[SCM] WebKit Debian packaging branch, webkit-1.1, updated. upstream/1.1.15.1-1414-gc69ee75
jianli at chromium.org
jianli at chromium.org
Thu Oct 29 20:36:53 UTC 2009
The following commit has been merged in the webkit-1.1 branch:
commit 00364e3dd2924a786eb33d933f31162a08f4f068
Author: jianli at chromium.org <jianli at chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Wed Sep 30 17:52:33 2009 +0000
Need to check NULL frame in EventHandler::updateDragAndDrop.
https://bugs.webkit.org/show_bug.cgi?id=29929
Reviewed by Darin Adler.
WebCore:
Test: http/tests/misc/drag-over-iframe-invalid-source-crash.html
* page/EventHandler.cpp:
(WebCore::EventHandler::updateDragAndDrop):
LayoutTests:
Add a new test for the bug.
* http/tests/misc/drag-over-iframe-invalid-source-crash-expected.txt: Added.
* http/tests/misc/drag-over-iframe-invalid-source-crash.html: Added.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48934 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index e806ed0..c550f58 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,15 @@
+2009-09-30 Jian Li <jianli at chromium.org>
+
+ Reviewed by Darin Adler.
+
+ Need to check NULL frame in EventHandler::updateDragAndDrop.
+ https://bugs.webkit.org/show_bug.cgi?id=29929
+
+ Add a new test for the bug.
+
+ * http/tests/misc/drag-over-iframe-invalid-source-crash-expected.txt: Added.
+ * http/tests/misc/drag-over-iframe-invalid-source-crash.html: Added.
+
2009-09-29 Simon Fraser <simon.fraser at apple.com>
Reviewed by Dan Bernstein.
diff --git a/LayoutTests/http/tests/misc/drag-over-iframe-invalid-source-crash-expected.txt b/LayoutTests/http/tests/misc/drag-over-iframe-invalid-source-crash-expected.txt
new file mode 100644
index 0000000..b4bcccc
--- /dev/null
+++ b/LayoutTests/http/tests/misc/drag-over-iframe-invalid-source-crash-expected.txt
@@ -0,0 +1,6 @@
+CONSOLE MESSAGE: line 0: Not allowed to load local resource: file:
+This page tests that we don't crash if we drag something to an iframe that has an invalid source.
+
+
+SUCCESS - didn't crash
+
diff --git a/LayoutTests/http/tests/misc/drag-over-iframe-invalid-source-crash.html b/LayoutTests/http/tests/misc/drag-over-iframe-invalid-source-crash.html
new file mode 100644
index 0000000..3d37326
--- /dev/null
+++ b/LayoutTests/http/tests/misc/drag-over-iframe-invalid-source-crash.html
@@ -0,0 +1,22 @@
+<head>
+<script>
+window.onload = function () {
+ if (window.layoutTestController)
+ layoutTestController.dumpAsText();
+
+ var abe = document.getElementById("abe");
+ var dragTarget = document.getElementById("dragTarget");
+
+ eventSender.mouseMoveTo(abe.offsetLeft + 50, abe.offsetTop + 50);
+ eventSender.mouseDown();
+ eventSender.leapForward(500);
+ eventSender.mouseMoveTo(dragTarget.offsetLeft + 10, dragTarget.offsetTop + 10);
+ eventSender.mouseUp();
+}
+</script>
+</head>
+
+<p>This page tests that we don't crash if we drag something to an iframe that has an invalid source.</p>
+<img id="abe" src="http://127.0.0.1:8000/security/resources/abe.png">
+<div>SUCCESS - didn't crash</div>
+<iframe id="dragTarget" src="file:"></iframe>
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index aa028b9..bb61c35 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,15 @@
+2009-09-30 Jian Li <jianli at chromium.org>
+
+ Reviewed by Darin Adler.
+
+ Need to check NULL frame in EventHandler::updateDragAndDrop.
+ https://bugs.webkit.org/show_bug.cgi?id=29929
+
+ Test: http/tests/misc/drag-over-iframe-invalid-source-crash.html
+
+ * page/EventHandler.cpp:
+ (WebCore::EventHandler::updateDragAndDrop):
+
2009-09-29 Simon Fraser <simon.fraser at apple.com>
Reviewed by Dan Bernstein.
diff --git a/WebCore/page/EventHandler.cpp b/WebCore/page/EventHandler.cpp
index 1075e72..4a63c9c 100644
--- a/WebCore/page/EventHandler.cpp
+++ b/WebCore/page/EventHandler.cpp
@@ -1528,15 +1528,15 @@ bool EventHandler::updateDragAndDrop(const PlatformMouseEvent& event, Clipboard*
// it is sometimes incorrect when dragging within subframes, as seen with
// LayoutTests/fast/events/drag-in-frames.html.
if (newTarget) {
- if (newTarget->hasTagName(frameTag) || newTarget->hasTagName(iframeTag))
- accept = static_cast<HTMLFrameElementBase*>(newTarget)->contentFrame()->eventHandler()->updateDragAndDrop(event, clipboard);
+ Frame* frame = (newTarget->hasTagName(frameTag) || newTarget->hasTagName(iframeTag)) ? static_cast<HTMLFrameElementBase*>(newTarget)->contentFrame() : 0;
+ if (frame)
+ accept = frame->eventHandler()->updateDragAndDrop(event, clipboard);
else
accept = dispatchDragEvent(eventNames().dragenterEvent, newTarget, event, clipboard);
}
if (m_dragTarget) {
- Frame* frame = (m_dragTarget->hasTagName(frameTag) || m_dragTarget->hasTagName(iframeTag))
- ? static_cast<HTMLFrameElementBase*>(m_dragTarget.get())->contentFrame() : 0;
+ Frame* frame = (m_dragTarget->hasTagName(frameTag) || m_dragTarget->hasTagName(iframeTag)) ? static_cast<HTMLFrameElementBase*>(m_dragTarget.get())->contentFrame() : 0;
if (frame)
accept = frame->eventHandler()->updateDragAndDrop(event, clipboard);
else
@@ -1544,8 +1544,9 @@ bool EventHandler::updateDragAndDrop(const PlatformMouseEvent& event, Clipboard*
}
} else {
if (newTarget) {
- if (newTarget->hasTagName(frameTag) || newTarget->hasTagName(iframeTag))
- accept = static_cast<HTMLFrameElementBase*>(newTarget)->contentFrame()->eventHandler()->updateDragAndDrop(event, clipboard);
+ Frame* frame = (newTarget->hasTagName(frameTag) || newTarget->hasTagName(iframeTag)) ? static_cast<HTMLFrameElementBase*>(newTarget)->contentFrame() : 0;
+ if (frame)
+ accept = frame->eventHandler()->updateDragAndDrop(event, clipboard);
else
accept = dispatchDragEvent(eventNames().dragoverEvent, newTarget, event, clipboard);
}
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list