diff -r 000000000000 -r 4f2f89ce4247 WebCore/html/LegacyHTMLDocumentParser.cpp
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/WebCore/html/LegacyHTMLDocumentParser.cpp	Fri Sep 17 09:02:29 2010 +0300
@@ -0,0 +1,2126 @@
+/*
+    Copyright (C) 1997 Martin Jones (mjones@kde.org)
+              (C) 1997 Torben Weis (weis@kde.org)
+              (C) 1998 Waldo Bastian (bastian@kde.org)
+              (C) 1999 Lars Knoll (knoll@kde.org)
+              (C) 1999 Antti Koivisto (koivisto@kde.org)
+              (C) 2001 Dirk Mueller (mueller@kde.org)
+    Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009 Apple Inc. All rights reserved.
+    Copyright (C) 2005, 2006 Alexey Proskuryakov (ap@nypop.com)
+    Copyright (C) 2009 Torch Mobile Inc. All rights reserved. (http://www.torchmobile.com/)
+
+    This library is free software; you can redistribute it and/or
+    modify it under the terms of the GNU Library General Public
+    License as published by the Free Software Foundation; either
+    version 2 of the License, or (at your option) any later version.
+
+    This library is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+    Library General Public License for more details.
+
+    You should have received a copy of the GNU Library General Public License
+    along with this library; see the file COPYING.LIB.  If not, write to
+    the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+    Boston, MA 02110-1301, USA.
+*/
+
+#include "config.h"
+#include "LegacyHTMLDocumentParser.h"
+
+#include "Attribute.h"
+#include "CSSHelper.h"
+#include "Cache.h"
+#include "CachedScript.h"
+#include "DocLoader.h"
+#include "DocumentFragment.h"
+#include "Event.h"
+#include "EventNames.h"
+#include "Frame.h"
+#include "FrameLoader.h"
+#include "FrameView.h"
+#include "HTMLElement.h"
+#include "HTMLNames.h"
+#include "LegacyHTMLTreeBuilder.h"
+#include "HTMLScriptElement.h"
+#include "HTMLViewSourceDocument.h"
+#include "ImageLoader.h"
+#include "InspectorTimelineAgent.h"
+#include "Page.h"
+#include "LegacyPreloadScanner.h"
+#include "ScriptSourceCode.h"
+#include "ScriptValue.h"
+#include "XSSAuditor.h"
+#include <wtf/ASCIICType.h>
+#include <wtf/CurrentTime.h>
+
+#include "HTMLEntityNames.cpp"
+
+#define PRELOAD_SCANNER_ENABLED 1
+
+using namespace WTF;
+using namespace std;
+
+namespace WebCore {
+
+using namespace HTMLNames;
+
+// This value is used to define how many loops (approximately tokens)
+// the parser will make before checking if it should yield.
+// To increase responsiveness reduce both ChunkSize and TimeDelay contants.
+static const int defaultTokenizerChunkSize = 4096;
+
+// FIXME: We would like this constant to be 200ms.
+// Yielding more aggressively results in increased responsiveness and better incremental rendering.
+// It slows down overall page-load on slower machines, though, so for now we set a value of 500.
+// TimeDelay controls the maximum time the parser will run before yielding.
+// Inline script execution can cause the parser to excede this limit.
+static const double defaultTokenizerTimeDelay = 0.500;
+
+static const char commentStart [] = "<!--";
+static const char doctypeStart [] = "<!doctype";
+static const char publicStart [] = "public";
+static const char systemStart [] = "system";
+static const char scriptEnd [] = "</script";
+static const char xmpEnd [] = "</xmp";
+static const char styleEnd [] =  "</style";
+static const char textareaEnd [] = "</textarea";
+static const char titleEnd [] = "</title";
+static const char iframeEnd [] = "</iframe";
+
+// Full support for MS Windows extensions to Latin-1.
+// Technically these extensions should only be activated for pages
+// marked "windows-1252" or "cp1252", but
+// in the standard Microsoft way, these extensions infect hundreds of thousands
+// of web pages.  Note that people with non-latin-1 Microsoft extensions
+// are SOL.
+//
+// See: http://www.microsoft.com/globaldev/reference/WinCP.asp
+//      http://www.bbsinc.com/iso8859.html
+//      http://www.obviously.com/
+//
+// There may be better equivalents
+
+// We only need this for entities. For non-entity text, we handle this in the text encoding.
+
+static const UChar windowsLatin1ExtensionArray[32] = {
+    0x20AC, 0x0081, 0x201A, 0x0192, 0x201E, 0x2026, 0x2020, 0x2021, // 80-87
+    0x02C6, 0x2030, 0x0160, 0x2039, 0x0152, 0x008D, 0x017D, 0x008F, // 88-8F
+    0x0090, 0x2018, 0x2019, 0x201C, 0x201D, 0x2022, 0x2013, 0x2014, // 90-97
+    0x02DC, 0x2122, 0x0161, 0x203A, 0x0153, 0x009D, 0x017E, 0x0178  // 98-9F
+};
+
+static inline UChar fixUpChar(UChar c)
+{
+    if ((c & ~0x1F) != 0x0080)
+        return c;
+    return windowsLatin1ExtensionArray[c - 0x80];
+}
+
+static inline bool tagMatch(const char* s1, const UChar* s2, unsigned length)
+{
+    for (unsigned i = 0; i != length; ++i) {
+        unsigned char c1 = s1[i];
+        unsigned char uc1 = toASCIIUpper(static_cast<char>(c1));
+        UChar c2 = s2[i];
+        if (c1 != c2 && uc1 != c2)
+            return false;
+    }
+    return true;
+}
+
+inline void Token::addAttribute(AtomicString& attrName, const AtomicString& attributeValue, bool viewSourceMode)
+{
+    if (!attrName.isEmpty()) {
+        ASSERT(!attrName.contains('/'));
+        RefPtr<Attribute> a = Attribute::createMapped(attrName, attributeValue);
+        if (!attrs) {
+            attrs = NamedNodeMap::create();
+            attrs->reserveInitialCapacity(10);
+        }
+        attrs->insertAttribute(a.release(), viewSourceMode);
+    }
+
+    attrName = emptyAtom;
+}
+
+// ----------------------------------------------------------------------------
+
+LegacyHTMLDocumentParser::LegacyHTMLDocumentParser(HTMLDocument* document, bool reportErrors)
+    : ScriptableDocumentParser(document)
+    , m_buffer(0)
+    , m_scriptCode(0)
+    , m_scriptCodeSize(0)
+    , m_scriptCodeCapacity(0)
+    , m_scriptCodeResync(0)
+    , m_executingScript(0)
+    , m_requestingScript(false)
+    , m_hasScriptsWaitingForStylesheets(false)
+    , m_timer(this, &LegacyHTMLDocumentParser::timerFired)
+    , m_externalScriptsTimer(this, &LegacyHTMLDocumentParser::executeExternalScriptsTimerFired)
+    , m_treeBuilder(new LegacyHTMLTreeBuilder(document, reportErrors))
+    , m_inWrite(false)
+    , m_fragment(false)
+    , m_scriptingPermission(FragmentScriptingAllowed)
+{
+    begin();
+}
+
+LegacyHTMLDocumentParser::LegacyHTMLDocumentParser(HTMLViewSourceDocument* document)
+    : ScriptableDocumentParser(document, true)
+    , m_buffer(0)
+    , m_scriptCode(0)
+    , m_scriptCodeSize(0)
+    , m_scriptCodeCapacity(0)
+    , m_scriptCodeResync(0)
+    , m_executingScript(0)
+    , m_requestingScript(false)
+    , m_hasScriptsWaitingForStylesheets(false)
+    , m_timer(this, &LegacyHTMLDocumentParser::timerFired)
+    , m_externalScriptsTimer(this, &LegacyHTMLDocumentParser::executeExternalScriptsTimerFired)
+    , m_inWrite(false)
+    , m_fragment(false)
+    , m_scriptingPermission(FragmentScriptingAllowed)
+{
+    begin();
+}
+
+LegacyHTMLDocumentParser::LegacyHTMLDocumentParser(DocumentFragment* frag, FragmentScriptingPermission scriptingPermission)
+    : ScriptableDocumentParser(frag->document())
+    , m_buffer(0)
+    , m_scriptCode(0)
+    , m_scriptCodeSize(0)
+    , m_scriptCodeCapacity(0)
+    , m_scriptCodeResync(0)
+    , m_executingScript(0)
+    , m_requestingScript(false)
+    , m_hasScriptsWaitingForStylesheets(false)
+    , m_timer(this, &LegacyHTMLDocumentParser::timerFired)
+    , m_externalScriptsTimer(this, &LegacyHTMLDocumentParser::executeExternalScriptsTimerFired)
+    , m_treeBuilder(new LegacyHTMLTreeBuilder(frag, scriptingPermission))
+    , m_inWrite(false)
+    , m_fragment(true)
+    , m_scriptingPermission(scriptingPermission)
+{
+    begin();
+}
+
+void LegacyHTMLDocumentParser::reset()
+{
+    ASSERT(m_executingScript == 0);
+
+    while (!m_pendingScripts.isEmpty()) {
+        CachedResourceHandle<CachedScript> cs = m_pendingScripts.takeFirst();
+        ASSERT(cache()->disabled() || cs->accessCount() > 0);
+        cs->removeClient(this);
+    }
+
+    fastFree(m_buffer);
+    m_buffer = m_dest = 0;
+    m_bufferSize = 0;
+
+    fastFree(m_scriptCode);
+    m_scriptCode = 0;
+    m_scriptCodeSize = m_scriptCodeCapacity = m_scriptCodeResync = 0;
+
+    m_timer.stop();
+    m_externalScriptsTimer.stop();
+
+    m_state.setAllowYield(false);
+    m_state.setForceSynchronous(false);
+
+    m_currentToken.reset();
+    m_doctypeToken.reset();
+    m_doctypeSearchCount = 0;
+    m_doctypeSecondarySearchCount = 0;
+    m_hasScriptsWaitingForStylesheets = false;
+}
+
+void LegacyHTMLDocumentParser::begin()
+{
+    m_executingScript = 0;
+    m_requestingScript = false;
+    m_hasScriptsWaitingForStylesheets = false;
+    m_state.setLoadingExtScript(false);
+    reset();
+    m_bufferSize = 254;
+    m_buffer = static_cast<UChar*>(fastMalloc(sizeof(UChar) * 254));
+    m_dest = m_buffer;
+    tquote = NoQuote;
+    searchCount = 0;
+    m_state.setEntityState(NoEntity);
+    m_scriptTagSrcAttrValue = String();
+    m_pendingSrc.clear();
+    m_currentPrependingSrc = 0;
+    m_noMoreData = false;
+    m_brokenComments = false;
+    m_brokenServer = false;
+    m_lineNumber = 0;
+    m_currentScriptTagStartLineNumber = 0;
+    m_currentTagStartLineNumber = 0;
+    m_state.setForceSynchronous(false);
+
+    Page* page = document()->page();
+    if (page && page->hasCustomHTMLTokenizerTimeDelay())
+        m_tokenizerTimeDelay = page->customHTMLTokenizerTimeDelay();
+    else
+        m_tokenizerTimeDelay = defaultTokenizerTimeDelay;
+
+    if (page && page->hasCustomHTMLTokenizerChunkSize())
+        m_tokenizerChunkSize = page->customHTMLTokenizerChunkSize();
+    else
+        m_tokenizerChunkSize = defaultTokenizerChunkSize;
+}
+
+void LegacyHTMLDocumentParser::setForceSynchronous(bool force)
+{
+    m_state.setForceSynchronous(force);
+}
+
+LegacyHTMLDocumentParser::State LegacyHTMLDocumentParser::processListing(SegmentedString list, State state)
+{
+    // This function adds the listing 'list' as
+    // preformatted text-tokens to the token-collection
+    while (!list.isEmpty()) {
+        if (state.skipLF()) {
+            state.setSkipLF(false);
+            if (*list == '\n') {
+                list.advance();
+                continue;
+            }
+        }
+
+        checkBuffer();
+
+        if (*list == '\n' || *list == '\r') {
+            if (state.discardLF())
+                // Ignore this LF
+                state.setDiscardLF(false); // We have discarded 1 LF
+            else
+                *m_dest++ = '\n';
+
+            /* Check for MS-DOS CRLF sequence */
+            if (*list == '\r')
+                state.setSkipLF(true);
+
+            list.advance();
+        } else {
+            state.setDiscardLF(false);
+            *m_dest++ = *list;
+            list.advance();
+        }
+    }
+
+    return state;
+}
+
+LegacyHTMLDocumentParser::State LegacyHTMLDocumentParser::parseNonHTMLText(SegmentedString& src, State state)
+{
+    ASSERT(state.inTextArea() || state.inTitle() || state.inIFrame() || !state.hasEntityState());
+    ASSERT(!state.hasTagState());
+    ASSERT(state.inXmp() + state.inTextArea() + state.inTitle() + state.inStyle() + state.inScript() + state.inIFrame() == 1);
+    if (state.inScript() && !m_currentScriptTagStartLineNumber)
+        m_currentScriptTagStartLineNumber = m_lineNumber;
+
+    if (state.inComment())
+        state = parseComment(src, state);
+
+    int lastDecodedEntityPosition = -1;
+    while (!src.isEmpty()) {
+        checkScriptBuffer();
+        UChar ch = *src;
+
+        if (!m_scriptCodeResync && !m_brokenComments &&
+            !state.inXmp() && ch == '-' && m_scriptCodeSize >= 3 && !src.escaped() &&
+            m_scriptCode[m_scriptCodeSize - 3] == '<' && m_scriptCode[m_scriptCodeSize - 2] == '!' && m_scriptCode[m_scriptCodeSize - 1] == '-' &&
+            (lastDecodedEntityPosition < m_scriptCodeSize - 3)) {
+            state.setInComment(true);
+            state = parseComment(src, state);
+            continue;
+        }
+        if (m_scriptCodeResync && !tquote && ch == '>') {
+            src.advancePastNonNewline();
+            m_scriptCodeSize = m_scriptCodeResync - 1;
+            m_scriptCodeResync = 0;
+            m_scriptCode[m_scriptCodeSize] = m_scriptCode[m_scriptCodeSize + 1] = 0;
+            if (state.inScript())
+                state = scriptHandler(state);
+            else {
+                state = processListing(SegmentedString(m_scriptCode, m_scriptCodeSize), state);
+                processToken();
+                if (state.inStyle()) {
+                    m_currentToken.tagName = styleTag.localName();
+                    m_currentToken.beginTag = false;
+                } else if (state.inTextArea()) {
+                    m_currentToken.tagName = textareaTag.localName();
+                    m_currentToken.beginTag = false;
+                } else if (state.inTitle()) {
+                    m_currentToken.tagName = titleTag.localName();
+                    m_currentToken.beginTag = false;
+                } else if (state.inXmp()) {
+                    m_currentToken.tagName = xmpTag.localName();
+                    m_currentToken.beginTag = false;
+                } else if (state.inIFrame()) {
+                    m_currentToken.tagName = iframeTag.localName();
+                    m_currentToken.beginTag = false;
+                }
+                processToken();
+                state.setInStyle(false);
+                state.setInScript(false);
+                state.setInTextArea(false);
+                state.setInTitle(false);
+                state.setInXmp(false);
+                state.setInIFrame(false);
+                tquote = NoQuote;
+                m_scriptCodeSize = m_scriptCodeResync = 0;
+            }
+            return state;
+        }
+        // possible end of tagname, lets check.
+        if (!m_scriptCodeResync && !state.escaped() && !src.escaped() && (ch == '>' || ch == '/' || isASCIISpace(ch)) &&
+             m_scriptCodeSize >= m_searchStopperLength &&
+             tagMatch(m_searchStopper, m_scriptCode + m_scriptCodeSize - m_searchStopperLength, m_searchStopperLength) &&
+             (lastDecodedEntityPosition < m_scriptCodeSize - m_searchStopperLength)) {
+            m_scriptCodeResync = m_scriptCodeSize-m_searchStopperLength+1;
+            tquote = NoQuote;
+            continue;
+        }
+        if (m_scriptCodeResync && !state.escaped()) {
+            if (ch == '\"')
+                tquote = (tquote == NoQuote) ? DoubleQuote : ((tquote == SingleQuote) ? SingleQuote : NoQuote);
+            else if (ch == '\'')
+                tquote = (tquote == NoQuote) ? SingleQuote : (tquote == DoubleQuote) ? DoubleQuote : NoQuote;
+            else if (tquote != NoQuote && (ch == '\r' || ch == '\n'))
+                tquote = NoQuote;
+        }
+        state.setEscaped(!state.escaped() && ch == '\\');
+        if (!m_scriptCodeResync && (state.inTextArea() || state.inTitle() || state.inIFrame()) && !src.escaped() && ch == '&') {
+            UChar* scriptCodeDest = m_scriptCode + m_scriptCodeSize;
+            src.advancePastNonNewline();
+            state = parseEntity(src, scriptCodeDest, state, m_cBufferPos, true, false);
+            if (scriptCodeDest == m_scriptCode + m_scriptCodeSize)
+                lastDecodedEntityPosition = m_scriptCodeSize;
+            else
+                m_scriptCodeSize = scriptCodeDest - m_scriptCode;
+        } else {
+            m_scriptCode[m_scriptCodeSize++] = ch;
+            src.advance(m_lineNumber);
+        }
+    }
+
+    return state;
+}
+
+LegacyHTMLDocumentParser::State LegacyHTMLDocumentParser::scriptHandler(State state)
+{
+    // We are inside a <script>
+    bool doScriptExec = false;
+    int startLine = m_currentScriptTagStartLineNumber + 1; // Script line numbers are 1 based, HTMLTokenzier line numbers are 0 based
+
+    // Reset m_currentScriptTagStartLineNumber to indicate that we've finished parsing the current script element
+    m_currentScriptTagStartLineNumber = 0;
+
+    // (Bugzilla 3837) Scripts following a frameset element should not execute or,
+    // in the case of extern scripts, even load.
+    bool followingFrameset = (document()->body() && document()->body()->hasTagName(framesetTag));
+
+    CachedScript* cs = 0;
+    // don't load external scripts for standalone documents (for now)
+    if (!inViewSourceMode()) {
+        if (!m_scriptTagSrcAttrValue.isEmpty() && document()->frame()) {
+            // forget what we just got; load from src url instead
+            if (!m_treeBuilder->skipMode() && !followingFrameset) {
+                // The parser might have been stopped by for example a window.close call in an earlier script.
+                // If so, we don't want to load scripts.
+                if (!m_parserStopped && m_scriptNode->dispatchBeforeLoadEvent(m_scriptTagSrcAttrValue) &&
+                    (cs = document()->docLoader()->requestScript(m_scriptTagSrcAttrValue, m_scriptTagCharsetAttrValue)))
+                    m_pendingScripts.append(cs);
+                else
+                    m_scriptNode = 0;
+            } else
+                m_scriptNode = 0;
+            m_scriptTagSrcAttrValue = String();
+        } else {
+            // Parse m_scriptCode containing <script> info
+            doScriptExec = m_scriptNode->shouldExecuteAsJavaScript();
+#if ENABLE(XHTMLMP)
+            if (!doScriptExec)
+                document()->setShouldProcessNoscriptElement(true);
+#endif
+            m_scriptNode = 0;
+        }
+    }
+
+    state = processListing(SegmentedString(m_scriptCode, m_scriptCodeSize), state);
+    RefPtr<Node> node = processToken();
+
+    if (node && m_scriptingPermission == FragmentScriptingNotAllowed) {
+        ExceptionCode ec;
+        node->remove(ec);
+        node = 0;
+    }
+
+    String scriptString = node ? node->textContent() : "";
+    m_currentToken.tagName = scriptTag.localName();
+    m_currentToken.beginTag = false;
+    processToken();
+
+    state.setInScript(false);
+    m_scriptCodeSize = m_scriptCodeResync = 0;
+
+    // FIXME: The script should be syntax highlighted.
+    if (inViewSourceMode())
+        return state;
+
+    SegmentedString* savedPrependingSrc = m_currentPrependingSrc;
+    SegmentedString prependingSrc;
+    m_currentPrependingSrc = &prependingSrc;
+
+    if (!m_treeBuilder->skipMode() && !followingFrameset) {
+        if (cs) {
+            if (savedPrependingSrc)
+                savedPrependingSrc->append(m_src);
+            else
+                m_pendingSrc.prepend(m_src);
+            setSrc(SegmentedString());
+
+            // the ref() call below may call notifyFinished if the script is already in cache,
+            // and that mucks with the state directly, so we must write it back to the object.
+            m_state = state;
+            bool savedRequestingScript = m_requestingScript;
+            m_requestingScript = true;
+            cs->addClient(this);
+            m_requestingScript = savedRequestingScript;
+            state = m_state;
+            // will be 0 if script was already loaded and ref() executed it
+            if (!m_pendingScripts.isEmpty())
+                state.setLoadingExtScript(true);
+        } else if (!m_fragment && doScriptExec) {
+            if (!m_executingScript)
+                m_pendingSrc.prepend(m_src);
+            else
+                prependingSrc = m_src;
+            setSrc(SegmentedString());
+            state = scriptExecution(ScriptSourceCode(scriptString, document()->frame() ? document()->frame()->document()->url() : KURL(), startLine), state);
+        }
+    }
+
+    if (!m_executingScript && !state.loadingExtScript()) {
+        m_src.append(m_pendingSrc);
+        m_pendingSrc.clear();
+    } else if (!prependingSrc.isEmpty()) {
+        // restore first so that the write appends in the right place
+        // (does not hurt to do it again below)
+        m_currentPrependingSrc = savedPrependingSrc;
+
+        // we need to do this slightly modified bit of one of the write() cases
+        // because we want to prepend to m_pendingSrc rather than appending
+        // if there's no previous prependingSrc
+        if (!m_pendingScripts.isEmpty()) {
+            if (m_currentPrependingSrc)
+                m_currentPrependingSrc->append(prependingSrc);
+            else
+                m_pendingSrc.prepend(prependingSrc);
+        } else {
+            m_state = state;
+            write(prependingSrc, false);
+            state = m_state;
+        }
+    }
+
+#if PRELOAD_SCANNER_ENABLED
+    if (!m_pendingScripts.isEmpty() && !m_executingScript) {
+        if (!m_preloadScanner)
+            m_preloadScanner.set(new LegacyPreloadScanner(document()));
+        if (!m_preloadScanner->inProgress()) {
+            m_preloadScanner->begin();
+            m_preloadScanner->write(m_pendingSrc);
+        }
+    }
+#endif
+    m_currentPrependingSrc = savedPrependingSrc;
+
+    return state;
+}
+
+LegacyHTMLDocumentParser::State LegacyHTMLDocumentParser::scriptExecution(const ScriptSourceCode& sourceCode, State state)
+{
+    if (m_fragment || !document()->frame())
+        return state;
+    m_executingScript++;
+
+    SegmentedString* savedPrependingSrc = m_currentPrependingSrc;
+    SegmentedString prependingSrc;
+    m_currentPrependingSrc = &prependingSrc;
+
+    m_state = state;
+    document()->frame()->script()->executeScript(sourceCode);
+    state = m_state;
+
+    state.setAllowYield(true);
+
+    m_executingScript--;
+
+    if (!m_executingScript && !state.loadingExtScript()) {
+        m_pendingSrc.prepend(prependingSrc);
+        m_src.append(m_pendingSrc);
+        m_pendingSrc.clear();
+    } else if (!prependingSrc.isEmpty()) {
+        // restore first so that the write appends in the right place
+        // (does not hurt to do it again below)
+        m_currentPrependingSrc = savedPrependingSrc;
+
+        // we need to do this slightly modified bit of one of the write() cases
+        // because we want to prepend to m_pendingSrc rather than appending
+        // if there's no previous prependingSrc
+        if (!m_pendingScripts.isEmpty()) {
+            if (m_currentPrependingSrc)
+                m_currentPrependingSrc->append(prependingSrc);
+            else
+                m_pendingSrc.prepend(prependingSrc);
+
+#if PRELOAD_SCANNER_ENABLED
+            // We are stuck waiting for another script. Lets check the source that
+            // was just document.write()n for anything to load.
+            LegacyPreloadScanner documentWritePreloadScanner(document());
+            documentWritePreloadScanner.begin();
+            documentWritePreloadScanner.write(prependingSrc);
+            documentWritePreloadScanner.end();
+#endif
+        } else {
+            m_state = state;
+            write(prependingSrc, false);
+            state = m_state;
+        }
+    }
+
+    m_currentPrependingSrc = savedPrependingSrc;
+
+    return state;
+}
+
+LegacyHTMLDocumentParser::State LegacyHTMLDocumentParser::parseComment(SegmentedString& src, State state)
+{
+    // FIXME: Why does this code even run for comments inside <script> and <style>? This seems bogus.
+    checkScriptBuffer(src.length());
+    while (!src.isEmpty()) {
+        UChar ch = *src;
+        m_scriptCode[m_scriptCodeSize++] = ch;
+        if (ch == '>') {
+            bool handleBrokenComments = m_brokenComments && !(state.inScript() || state.inStyle());
+            int endCharsCount = 1; // start off with one for the '>' character
+            if (m_scriptCodeSize > 2 && m_scriptCode[m_scriptCodeSize-3] == '-' && m_scriptCode[m_scriptCodeSize-2] == '-') {
+                endCharsCount = 3;
+            } else if (m_scriptCodeSize > 3 && m_scriptCode[m_scriptCodeSize-4] == '-' && m_scriptCode[m_scriptCodeSize-3] == '-' &&
+                m_scriptCode[m_scriptCodeSize-2] == '!') {
+                // Other browsers will accept --!> as a close comment, even though it's
+                // not technically valid.
+                endCharsCount = 4;
+            }
+            if (handleBrokenComments || endCharsCount > 1) {
+                src.advancePastNonNewline();
+                if (!(state.inTitle() || state.inScript() || state.inXmp() || state.inTextArea() || state.inStyle() || state.inIFrame())) {
+                    checkScriptBuffer();
+                    m_scriptCode[m_scriptCodeSize] = 0;
+                    m_scriptCode[m_scriptCodeSize + 1] = 0;
+                    m_currentToken.tagName = commentAtom;
+                    m_currentToken.beginTag = true;
+                    state = processListing(SegmentedString(m_scriptCode, m_scriptCodeSize - endCharsCount), state);
+                    processToken();
+                    m_currentToken.tagName = commentAtom;
+                    m_currentToken.beginTag = false;
+                    processToken();
+                    m_scriptCodeSize = 0;
+                }
+                state.setInComment(false);
+                return state; // Finished parsing comment
+            }
+        }
+        src.advance(m_lineNumber);
+    }
+
+    return state;
+}
+
+LegacyHTMLDocumentParser::State LegacyHTMLDocumentParser::parseServer(SegmentedString& src, State state)
+{
+    checkScriptBuffer(src.length());
+    while (!src.isEmpty()) {
+        UChar ch = *src;
+        m_scriptCode[m_scriptCodeSize++] = ch;
+        if (ch == '>' && m_scriptCodeSize > 1 && m_scriptCode[m_scriptCodeSize - 2] == '%') {
+            src.advancePastNonNewline();
+            state.setInServer(false);
+            m_scriptCodeSize = 0;
+            return state; // Finished parsing server include
+        }
+        src.advance(m_lineNumber);
+    }
+    return state;
+}
+
+LegacyHTMLDocumentParser::State LegacyHTMLDocumentParser::parseProcessingInstruction(SegmentedString& src, State state)
+{
+    UChar oldchar = 0;
+    while (!src.isEmpty()) {
+        UChar chbegin = *src;
+        if (chbegin == '\'')
+            tquote = tquote == SingleQuote ? NoQuote : SingleQuote;
+        else if (chbegin == '\"')
+            tquote = tquote == DoubleQuote ? NoQuote : DoubleQuote;
+        // Look for '?>'
+        // Some crappy sites omit the "?" before it, so
+        // we look for an unquoted '>' instead. (IE compatible)
+        else if (chbegin == '>' && (!tquote || oldchar == '?')) {
+            // We got a '?>' sequence
+            state.setInProcessingInstruction(false);
+            src.advancePastNonNewline();
+            state.setDiscardLF(true);
+            return state; // Finished parsing comment!
+        }
+        src.advance(m_lineNumber);
+        oldchar = chbegin;
+    }
+
+    return state;
+}
+
+LegacyHTMLDocumentParser::State LegacyHTMLDocumentParser::parseText(SegmentedString& src, State state)
+{
+    while (!src.isEmpty()) {
+        UChar cc = *src;
+
+        if (state.skipLF()) {
+            state.setSkipLF(false);
+            if (cc == '\n') {
+                src.advancePastNewline(m_lineNumber);
+                continue;
+            }
+        }
+
+        // do we need to enlarge the buffer?
+        checkBuffer();
+
+        if (cc == '\r') {
+            state.setSkipLF(true);
+            *m_dest++ = '\n';
+        } else
+            *m_dest++ = cc;
+        src.advance(m_lineNumber);
+    }
+
+    return state;
+}
+
+
+LegacyHTMLDocumentParser::State LegacyHTMLDocumentParser::parseEntity(SegmentedString& src, UChar*& dest, State state, unsigned& cBufferPos, bool start, bool parsingTag)
+{
+    if (start) {
+        cBufferPos = 0;
+        state.setEntityState(SearchEntity);
+        EntityUnicodeValue = 0;
+    }
+
+    while (!src.isEmpty()) {
+        UChar cc = *src;
+        switch (state.entityState()) {
+        case NoEntity:
+            ASSERT(state.entityState() != NoEntity);
+            return state;
+
+        case SearchEntity:
+            if (cc == '#') {
+                m_cBuffer[cBufferPos++] = cc;
+                src.advancePastNonNewline();
+                state.setEntityState(NumericSearch);
+            } else
+                state.setEntityState(EntityName);
+            break;
+
+        case NumericSearch:
+            if (cc == 'x' || cc == 'X') {
+                m_cBuffer[cBufferPos++] = cc;
+                src.advancePastNonNewline();
+                state.setEntityState(Hexadecimal);
+            } else if (cc >= '0' && cc <= '9')
+                state.setEntityState(Decimal);
+            else
+                state.setEntityState(SearchSemicolon);
+            break;
+
+        case Hexadecimal: {
+            int ll = min(src.length(), 10 - cBufferPos);
+            while (ll--) {
+                cc = *src;
+                if (!((cc >= '0' && cc <= '9') || (cc >= 'a' && cc <= 'f') || (cc >= 'A' && cc <= 'F'))) {
+                    state.setEntityState(SearchSemicolon);
+                    break;
+                }
+                int digit;
+                if (cc < 'A')
+                    digit = cc - '0';
+                else
+                    digit = (cc - 'A' + 10) & 0xF; // handle both upper and lower case without a branch
+                EntityUnicodeValue = EntityUnicodeValue * 16 + digit;
+                m_cBuffer[cBufferPos++] = cc;
+                src.advancePastNonNewline();
+            }
+            if (cBufferPos == 10)
+                state.setEntityState(SearchSemicolon);
+            break;
+        }
+        case Decimal:
+        {
+            int ll = min(src.length(), 9-cBufferPos);
+            while (ll--) {
+                cc = *src;
+
+                if (!(cc >= '0' && cc <= '9')) {
+                    state.setEntityState(SearchSemicolon);
+                    break;
+                }
+
+                EntityUnicodeValue = EntityUnicodeValue * 10 + (cc - '0');
+                m_cBuffer[cBufferPos++] = cc;
+                src.advancePastNonNewline();
+            }
+            if (cBufferPos == 9)
+                state.setEntityState(SearchSemicolon);
+            break;
+        }
+        case EntityName:
+        {
+            int ll = min(src.length(), 9-cBufferPos);
+            while (ll--) {
+                cc = *src;
+
+                if (!((cc >= 'a' && cc <= 'z') || (cc >= '0' && cc <= '9') || (cc >= 'A' && cc <= 'Z'))) {
+                    state.setEntityState(SearchSemicolon);
+                    break;
+                }
+
+                m_cBuffer[cBufferPos++] = cc;
+                src.advancePastNonNewline();
+            }
+            if (cBufferPos == 9)
+                state.setEntityState(SearchSemicolon);
+            if (state.entityState() == SearchSemicolon) {
+                if (cBufferPos > 1) {
+                    // Since the maximum length of entity name is 9,
+                    // so a single char array which is allocated on
+                    // the stack, its length is 10, should be OK.
+                    // Also if we have an illegal character, we treat it
+                    // as illegal entity name.
+                    unsigned testedEntityNameLen = 0;
+                    char tmpEntityNameBuffer[10];
+
+                    ASSERT(cBufferPos < 10);
+                    for (; testedEntityNameLen < cBufferPos; ++testedEntityNameLen) {
+                        if (m_cBuffer[testedEntityNameLen] > 0x7e)
+                            break;
+                        tmpEntityNameBuffer[testedEntityNameLen] = m_cBuffer[testedEntityNameLen];
+                    }
+
+                    const Entity *e;
+
+                    if (testedEntityNameLen == cBufferPos)
+                        e = findEntity(tmpEntityNameBuffer, cBufferPos);
+                    else
+                        e = 0;
+
+                    if (e)
+                        EntityUnicodeValue = e->code;
+
+                    // be IE compatible
+                    if (parsingTag && EntityUnicodeValue > 255 && *src != ';')
+                        EntityUnicodeValue = 0;
+                }
+            }
+            else
+                break;
+        }
+        case SearchSemicolon:
+            // Don't allow values that are more than 21 bits.
+            if (EntityUnicodeValue > 0 && EntityUnicodeValue <= 0x10FFFF) {
+                if (!inViewSourceMode()) {
+                    if (*src == ';')
+                        src.advancePastNonNewline();
+                    if (EntityUnicodeValue <= 0xFFFF) {
+                        checkBuffer();
+                        src.push(fixUpChar(EntityUnicodeValue));
+                    } else {
+                        // Convert to UTF-16, using surrogate code points.
+                        checkBuffer(2);
+                        src.push(U16_LEAD(EntityUnicodeValue));
+                        src.push(U16_TRAIL(EntityUnicodeValue));
+                    }
+                } else {
+                    // FIXME: We should eventually colorize entities by sending them as a special token.
+                    // 12 bytes required: up to 10 bytes in m_cBuffer plus the
+                    // leading '&' and trailing ';'
+                    checkBuffer(12);
+                    *dest++ = '&';
+                    for (unsigned i = 0; i < cBufferPos; i++)
+                        dest[i] = m_cBuffer[i];
+                    dest += cBufferPos;
+                    if (*src == ';') {
+                        *dest++ = ';';
+                        src.advancePastNonNewline();
+                    }
+                }
+            } else {
+                // 11 bytes required: up to 10 bytes in m_cBuffer plus the
+                // leading '&'
+                checkBuffer(11);
+                // ignore the sequence, add it to the buffer as plaintext
+                *dest++ = '&';
+                for (unsigned i = 0; i < cBufferPos; i++)
+                    dest[i] = m_cBuffer[i];
+                dest += cBufferPos;
+            }
+
+            state.setEntityState(NoEntity);
+            return state;
+        }
+    }
+
+    return state;
+}
+
+LegacyHTMLDocumentParser::State LegacyHTMLDocumentParser::parseDoctype(SegmentedString& src, State state)
+{
+    ASSERT(state.inDoctype());
+    while (!src.isEmpty() && state.inDoctype()) {
+        UChar c = *src;
+        bool isWhitespace = c == '\r' || c == '\n' || c == '\t' || c == ' ';
+        switch (m_doctypeToken.state()) {
+            case DoctypeBegin: {
+                m_doctypeToken.setState(DoctypeBeforeName);
+                if (isWhitespace) {
+                    src.advance(m_lineNumber);
+                    if (inViewSourceMode())
+                        m_doctypeToken.m_source.append(c);
+                }
+                break;
+            }
+            case DoctypeBeforeName: {
+                if (c == '>') {
+                    // Malformed.  Just exit.
+                    src.advancePastNonNewline();
+                    state.setInDoctype(false);
+                    if (inViewSourceMode())
+                        processDoctypeToken();
+                } else if (isWhitespace) {
+                    src.advance(m_lineNumber);
+                    if (inViewSourceMode())
+                        m_doctypeToken.m_source.append(c);
+                } else
+                    m_doctypeToken.setState(DoctypeName);
+                break;
+            }
+            case DoctypeName: {
+                if (c == '>') {
+                    // Valid doctype. Emit it.
+                    src.advancePastNonNewline();
+                    state.setInDoctype(false);
+                    processDoctypeToken();
+                } else if (isWhitespace) {
+                    m_doctypeSearchCount = 0; // Used now to scan for PUBLIC
+                    m_doctypeSecondarySearchCount = 0; // Used now to scan for SYSTEM
+                    m_doctypeToken.setState(DoctypeAfterName);
+                    src.advance(m_lineNumber);
+                    if (inViewSourceMode())
+                        m_doctypeToken.m_source.append(c);
+                } else {
+                    src.advancePastNonNewline();
+                    m_doctypeToken.m_name.append(c);
+                    if (inViewSourceMode())
+                        m_doctypeToken.m_source.append(c);
+                }
+                break;
+            }
+            case DoctypeAfterName: {
+                if (c == '>') {
+                    // Valid doctype. Emit it.
+                    src.advancePastNonNewline();
+                    state.setInDoctype(false);
+                    processDoctypeToken();
+                } else if (!isWhitespace) {
+                    src.advancePastNonNewline();
+                    if (toASCIILower(c) == publicStart[m_doctypeSearchCount]) {
+                        m_doctypeSearchCount++;
+                        if (m_doctypeSearchCount == 6)
+                            // Found 'PUBLIC' sequence
+                            m_doctypeToken.setState(DoctypeBeforePublicID);
+                    } else if (m_doctypeSearchCount > 0) {
+                        m_doctypeSearchCount = 0;
+                        m_doctypeToken.setState(DoctypeBogus);
+                    } else if (toASCIILower(c) == systemStart[m_doctypeSecondarySearchCount]) {
+                        m_doctypeSecondarySearchCount++;
+                        if (m_doctypeSecondarySearchCount == 6)
+                            // Found 'SYSTEM' sequence
+                            m_doctypeToken.setState(DoctypeBeforeSystemID);
+                    } else {
+                        m_doctypeSecondarySearchCount = 0;
+                        m_doctypeToken.setState(DoctypeBogus);
+                    }
+                    if (inViewSourceMode())
+                        m_doctypeToken.m_source.append(c);
+                } else {
+                    src.advance(m_lineNumber); // Whitespace keeps us in the after name state.
+                    if (inViewSourceMode())
+                        m_doctypeToken.m_source.append(c);
+                }
+                break;
+            }
+            case DoctypeBeforePublicID: {
+                if (c == '\"' || c == '\'') {
+                    tquote = c == '\"' ? DoubleQuote : SingleQuote;
+                    m_doctypeToken.setState(DoctypePublicID);
+                    src.advancePastNonNewline();
+                    if (inViewSourceMode())
+                        m_doctypeToken.m_source.append(c);
+                } else if (c == '>') {
+                    // Considered bogus.  Don't process the doctype.
+                    src.advancePastNonNewline();
+                    state.setInDoctype(false);
+                    if (inViewSourceMode())
+                        processDoctypeToken();
+                } else if (isWhitespace) {
+                    src.advance(m_lineNumber);
+                    if (inViewSourceMode())
+                        m_doctypeToken.m_source.append(c);
+                } else
+                    m_doctypeToken.setState(DoctypeBogus);
+                break;
+            }
+            case DoctypePublicID: {
+                if ((c == '\"' && tquote == DoubleQuote) || (c == '\'' && tquote == SingleQuote)) {
+                    src.advancePastNonNewline();
+                    m_doctypeToken.setState(DoctypeAfterPublicID);
+                    if (inViewSourceMode())
+                        m_doctypeToken.m_source.append(c);
+                } else if (c == '>') {
+                     // Considered bogus.  Don't process the doctype.
+                    src.advancePastNonNewline();
+                    state.setInDoctype(false);
+                    if (inViewSourceMode())
+                        processDoctypeToken();
+                } else {
+                    m_doctypeToken.m_publicID.append(c);
+                    src.advance(m_lineNumber);
+                    if (inViewSourceMode())
+                        m_doctypeToken.m_source.append(c);
+                }
+                break;
+            }
+            case DoctypeAfterPublicID:
+                if (c == '\"' || c == '\'') {
+                    tquote = c == '\"' ? DoubleQuote : SingleQuote;
+                    m_doctypeToken.setState(DoctypeSystemID);
+                    src.advancePastNonNewline();
+                    if (inViewSourceMode())
+                        m_doctypeToken.m_source.append(c);
+                } else if (c == '>') {
+                    // Valid doctype. Emit it now.
+                    src.advancePastNonNewline();
+                    state.setInDoctype(false);
+                    processDoctypeToken();
+                } else if (isWhitespace) {
+                    src.advance(m_lineNumber);
+                    if (inViewSourceMode())
+                        m_doctypeToken.m_source.append(c);
+                } else
+                    m_doctypeToken.setState(DoctypeBogus);
+                break;
+            case DoctypeBeforeSystemID:
+                if (c == '\"' || c == '\'') {
+                    tquote = c == '\"' ? DoubleQuote : SingleQuote;
+                    m_doctypeToken.setState(DoctypeSystemID);
+                    src.advancePastNonNewline();
+                    if (inViewSourceMode())
+                        m_doctypeToken.m_source.append(c);
+                } else if (c == '>') {
+                    // Considered bogus.  Don't process the doctype.
+                    src.advancePastNonNewline();
+                    state.setInDoctype(false);
+                } else if (isWhitespace) {
+                    src.advance(m_lineNumber);
+                    if (inViewSourceMode())
+                        m_doctypeToken.m_source.append(c);
+                } else
+                    m_doctypeToken.setState(DoctypeBogus);
+                break;
+            case DoctypeSystemID:
+                if ((c == '\"' && tquote == DoubleQuote) || (c == '\'' && tquote == SingleQuote)) {
+                    src.advancePastNonNewline();
+                    m_doctypeToken.setState(DoctypeAfterSystemID);
+                    if (inViewSourceMode())
+                        m_doctypeToken.m_source.append(c);
+                } else if (c == '>') {
+                     // Considered bogus.  Don't process the doctype.
+                    src.advancePastNonNewline();
+                    state.setInDoctype(false);
+                    if (inViewSourceMode())
+                        processDoctypeToken();
+                } else {
+                    m_doctypeToken.m_systemID.append(c);
+                    src.advance(m_lineNumber);
+                    if (inViewSourceMode())
+                        m_doctypeToken.m_source.append(c);
+                }
+                break;
+            case DoctypeAfterSystemID:
+                if (c == '>') {
+                    // Valid doctype. Emit it now.
+                    src.advancePastNonNewline();
+                    state.setInDoctype(false);
+                    processDoctypeToken();
+                } else if (isWhitespace) {
+                    src.advance(m_lineNumber);
+                    if (inViewSourceMode())
+                        m_doctypeToken.m_source.append(c);
+                } else
+                    m_doctypeToken.setState(DoctypeBogus);
+                break;
+            case DoctypeBogus:
+                if (c == '>') {
+                    // Done with the bogus doctype.
+                    src.advancePastNonNewline();
+                    state.setInDoctype(false);
+                    if (inViewSourceMode())
+                       processDoctypeToken();
+                } else {
+                    src.advance(m_lineNumber); // Just keep scanning for '>'
+                    if (inViewSourceMode())
+                        m_doctypeToken.m_source.append(c);
+                }
+                break;
+            default:
+                break;
+        }
+    }
+    return state;
+}
+
+LegacyHTMLDocumentParser::State LegacyHTMLDocumentParser::parseTag(SegmentedString& src, State state)
+{
+    ASSERT(!state.hasEntityState());
+
+    unsigned cBufferPos = m_cBufferPos;
+
+    bool lastIsSlash = false;
+
+    while (!src.isEmpty()) {
+        checkBuffer();
+        switch (state.tagState()) {
+        case NoTag:
+        {
+            m_cBufferPos = cBufferPos;
+            return state;
+        }
+        case TagName:
+        {
+            if (searchCount > 0) {
+                if (*src == commentStart[searchCount]) {
+                    searchCount++;
+                    if (searchCount == 2)
+                        m_doctypeSearchCount++; // A '!' is also part of a doctype, so we are moving through that still as well.
+                    else
+                        m_doctypeSearchCount = 0;
+                    if (searchCount == 4) {
+                        // Found '<!--' sequence
+                        src.advancePastNonNewline();
+                        m_dest = m_buffer; // ignore the previous part of this tag
+                        state.setInComment(true);
+                        state.setTagState(NoTag);
+
+                        // Fix bug 34302 at kde.bugs.org.  Go ahead and treat
+                        // <!--> as a valid comment, since both mozilla and IE on windows
+                        // can handle this case.  Only do this in quirks mode. -dwh
+                        if (!src.isEmpty() && *src == '>' && document()->inCompatMode()) {
+                            state.setInComment(false);
+                            src.advancePastNonNewline();
+                            if (!src.isEmpty())
+                                m_cBuffer[cBufferPos++] = *src;
+                        } else
+                          state = parseComment(src, state);
+
+                        m_cBufferPos = cBufferPos;
+                        return state; // Finished parsing tag!
+                    }
+                    m_cBuffer[cBufferPos++] = *src;
+                    src.advancePastNonNewline();
+                    break;
+                } else
+                    searchCount = 0; // Stop looking for '<!--' sequence
+            }
+
+            if (m_doctypeSearchCount > 0) {
+                if (toASCIILower(*src) == doctypeStart[m_doctypeSearchCount]) {
+                    m_doctypeSearchCount++;
+                    m_cBuffer[cBufferPos++] = *src;
+                    src.advancePastNonNewline();
+                    if (m_doctypeSearchCount == 9) {
+                        // Found '<!DOCTYPE' sequence
+                        state.setInDoctype(true);
+                        state.setTagState(NoTag);
+                        m_doctypeToken.reset();
+                        if (inViewSourceMode())
+                            m_doctypeToken.m_source.append(m_cBuffer, cBufferPos);
+                        state = parseDoctype(src, state);
+                        m_cBufferPos = cBufferPos;
+                        return state;
+                    }
+                    break;
+                } else
+                    m_doctypeSearchCount = 0; // Stop looking for '<!DOCTYPE' sequence
+            }
+
+            bool finish = false;
+            unsigned int ll = min(src.length(), CBUFLEN - cBufferPos);
+            while (ll--) {
+                UChar curchar = *src;
+                if (isASCIISpace(curchar) || curchar == '>' || curchar == '<') {
+                    finish = true;
+                    break;
+                }
+
+                // tolower() shows up on profiles. This is faster!
+                if (curchar >= 'A' && curchar <= 'Z' && !inViewSourceMode())
+                    m_cBuffer[cBufferPos++] = curchar + ('a' - 'A');
+                else
+                    m_cBuffer[cBufferPos++] = curchar;
+                src.advancePastNonNewline();
+            }
+
+            // Disadvantage: we add the possible rest of the tag
+            // as attribute names. ### judge if this causes problems
+            if (finish || CBUFLEN == cBufferPos) {
+                bool beginTag;
+                UChar* ptr = m_cBuffer;
+                unsigned int len = cBufferPos;
+                m_cBuffer[cBufferPos] = '\0';
+                if ((cBufferPos > 0) && (*ptr == '/')) {
+                    // End Tag
+                    beginTag = false;
+                    ptr++;
+                    len--;
+                }
+                else
+                    // Start Tag
+                    beginTag = true;
+
+                // Ignore the / in fake xml tags like <br/>.  We trim off the "/" so that we'll get "br" as the tag name and not "br/".
+                if (len > 1 && ptr[len-1] == '/' && !inViewSourceMode())
+                    ptr[--len] = '\0';
+
+                // Now that we've shaved off any invalid / that might have followed the name), make the tag.
+                // FIXME: FireFox and WinIE turn !foo nodes into comments, we ignore comments. (fast/parser/tag-with-exclamation-point.html)
+                if (ptr[0] != '!' || inViewSourceMode()) {
+                    m_currentToken.tagName = AtomicString(ptr);
+                    m_currentToken.beginTag = beginTag;
+                }
+                m_dest = m_buffer;
+                state.setTagState(SearchAttribute);
+                cBufferPos = 0;
+            }
+            break;
+        }
+        case SearchAttribute:
+            while (!src.isEmpty()) {
+                UChar curchar = *src;
+                // In this mode just ignore any quotes we encounter and treat them like spaces.
+                if (!isASCIISpace(curchar) && curchar != '\'' && curchar != '"') {
+                    if (curchar == '<' || curchar == '>')
+                        state.setTagState(SearchEnd);
+                    else
+                        state.setTagState(AttributeName);
+
+                    cBufferPos = 0;
+                    break;
+                }
+                if (inViewSourceMode())
+                    m_currentToken.addViewSourceChar(curchar);
+                src.advance(m_lineNumber);
+            }
+            break;
+        case AttributeName:
+        {
+            m_rawAttributeBeforeValue.clear();
+            int ll = min(src.length(), CBUFLEN - cBufferPos);
+            while (ll--) {
+                UChar curchar = *src;
+                // If we encounter a "/" when scanning an attribute name, treat it as a delimiter.  This allows the
+                // cases like <input type=checkbox checked/> to work (and accommodates XML-style syntax as per HTML5).
+                if (curchar <= '>' && (curchar >= '<' || isASCIISpace(curchar) || curchar == '/')) {
+                    m_cBuffer[cBufferPos] = '\0';
+                    m_attrName = AtomicString(m_cBuffer);
+                    m_dest = m_buffer;
+                    *m_dest++ = 0;
+                    state.setTagState(SearchEqual);
+                    if (inViewSourceMode())
+                        m_currentToken.addViewSourceChar('a');
+                    break;
+                }
+
+                // tolower() shows up on profiles. This is faster!
+                if (curchar >= 'A' && curchar <= 'Z' && !inViewSourceMode())
+                    m_cBuffer[cBufferPos++] = curchar + ('a' - 'A');
+                else
+                    m_cBuffer[cBufferPos++] = curchar;
+
+                m_rawAttributeBeforeValue.append(curchar);
+                src.advance(m_lineNumber);
+            }
+            if (cBufferPos == CBUFLEN) {
+                m_cBuffer[cBufferPos] = '\0';
+                m_attrName = AtomicString(m_cBuffer);
+                m_dest = m_buffer;
+                *m_dest++ = 0;
+                state.setTagState(SearchEqual);
+                if (inViewSourceMode())
+                    m_currentToken.addViewSourceChar('a');
+            }
+            break;
+        }
+        case SearchEqual:
+            while (!src.isEmpty()) {
+                UChar curchar = *src;
+
+                if (lastIsSlash && curchar == '>') {
+                    // This is a quirk (with a long sad history).  We have to do this
+                    // since widgets do <script src="foo.js"/> and expect the tag to close.
+                    if (m_currentToken.tagName == scriptTag)
+                        m_currentToken.selfClosingTag = true;
+                    m_currentToken.brokenXMLStyle = true;
+                }
+
+                // In this mode just ignore any quotes or slashes we encounter and treat them like spaces.
+                if (!isASCIISpace(curchar) && curchar != '\'' && curchar != '"' && curchar != '/') {
+                    if (curchar == '=') {
+                        state.setTagState(SearchValue);
+                        if (inViewSourceMode())
+                            m_currentToken.addViewSourceChar(curchar);
+                        m_rawAttributeBeforeValue.append(curchar);
+                        src.advancePastNonNewline();
+                    } else {
+                        m_currentToken.addAttribute(m_attrName, emptyAtom, inViewSourceMode());
+                        m_dest = m_buffer;
+                        state.setTagState(SearchAttribute);
+                        lastIsSlash = false;
+                    }
+                    break;
+                }
+
+                lastIsSlash = curchar == '/';
+
+                if (inViewSourceMode())
+                    m_currentToken.addViewSourceChar(curchar);
+                m_rawAttributeBeforeValue.append(curchar);
+                src.advance(m_lineNumber);
+            }
+            break;
+        case SearchValue:
+            while (!src.isEmpty()) {
+                UChar curchar = *src;
+                if (!isASCIISpace(curchar)) {
+                    if (curchar == '\'' || curchar == '\"') {
+                        tquote = curchar == '\"' ? DoubleQuote : SingleQuote;
+                        state.setTagState(QuotedValue);
+                        if (inViewSourceMode())
+                            m_currentToken.addViewSourceChar(curchar);
+                        m_rawAttributeBeforeValue.append(curchar);
+                        src.advancePastNonNewline();
+                    } else
+                        state.setTagState(Value);
+
+                    break;
+                }
+                if (inViewSourceMode())
+                    m_currentToken.addViewSourceChar(curchar);
+                m_rawAttributeBeforeValue.append(curchar);
+                src.advance(m_lineNumber);
+            }
+            break;
+        case QuotedValue:
+            while (!src.isEmpty()) {
+                checkBuffer();
+
+                UChar curchar = *src;
+                if (curchar <= '>' && !src.escaped()) {
+                    if (curchar == '>' && m_attrName.isEmpty()) {
+                        // Handle a case like <img '>.  Just go ahead and be willing
+                        // to close the whole tag.  Don't consume the character and
+                        // just go back into SearchEnd while ignoring the whole
+                        // value.
+                        // FIXME: Note that this is actually not a very good solution.
+                        // It doesn't handle the general case of
+                        // unmatched quotes among attributes that have names. -dwh
+                        while (m_dest > m_buffer + 1 && (m_dest[-1] == '\n' || m_dest[-1] == '\r'))
+                            m_dest--; // remove trailing newlines
+                        AtomicString attributeValue(m_buffer + 1, m_dest - m_buffer - 1);
+                        if (!attributeValue.contains('/'))
+                            m_attrName = attributeValue; // Just make the name/value match. (FIXME: Is this some WinIE quirk?)
+                        m_currentToken.addAttribute(m_attrName, attributeValue, inViewSourceMode());
+                        if (inViewSourceMode())
+                            m_currentToken.addViewSourceChar('x');
+                        state.setTagState(SearchAttribute);
+                        m_dest = m_buffer;
+                        tquote = NoQuote;
+                        break;
+                    }
+
+                    if (curchar == '&') {
+                        src.advancePastNonNewline();
+                        state = parseEntity(src, m_dest, state, cBufferPos, true, true);
+                        break;
+                    }
+
+                    if ((tquote == SingleQuote && curchar == '\'') || (tquote == DoubleQuote && curchar == '\"')) {
+                        // some <input type=hidden> rely on trailing spaces. argh
+                        while (m_dest > m_buffer + 1 && (m_dest[-1] == '\n' || m_dest[-1] == '\r'))
+                            m_dest--; // remove trailing newlines
+                        AtomicString attributeValue(m_buffer + 1, m_dest - m_buffer - 1);
+                        if (m_attrName.isEmpty() && !attributeValue.contains('/')) {
+                            m_attrName = attributeValue; // Make the name match the value. (FIXME: Is this a WinIE quirk?)
+                            if (inViewSourceMode())
+                                m_currentToken.addViewSourceChar('x');
+                        } else if (inViewSourceMode())
+                            m_currentToken.addViewSourceChar('v');
+
+                        if (m_currentToken.beginTag && m_currentToken.tagName == scriptTag && !inViewSourceMode() && !m_treeBuilder->skipMode() && m_attrName == srcAttr) {
+                            String context(m_rawAttributeBeforeValue.data(), m_rawAttributeBeforeValue.size());
+                            if (xssAuditor() && !xssAuditor()->canLoadExternalScriptFromSrc(attributeValue))
+                                attributeValue = blankURL().string();
+                        }
+
+                        m_currentToken.addAttribute(m_attrName, attributeValue, inViewSourceMode());
+                        m_dest = m_buffer;
+                        state.setTagState(SearchAttribute);
+                        tquote = NoQuote;
+                        if (inViewSourceMode())
+                            m_currentToken.addViewSourceChar(curchar);
+                        src.advancePastNonNewline();
+                        break;
+                    }
+                }
+
+                *m_dest++ = curchar;
+                src.advance(m_lineNumber);
+            }
+            break;
+        case Value:
+            while (!src.isEmpty()) {
+                checkBuffer();
+                UChar curchar = *src;
+                if (curchar <= '>' && !src.escaped()) {
+                    // parse Entities
+                    if (curchar == '&') {
+                        src.advancePastNonNewline();
+                        state = parseEntity(src, m_dest, state, cBufferPos, true, true);
+                        break;
+                    }
+                    // no quotes. Every space means end of value
+                    // '/' does not delimit in IE!
+                    if (isASCIISpace(curchar) || curchar == '>') {
+                        AtomicString attributeValue(m_buffer + 1, m_dest - m_buffer - 1);
+
+                        if (m_currentToken.beginTag && m_currentToken.tagName == scriptTag && !inViewSourceMode() && !m_treeBuilder->skipMode() && m_attrName == srcAttr) {
+                            String context(m_rawAttributeBeforeValue.data(), m_rawAttributeBeforeValue.size());
+                            if (xssAuditor() && !xssAuditor()->canLoadExternalScriptFromSrc(attributeValue))
+                                attributeValue = blankURL().string();
+                        }
+
+                        m_currentToken.addAttribute(m_attrName, attributeValue, inViewSourceMode());
+                        if (inViewSourceMode())
+                            m_currentToken.addViewSourceChar('v');
+                        m_dest = m_buffer;
+                        state.setTagState(SearchAttribute);
+                        break;
+                    }
+                }
+
+                *m_dest++ = curchar;
+                src.advance(m_lineNumber);
+            }
+            break;
+        case SearchEnd:
+        {
+            while (!src.isEmpty()) {
+                UChar ch = *src;
+                if (ch == '>' || ch == '<')
+                    break;
+                if (ch == '/')
+                    m_currentToken.selfClosingTag = true;
+                if (inViewSourceMode())
+                    m_currentToken.addViewSourceChar(ch);
+                src.advance(m_lineNumber);
+            }
+            if (src.isEmpty())
+                break;
+
+            searchCount = 0; // Stop looking for '<!--' sequence
+            state.setTagState(NoTag);
+            tquote = NoQuote;
+
+            if (*src != '<')
+                src.advance(m_lineNumber);
+
+            if (m_currentToken.tagName == nullAtom) { //stop if tag is unknown
+                m_cBufferPos = cBufferPos;
+                return state;
+            }
+
+            AtomicString tagName = m_currentToken.tagName;
+
+            // Handle <script src="foo"/> like Mozilla/Opera. We have to do this now for Dashboard
+            // compatibility.
+            bool isSelfClosingScript = m_currentToken.selfClosingTag && m_currentToken.beginTag && m_currentToken.tagName == scriptTag;
+            bool beginTag = !m_currentToken.selfClosingTag && m_currentToken.beginTag;
+            if (m_currentToken.beginTag && m_currentToken.tagName == scriptTag && !inViewSourceMode() && !m_treeBuilder->skipMode()) {
+                Attribute* a = 0;
+                m_scriptTagSrcAttrValue = String();
+                m_scriptTagCharsetAttrValue = String();
+                if (m_currentToken.attrs && !m_fragment) {
+                    if (document()->frame() && document()->frame()->script()->canExecuteScripts(NotAboutToExecuteScript)) {
+                        if ((a = m_currentToken.attrs->getAttributeItem(srcAttr)))
+                            m_scriptTagSrcAttrValue = document()->completeURL(deprecatedParseURL(a->value())).string();
+                    }
+                }
+            }
+
+            RefPtr<Node> n = processToken();
+            m_cBufferPos = cBufferPos;
+            if (n || inViewSourceMode()) {
+                State savedState = state;
+                SegmentedString savedSrc = src;
+                long savedLineno = m_lineNumber;
+                if ((tagName == preTag || tagName == listingTag) && !inViewSourceMode()) {
+                    if (beginTag)
+                        state.setDiscardLF(true); // Discard the first LF after we open a pre.
+                } else if (tagName == scriptTag) {
+                    ASSERT(!m_scriptNode);
+                    m_scriptNode = static_pointer_cast<HTMLScriptElement>(n);
+                    if (m_scriptNode)
+                        m_scriptTagCharsetAttrValue = m_scriptNode->scriptCharset();
+                    if (beginTag) {
+                        m_searchStopper = scriptEnd;
+                        m_searchStopperLength = 8;
+                        state.setInScript(true);
+                        state = parseNonHTMLText(src, state);
+                    } else if (isSelfClosingScript) { // Handle <script src="foo"/>
+                        state.setInScript(true);
+                        state = scriptHandler(state);
+                    }
+                } else if (tagName == styleTag) {
+                    if (beginTag) {
+                        m_searchStopper = styleEnd;
+                        m_searchStopperLength = 7;
+                        state.setInStyle(true);
+                        state = parseNonHTMLText(src, state);
+                    }
+                } else if (tagName == textareaTag) {
+                    if (beginTag) {
+                        m_searchStopper = textareaEnd;
+                        m_searchStopperLength = 10;
+                        state.setInTextArea(true);
+                        state = parseNonHTMLText(src, state);
+                    }
+                } else if (tagName == titleTag) {
+                    if (beginTag) {
+                        m_searchStopper = titleEnd;
+                        m_searchStopperLength = 7;
+                        state.setInTitle(true);
+                        state = parseNonHTMLText(src, state);
+                    }
+                } else if (tagName == xmpTag) {
+                    if (beginTag) {
+                        m_searchStopper = xmpEnd;
+                        m_searchStopperLength = 5;
+                        state.setInXmp(true);
+                        state = parseNonHTMLText(src, state);
+                    }
+                } else if (tagName == iframeTag) {
+                    if (beginTag) {
+                        m_searchStopper = iframeEnd;
+                        m_searchStopperLength = 8;
+                        state.setInIFrame(true);
+                        state = parseNonHTMLText(src, state);
+                    }
+                }
+                if (src.isEmpty() && (state.inTitle() || inViewSourceMode()) && !state.inComment() && !(state.inScript() && m_currentScriptTagStartLineNumber)) {
+                    // We just ate the rest of the document as the #text node under the special tag!
+                    // Reset the state then retokenize without special handling.
+                    // Let the parser clean up the missing close tag.
+                    // FIXME: This is incorrect, because src.isEmpty() doesn't mean we're
+                    // at the end of the document unless m_noMoreData is also true. We need
+                    // to detect this case elsewhere, and save the state somewhere other
+                    // than a local variable.
+                    state = savedState;
+                    src = savedSrc;
+                    m_lineNumber = savedLineno;
+                    m_scriptCodeSize = 0;
+                }
+            }
+            if (tagName == plaintextTag)
+                state.setInPlainText(beginTag);
+            return state; // Finished parsing tag!
+        }
+        } // end switch
+    }
+    m_cBufferPos = cBufferPos;
+    return state;
+}
+
+inline bool LegacyHTMLDocumentParser::continueProcessing(int& processedCount, double startTime, State &state)
+{
+    // We don't want to be checking elapsed time with every character, so we only check after we've
+    // processed a certain number of characters.
+    bool allowedYield = state.allowYield();
+    state.setAllowYield(false);
+    if (!state.loadingExtScript() && !state.forceSynchronous() && !m_executingScript && (processedCount > m_tokenizerChunkSize || allowedYield)) {
+        processedCount = 0;
+        if (currentTime() - startTime > m_tokenizerTimeDelay) {
+            /* FIXME: We'd like to yield aggressively to give stylesheets the opportunity to
+               load, but this hurts overall performance on slower machines.  For now turn this
+               off.
+            || (!document()->haveStylesheetsLoaded() &&
+                (document()->documentElement()->id() != ID_HTML || document()->body()))) {*/
+            // Schedule the timer to keep processing as soon as possible.
+            m_timer.startOneShot(0);
+            return false;
+        }
+    }
+
+    processedCount++;
+    return true;
+}
+
+// Turns the statemachine one crank using the passed in State object.
+// This does not modify m_state directly in order to be reentrant.
+ALWAYS_INLINE void LegacyHTMLDocumentParser::advance(State& state)
+{
+    // do we need to enlarge the buffer?
+    checkBuffer();
+
+    UChar cc = *m_src;
+
+    bool wasSkipLF = state.skipLF();
+    if (wasSkipLF)
+        state.setSkipLF(false);
+
+    if (wasSkipLF && (cc == '\n'))
+        m_src.advance();
+    else if (state.needsSpecialWriteHandling()) {
+        // it's important to keep needsSpecialWriteHandling with the flags this block tests
+        if (state.hasEntityState())
+            state = parseEntity(m_src, m_dest, state, m_cBufferPos, false, state.hasTagState());
+        else if (state.inPlainText())
+            state = parseText(m_src, state);
+        else if (state.inAnyNonHTMLText())
+            state = parseNonHTMLText(m_src, state);
+        else if (state.inComment())
+            state = parseComment(m_src, state);
+        else if (state.inDoctype())
+            state = parseDoctype(m_src, state);
+        else if (state.inServer())
+            state = parseServer(m_src, state);
+        else if (state.inProcessingInstruction())
+            state = parseProcessingInstruction(m_src, state);
+        else if (state.hasTagState())
+            state = parseTag(m_src, state);
+        else if (state.startTag()) {
+            state.setStartTag(false);
+
+            switch (cc) {
+            case '/':
+                break;
+            case '!': {
+                // <!-- comment --> or <!DOCTYPE ...>
+                searchCount = 1; // Look for '<!--' sequence to start comment or '<!DOCTYPE' sequence to start doctype
+                m_doctypeSearchCount = 1;
+                break;
+            }
+            case '?': {
+                // xml processing instruction
+                state.setInProcessingInstruction(true);
+                tquote = NoQuote;
+                state = parseProcessingInstruction(m_src, state);
+                return;
+            }
+            case '%':
+                if (!m_brokenServer) {
+                    // <% server stuff, handle as comment %>
+                    state.setInServer(true);
+                    tquote = NoQuote;
+                    state = parseServer(m_src, state);
+                    return;
+                }
+                // else fall through
+            default: {
+                if (((cc >= 'a') && (cc <= 'z')) || ((cc >= 'A') && (cc <= 'Z'))) {
+                    // Start of a Start-Tag
+                } else {
+                    // Invalid tag
+                    // Add as is
+                    *m_dest = '<';
+                    m_dest++;
+                    return;
+                }
+            }
+            }; // end case
+
+            processToken();
+
+            m_cBufferPos = 0;
+            state.setTagState(TagName);
+            state = parseTag(m_src, state);
+        }
+    } else if (cc == '&' && !m_src.escaped()) {
+        m_src.advancePastNonNewline();
+        state = parseEntity(m_src, m_dest, state, m_cBufferPos, true, state.hasTagState());
+    } else if (cc == '<' && !m_src.escaped()) {
+        m_currentTagStartLineNumber = m_lineNumber;
+        m_src.advancePastNonNewline();
+        state.setStartTag(true);
+        state.setDiscardLF(false);
+    } else if (cc == '\n' || cc == '\r') {
+        if (state.discardLF())
+            // Ignore this LF
+            state.setDiscardLF(false); // We have discarded 1 LF
+        else {
+            // Process this LF
+            *m_dest++ = '\n';
+            if (cc == '\r' && !m_src.excludeLineNumbers())
+                m_lineNumber++;
+        }
+
+        /* Check for MS-DOS CRLF sequence */
+        if (cc == '\r')
+            state.setSkipLF(true);
+        m_src.advance(m_lineNumber);
+    } else {
+        state.setDiscardLF(false);
+        *m_dest++ = cc;
+        m_src.advancePastNonNewline();
+    }
+}
+
+void LegacyHTMLDocumentParser::willWriteHTML(const SegmentedString& source)
+{
+    #if ENABLE(INSPECTOR)
+        if (InspectorTimelineAgent* timelineAgent = document()->inspectorTimelineAgent())
+            timelineAgent->willWriteHTML(source.length(), m_lineNumber);
+    #endif
+}
+
+void LegacyHTMLDocumentParser::didWriteHTML()
+{
+    #if ENABLE(INSPECTOR)
+        if (InspectorTimelineAgent* timelineAgent = document()->inspectorTimelineAgent())
+            timelineAgent->didWriteHTML(m_lineNumber);
+    #endif
+}
+
+void LegacyHTMLDocumentParser::write(const SegmentedString& str, bool appendData)
+{
+    if (!m_buffer)
+        return;
+
+    if (m_parserStopped)
+        return;
+
+    SegmentedString source(str);
+    if (m_executingScript)
+        source.setExcludeLineNumbers();
+
+    if ((m_executingScript && appendData) || !m_pendingScripts.isEmpty()) {
+        // don't parse; we will do this later
+        if (m_currentPrependingSrc)
+            m_currentPrependingSrc->append(source);
+        else {
+            m_pendingSrc.append(source);
+#if PRELOAD_SCANNER_ENABLED
+            if (m_preloadScanner && m_preloadScanner->inProgress() && appendData)
+                m_preloadScanner->write(source);
+#endif
+        }
+        return;
+    }
+
+#if PRELOAD_SCANNER_ENABLED
+    if (m_preloadScanner && m_preloadScanner->inProgress() && appendData)
+        m_preloadScanner->end();
+#endif
+
+    if (!m_src.isEmpty())
+        m_src.append(source);
+    else
+        setSrc(source);
+
+    // Once a timer is set, it has control of when the parser continues.
+    if (m_timer.isActive())
+        return;
+
+    bool wasInWrite = m_inWrite;
+    m_inWrite = true;
+
+    willWriteHTML(source);
+
+    Frame* frame = document()->frame();
+    State state = m_state;
+    int processedCount = 0;
+    double startTime = currentTime();
+
+    while (!m_src.isEmpty() && (!frame || !frame->redirectScheduler()->locationChangePending())) {
+        if (!continueProcessing(processedCount, startTime, state))
+            break;
+        advance(state);
+    }
+
+    didWriteHTML();
+
+    m_inWrite = wasInWrite;
+    m_state = state;
+
+    if (m_noMoreData && !m_inWrite && !state.loadingExtScript() && !m_executingScript && !m_timer.isActive())
+        end(); // this actually causes us to be deleted
+
+    // After parsing, go ahead and dispatch image beforeload events, but only if we're doing
+    // document parsing.  For document fragments we wait, since they'll likely end up in the document by the time
+    // the beforeload events fire.
+    if (!m_fragment)
+        ImageLoader::dispatchPendingBeforeLoadEvents();
+}
+
+void LegacyHTMLDocumentParser::insert(const SegmentedString& source)
+{
+    // FIXME: forceSynchronous should always be the same as the bool passed to
+    // write().  However LegacyHTMLDocumentParser uses write("", false) to pump
+    // the parser (after running external scripts, etc.) thus necessitating a
+    // separate state for forceSynchronous.
+    bool wasForcedSynchronous = forceSynchronous();
+    setForceSynchronous(true);
+    write(source, false);
+    setForceSynchronous(wasForcedSynchronous);
+}
+
+void LegacyHTMLDocumentParser::append(const SegmentedString& source)
+{
+    write(source, true);
+}
+
+void LegacyHTMLDocumentParser::stopParsing()
+{
+    DocumentParser::stopParsing();
+    m_timer.stop();
+
+    // FIXME: Why is LegacyHTMLDocumentParser the only DocumentParser which calls checkCompleted?
+    // The FrameLoader needs to know that the parser has finished with its data,
+    // regardless of whether it happened naturally or due to manual intervention.
+    if (!m_fragment && document()->frame())
+        document()->frame()->loader()->checkCompleted();
+}
+
+bool LegacyHTMLDocumentParser::processingData() const
+{
+    return m_timer.isActive() || m_inWrite;
+}
+
+void LegacyHTMLDocumentParser::timerFired(Timer<LegacyHTMLDocumentParser>*)
+{
+    if (document()->view() && document()->view()->layoutPending() && !document()->minimumLayoutDelay()) {
+        // Restart the timer and let layout win.  This is basically a way of ensuring that the layout
+        // timer has higher priority than our timer.
+        m_timer.startOneShot(0);
+        return;
+    }
+
+    // Invoke write() as though more data came in. This might cause us to get deleted.
+    write(SegmentedString(), true);
+}
+
+void LegacyHTMLDocumentParser::end()
+{
+    ASSERT(!m_timer.isActive());
+    m_timer.stop(); // Only helps if assertion above fires, but do it anyway.
+
+    if (m_buffer) {
+        // parseTag is using the buffer for different matters
+        if (!m_state.hasTagState())
+            processToken();
+
+        fastFree(m_scriptCode);
+        m_scriptCode = 0;
+        m_scriptCodeSize = m_scriptCodeCapacity = m_scriptCodeResync = 0;
+
+        fastFree(m_buffer);
+        m_buffer = 0;
+    }
+
+    if (!inViewSourceMode())
+        m_treeBuilder->finished();
+    else
+        document()->finishedParsing();
+}
+
+void LegacyHTMLDocumentParser::finish()
+{
+    // do this as long as we don't find matching comment ends
+    while ((m_state.inComment() || m_state.inServer()) && m_scriptCode && m_scriptCodeSize) {
+        // we've found an unmatched comment start
+        if (m_state.inComment())
+            m_brokenComments = true;
+        else
+            m_brokenServer = true;
+        checkScriptBuffer();
+        m_scriptCode[m_scriptCodeSize] = 0;
+        m_scriptCode[m_scriptCodeSize + 1] = 0;
+        int pos;
+        String food;
+        if (m_state.inScript() || m_state.inStyle() || m_state.inTextArea())
+            food = String(m_scriptCode, m_scriptCodeSize);
+        else if (m_state.inServer()) {
+            food = "<";
+            food.append(m_scriptCode, m_scriptCodeSize);
+        } else {
+            pos = find(m_scriptCode, m_scriptCodeSize, '>');
+            food = String(m_scriptCode + pos + 1, m_scriptCodeSize - pos - 1);
+        }
+        fastFree(m_scriptCode);
+        m_scriptCode = 0;
+        m_scriptCodeSize = m_scriptCodeCapacity = m_scriptCodeResync = 0;
+        m_state.setInComment(false);
+        m_state.setInServer(false);
+        if (!food.isEmpty())
+            write(food, true);
+    }
+    // this indicates we will not receive any more data... but if we are waiting on
+    // an external script to load, we can't finish parsing until that is done
+    m_noMoreData = true;
+    if (!m_inWrite && !m_state.loadingExtScript() && !m_executingScript && !m_timer.isActive())
+        end(); // this actually causes us to be deleted
+}
+
+bool LegacyHTMLDocumentParser::finishWasCalled()
+{
+    return m_noMoreData;
+}
+
+PassRefPtr<Node> LegacyHTMLDocumentParser::processToken()
+{
+    if (m_dest > m_buffer) {
+        m_currentToken.text = StringImpl::createStrippingNullCharacters(m_buffer, m_dest - m_buffer);
+        if (m_currentToken.tagName != commentAtom)
+            m_currentToken.tagName = textAtom;
+    } else if (m_currentToken.tagName == nullAtom) {
+        m_currentToken.reset();
+        return 0;
+    }
+
+    m_dest = m_buffer;
+
+    RefPtr<Node> n;
+
+    if (!m_parserStopped) {
+        if (NamedNodeMap* map = m_currentToken.attrs.get())
+            map->shrinkToLength();
+        if (inViewSourceMode())
+            static_cast<HTMLViewSourceDocument*>(document())->addViewSourceToken(&m_currentToken);
+        else
+            // pass the token over to the parser, the parser DOES NOT delete the token
+            n = m_treeBuilder->parseToken(&m_currentToken);
+    }
+    m_currentToken.reset();
+
+    return n.release();
+}
+
+void LegacyHTMLDocumentParser::processDoctypeToken()
+{
+    if (inViewSourceMode())
+        static_cast<HTMLViewSourceDocument*>(document())->addViewSourceDoctypeToken(&m_doctypeToken);
+    else
+        m_treeBuilder->parseDoctypeToken(&m_doctypeToken);
+}
+
+LegacyHTMLDocumentParser::~LegacyHTMLDocumentParser()
+{
+    ASSERT(!m_inWrite);
+    reset();
+}
+
+
+void LegacyHTMLDocumentParser::enlargeBuffer(int len)
+{
+    // Resize policy: Always at least double the size of the buffer each time.
+    int delta = max(len, m_bufferSize);
+
+    // Check for overflow.
+    // For now, handle overflow the same way we handle fastRealloc failure, with CRASH.
+    static const int maxSize = INT_MAX / sizeof(UChar);
+    if (delta > maxSize - m_bufferSize)
+        CRASH();
+
+    int newSize = m_bufferSize + delta;
+    int oldOffset = m_dest - m_buffer;
+    m_buffer = static_cast<UChar*>(fastRealloc(m_buffer, newSize * sizeof(UChar)));
+    m_dest = m_buffer + oldOffset;
+    m_bufferSize = newSize;
+}
+
+void LegacyHTMLDocumentParser::enlargeScriptBuffer(int len)
+{
+    // Resize policy: Always at least double the size of the buffer each time.
+    int delta = max(len, m_scriptCodeCapacity);
+
+    // Check for overflow.
+    // For now, handle overflow the same way we handle fastRealloc failure, with CRASH.
+    static const int maxSize = INT_MAX / sizeof(UChar);
+    if (delta > maxSize - m_scriptCodeCapacity)
+        CRASH();
+
+    int newSize = m_scriptCodeCapacity + delta;
+    // If we allow fastRealloc(ptr, 0), it will call CRASH(). We run into this
+    // case if the HTML being parsed begins with "<!--" and there's more data
+    // coming.
+    if (!newSize) {
+        ASSERT(!m_scriptCode);
+        return;
+    }
+
+    m_scriptCode = static_cast<UChar*>(fastRealloc(m_scriptCode, newSize * sizeof(UChar)));
+    m_scriptCodeCapacity = newSize;
+}
+
+void LegacyHTMLDocumentParser::executeScriptsWaitingForStylesheets()
+{
+    ASSERT(document()->haveStylesheetsLoaded());
+
+    if (m_hasScriptsWaitingForStylesheets)
+        notifyFinished(0);
+}
+
+void LegacyHTMLDocumentParser::notifyFinished(CachedResource*)
+{
+    executeExternalScriptsIfReady();
+}
+
+void LegacyHTMLDocumentParser::executeExternalScriptsIfReady()
+{
+    ASSERT(!m_pendingScripts.isEmpty());
+
+    // Make external scripts wait for external stylesheets.
+    // FIXME: This needs to be done for inline scripts too.
+    m_hasScriptsWaitingForStylesheets = !document()->haveStylesheetsLoaded();
+    if (m_hasScriptsWaitingForStylesheets)
+        return;
+
+    bool finished = false;
+
+    double startTime = currentTime();
+    while (!finished && m_pendingScripts.first()->isLoaded()) {
+        if (!continueExecutingExternalScripts(startTime))
+            break;
+
+        CachedResourceHandle<CachedScript> cs = m_pendingScripts.takeFirst();
+        ASSERT(cache()->disabled() || cs->accessCount() > 0);
+
+        setSrc(SegmentedString());
+
+        // make sure we forget about the script before we execute the new one
+        // infinite recursion might happen otherwise
+        ScriptSourceCode sourceCode(cs.get());
+        bool errorOccurred = cs->errorOccurred();
+        cs->removeClient(this);
+
+        RefPtr<Node> n = m_scriptNode.release();
+
+        if (errorOccurred)
+            n->dispatchEvent(Event::create(eventNames().errorEvent, true, false));
+        else {
+            if (static_cast<HTMLScriptElement*>(n.get())->shouldExecuteAsJavaScript())
+                m_state = scriptExecution(sourceCode, m_state);
+#if ENABLE(XHTMLMP)
+            else
+                document()->setShouldProcessNoscriptElement(true);
+#endif
+            n->dispatchEvent(Event::create(eventNames().loadEvent, false, false));
+        }
+
+        // The state of m_pendingScripts.isEmpty() can change inside the scriptExecution()
+        // call above, so test afterwards.
+        finished = m_pendingScripts.isEmpty();
+        if (finished) {
+            ASSERT(!m_hasScriptsWaitingForStylesheets);
+            m_state.setLoadingExtScript(false);
+        } else if (m_hasScriptsWaitingForStylesheets) {
+            // m_hasScriptsWaitingForStylesheets flag might have changed during the script execution.
+            // If it did we are now blocked waiting for stylesheets and should not execute more scripts until they arrive.
+            finished = true;
+        }
+
+        // 'm_requestingScript' is true when we are called synchronously from
+        // scriptHandler(). In that case scriptHandler() will take care
+        // of m_pendingSrc.
+        if (!m_requestingScript) {
+            SegmentedString rest = m_pendingSrc;
+            m_pendingSrc.clear();
+            write(rest, false);
+            // we might be deleted at this point, do not access any members.
+        }
+    }
+}
+
+void LegacyHTMLDocumentParser::executeExternalScriptsTimerFired(Timer<LegacyHTMLDocumentParser>*)
+{
+    if (document()->view() && document()->view()->layoutPending() && !document()->minimumLayoutDelay()) {
+        // Restart the timer and do layout first.
+        m_externalScriptsTimer.startOneShot(0);
+        return;
+    }
+
+    // Continue executing external scripts.
+    executeExternalScriptsIfReady();
+}
+
+bool LegacyHTMLDocumentParser::continueExecutingExternalScripts(double startTime)
+{
+    if (m_externalScriptsTimer.isActive())
+        return false;
+
+    if (currentTime() - startTime > m_tokenizerTimeDelay) {
+        // Schedule the timer to keep processing as soon as possible.
+        m_externalScriptsTimer.startOneShot(0);
+        return false;
+    }
+    return true;
+}
+
+bool LegacyHTMLDocumentParser::isWaitingForScripts() const
+{
+    return m_state.loadingExtScript();
+}
+
+void LegacyHTMLDocumentParser::setSrc(const SegmentedString& source)
+{
+    m_src = source;
+}
+
+void LegacyHTMLDocumentParser::parseDocumentFragment(const String& source, DocumentFragment* fragment, FragmentScriptingPermission scriptingPermission)
+{
+    LegacyHTMLDocumentParser parser(fragment, scriptingPermission);
+    parser.setForceSynchronous(true);
+    parser.write(source, true);
+    parser.finish();
+    ASSERT(!parser.processingData()); // make sure we're done (see 3963151)
+}
+
+UChar decodeNamedEntity(const char* name)
+{
+    const Entity* e = findEntity(name, strlen(name));
+    return e ? e->code : 0;
+}
+
+}