70.0:8877/73961cfd056ac56/output.txt |
From: Bot.io (Linux m4)FailedFull output at http://54.67.70.0:8877/73961cfd056ac56/output.txt Total script time: 26.86 mins
Image differences available at: http://54.67.70.0:8877/73961cfd056ac56/reftest-analyzer.html#web=eq.log |
From: Bot.io (Windows)FailedFull output at http://3.101.106.178:8877/7363845babd30f9/output.txt Total script time: 28.46 mins
Image differences available at: http://3.101.106.178:8877/7363845babd30f9/reftest-analyzer.html#web=eq.log |