[SCM] WebKit Debian packaging branch, webkit-1.1, updated. upstream/1.1.15.1-1414-gc69ee75
eric at webkit.org
eric at webkit.org
Thu Oct 29 20:43:54 UTC 2009
The following commit has been merged in the webkit-1.1 branch:
commit 871c3a727c22e97f0ad8d38becec29ecdc676910
Author: eric at webkit.org <eric at webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Tue Oct 13 20:27:04 2009 +0000
2009-10-13 Dmitry Titov <dimich at chromium.org>
Reviewed by Adam Barth.
Event listeners installed on a window object returned from window.open() don't work
https://bugs.webkit.org/show_bug.cgi?id=28716
* http/tests/security/resources/has-window-events.html: Added.
* http/tests/security/window-events-clear-domain-expected.txt: Added.
* http/tests/security/window-events-clear-domain.html: Added.
* http/tests/security/window-events-clear-port-expected.txt: Added.
* http/tests/security/window-events-clear-port.html: Added.
* http/tests/security/window-events-pass-expected.txt: Added.
* http/tests/security/window-events-pass.html: Added.
2009-10-13 Dmitry Titov <dimich at chromium.org>
Reviewed by Adam Barth.
Event listeners installed on a window object returned from window.open() don't work
https://bugs.webkit.org/show_bug.cgi?id=28716
Tests: http/tests/security/window-events-clear-domain.html
http/tests/security/window-events-clear-port.html
http/tests/security/window-events-pass.html
* dom/Document.cpp: Split code of Document::clear() in a way to avoid removing all
window event handlers when implicitOpen is called. It is called in 2 cases - on
committing loaded content (no need to clean handlers) and on document.open() (needs to remove handlers).
(WebCore::Document::open): in addition to calling implicitOpen it also removes window
event handlers, to preserve the behavior of document.open().
(WebCore::Document::implicitOpen): includes the part of removed Document::clear() that
does not remove window event handlers.
* dom/Document.h: Removed clear().
* loader/FrameLoader.cpp:
(WebCore::FrameLoader::stopLoading): add check to avoid removing window event handlers
if we transition from temporary empty document to a loaded one.
(WebCore::FrameLoader::didOpenURL): Remove closeURL() which was called twice when loading.
(WebCore::FrameLoader::finishedLoadingDocument): add closeURL() to compensate for change above.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@49507 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index 08e22ad..1fc0702 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,18 @@
+2009-10-13 Dmitry Titov <dimich at chromium.org>
+
+ Reviewed by Adam Barth.
+
+ Event listeners installed on a window object returned from window.open() don't work
+ https://bugs.webkit.org/show_bug.cgi?id=28716
+
+ * http/tests/security/resources/has-window-events.html: Added.
+ * http/tests/security/window-events-clear-domain-expected.txt: Added.
+ * http/tests/security/window-events-clear-domain.html: Added.
+ * http/tests/security/window-events-clear-port-expected.txt: Added.
+ * http/tests/security/window-events-clear-port.html: Added.
+ * http/tests/security/window-events-pass-expected.txt: Added.
+ * http/tests/security/window-events-pass.html: Added.
+
2009-10-13 Pavel Feldman <pfeldman at chromium.org>
Layout test fix, reverting previous change.
diff --git a/LayoutTests/http/tests/security/resources/has-window-events.html b/LayoutTests/http/tests/security/resources/has-window-events.html
new file mode 100644
index 0000000..974cee6
--- /dev/null
+++ b/LayoutTests/http/tests/security/resources/has-window-events.html
@@ -0,0 +1,8 @@
+<script>
+function finish() {
+ // Attribute handler fires after other event handlers - we use this to finish the test.
+ if (window.layoutTestController)
+ layoutTestController.notifyDone();
+}
+</script>
+<body onload='finish()'></body>
diff --git a/LayoutTests/http/tests/security/window-events-clear-domain-expected.txt b/LayoutTests/http/tests/security/window-events-clear-domain-expected.txt
new file mode 100644
index 0000000..95f6418
--- /dev/null
+++ b/LayoutTests/http/tests/security/window-events-clear-domain-expected.txt
@@ -0,0 +1,2 @@
+Test that window event handlers set for initial document are reset upon navigation if security check failed. There will be 'PASS' below if the test passes:
+PASS
diff --git a/LayoutTests/http/tests/security/window-events-clear-domain.html b/LayoutTests/http/tests/security/window-events-clear-domain.html
new file mode 100644
index 0000000..7c52bc5
--- /dev/null
+++ b/LayoutTests/http/tests/security/window-events-clear-domain.html
@@ -0,0 +1,28 @@
+<html>
+<head>
+<script>
+if (window.layoutTestController) {
+ layoutTestController.dumpAsText();
+ layoutTestController.waitUntilDone();
+ layoutTestController.setCanOpenWindows();
+}
+
+function unloadHandler() {
+ document.getElementById('result').innerHTML = "PASS";
+}
+
+function loadHandler() {
+ document.getElementById('result').innerHTML = "FAIL - load event should not fire if security check failed.";
+}
+
+function test()
+{
+ var w = window.open('http://localhost:8000/security/resources/has-window-events.html');
+ w.addEventListener('unload', unloadHandler, false);
+ w.addEventListener('load', loadHandler, false);
+}
+
+</script>
+<body onload='test()'>
+Test that window event handlers set for initial document are reset upon navigation if security check failed. There will be 'PASS' below if the test passes:<br>
+<div id='result'>FAIL - nothing happened</div>
diff --git a/LayoutTests/http/tests/security/window-events-clear-port-expected.txt b/LayoutTests/http/tests/security/window-events-clear-port-expected.txt
new file mode 100644
index 0000000..95f6418
--- /dev/null
+++ b/LayoutTests/http/tests/security/window-events-clear-port-expected.txt
@@ -0,0 +1,2 @@
+Test that window event handlers set for initial document are reset upon navigation if security check failed. There will be 'PASS' below if the test passes:
+PASS
diff --git a/LayoutTests/http/tests/security/window-events-clear-port.html b/LayoutTests/http/tests/security/window-events-clear-port.html
new file mode 100644
index 0000000..73b34c1
--- /dev/null
+++ b/LayoutTests/http/tests/security/window-events-clear-port.html
@@ -0,0 +1,28 @@
+<html>
+<head>
+<script>
+if (window.layoutTestController) {
+ layoutTestController.dumpAsText();
+ layoutTestController.waitUntilDone();
+ layoutTestController.setCanOpenWindows();
+}
+
+function unloadHandler() {
+ document.getElementById('result').innerHTML = "PASS";
+}
+
+function loadHandler() {
+ document.getElementById('result').innerHTML = "FAIL - load event should not fire if security check failed.";
+}
+
+function test()
+{
+ var w = window.open('http://127.0.0.1:8080/security/resources/has-window-events.html');
+ w.addEventListener('unload', unloadHandler, false);
+ w.addEventListener('load', loadHandler, false);
+}
+
+</script>
+<body onload='test()'>
+Test that window event handlers set for initial document are reset upon navigation if security check failed. There will be 'PASS' below if the test passes:<br>
+<div id='result'>FAIL - nothing happened</div>
diff --git a/LayoutTests/http/tests/security/window-events-pass-expected.txt b/LayoutTests/http/tests/security/window-events-pass-expected.txt
new file mode 100644
index 0000000..464c68d
--- /dev/null
+++ b/LayoutTests/http/tests/security/window-events-pass-expected.txt
@@ -0,0 +1,4 @@
+main frame - has 1 onunload handler(s)
+Test that window event handlers set for initial document are kept if security check passes. There will be 2 'PASS' messages below if the test passes:
+PASS: unload fired.
+PASS: load fired.
diff --git a/LayoutTests/http/tests/security/window-events-pass.html b/LayoutTests/http/tests/security/window-events-pass.html
new file mode 100644
index 0000000..d950ca4
--- /dev/null
+++ b/LayoutTests/http/tests/security/window-events-pass.html
@@ -0,0 +1,28 @@
+<html>
+<head>
+<script>
+if (window.layoutTestController) {
+ layoutTestController.dumpAsText();
+ layoutTestController.waitUntilDone();
+ layoutTestController.setCanOpenWindows();
+}
+
+function unloadHandler() {
+ document.getElementById('result').innerHTML = "PASS: unload fired.";
+}
+
+function loadHandler() {
+ document.getElementById('result').innerHTML += "<br>PASS: load fired.";
+}
+
+function test()
+{
+ var w = window.open('http://127.0.0.1:8000/security/resources/has-window-events.html');
+ w.addEventListener('unload', unloadHandler, false);
+ w.addEventListener('load', loadHandler, false);
+}
+
+</script>
+<body onload='test()'>
+Test that window event handlers set for initial document are kept if security check passes. There will be 2 'PASS' messages below if the test passes:<br>
+<div id='result'>FAIL</div>
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index 263cb50..48f5840 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,33 @@
+2009-10-13 Dmitry Titov <dimich at chromium.org>
+
+ Reviewed by Adam Barth.
+
+ Event listeners installed on a window object returned from window.open() don't work
+ https://bugs.webkit.org/show_bug.cgi?id=28716
+
+ Tests: http/tests/security/window-events-clear-domain.html
+ http/tests/security/window-events-clear-port.html
+ http/tests/security/window-events-pass.html
+
+ * dom/Document.cpp: Split code of Document::clear() in a way to avoid removing all
+ window event handlers when implicitOpen is called. It is called in 2 cases - on
+ committing loaded content (no need to clean handlers) and on document.open() (needs to remove handlers).
+
+ (WebCore::Document::open): in addition to calling implicitOpen it also removes window
+ event handlers, to preserve the behavior of document.open().
+
+ (WebCore::Document::implicitOpen): includes the part of removed Document::clear() that
+ does not remove window event handlers.
+
+ * dom/Document.h: Removed clear().
+
+ * loader/FrameLoader.cpp:
+ (WebCore::FrameLoader::stopLoading): add check to avoid removing window event handlers
+ if we transition from temporary empty document to a loaded one.
+
+ (WebCore::FrameLoader::didOpenURL): Remove closeURL() which was called twice when loading.
+ (WebCore::FrameLoader::finishedLoadingDocument): add closeURL() to compensate for change above.
+
2009-10-13 Brian Weinstein <bweinstein at apple.com>
Reviewed by Pavel Feldman.
diff --git a/WebCore/dom/Document.cpp b/WebCore/dom/Document.cpp
index ef23007..b2c16fc 100644
--- a/WebCore/dom/Document.cpp
+++ b/WebCore/dom/Document.cpp
@@ -1561,6 +1561,9 @@ void Document::open(Document* ownerDocument)
implicitOpen();
+ if (DOMWindow* domWindow = this->domWindow())
+ domWindow->removeAllEventListeners();
+
if (m_frame)
m_frame->loader()->didExplicitOpen();
}
@@ -1582,7 +1585,11 @@ void Document::implicitOpen()
{
cancelParsing();
- clear();
+ delete m_tokenizer;
+ m_tokenizer = 0;
+
+ removeChildren();
+
m_tokenizer = createTokenizer();
setParsing(true);
@@ -1860,16 +1867,6 @@ void Document::finishParsing()
m_tokenizer->finish();
}
-void Document::clear()
-{
- delete m_tokenizer;
- m_tokenizer = 0;
-
- removeChildren();
- if (DOMWindow* domWindow = this->domWindow())
- domWindow->removeAllEventListeners();
-}
-
const KURL& Document::virtualURL() const
{
return m_url;
diff --git a/WebCore/dom/Document.h b/WebCore/dom/Document.h
index a583d3e..09bba58 100644
--- a/WebCore/dom/Document.h
+++ b/WebCore/dom/Document.h
@@ -473,7 +473,6 @@ public:
void write(const String& text, Document* ownerDocument = 0);
void writeln(const String& text, Document* ownerDocument = 0);
void finishParsing();
- void clear();
bool wellFormed() const { return m_wellFormed; }
diff --git a/WebCore/loader/FrameLoader.cpp b/WebCore/loader/FrameLoader.cpp
index dfd702b..ced129d 100644
--- a/WebCore/loader/FrameLoader.cpp
+++ b/WebCore/loader/FrameLoader.cpp
@@ -516,8 +516,14 @@ void FrameLoader::stopLoading(UnloadEventPolicy unloadEventPolicy, DatabasePolic
}
// Dispatching the unload event could have made m_frame->document() null.
- if (m_frame->document() && !m_frame->document()->inPageCache())
- m_frame->document()->removeAllEventListeners();
+ if (m_frame->document() && !m_frame->document()->inPageCache()) {
+ // Don't remove event listeners from a transitional empty document (see bug 28716 for more information).
+ bool keepEventListeners = m_isDisplayingInitialEmptyDocument && m_provisionalDocumentLoader
+ && m_frame->document()->securityOrigin()->isSecureTransitionTo(m_provisionalDocumentLoader->url());
+
+ if (!keepEventListeners)
+ m_frame->document()->removeAllEventListeners();
+ }
}
m_isComplete = true; // to avoid calling completed() in finishedParsing()
@@ -607,7 +613,6 @@ bool FrameLoader::didOpenURL(const KURL& url)
m_frame->redirectScheduler()->cancel();
m_frame->editor()->clearLastEditCommand();
- closeURL();
m_isComplete = false;
m_isLoadingMainResource = true;
@@ -2795,6 +2800,8 @@ void FrameLoader::finishedLoadingDocument(DocumentLoader* loader)
loader->setParsedArchiveData(mainResource->data());
m_responseMIMEType = mainResource->mimeType();
+
+ closeURL();
didOpenURL(mainResource->url());
String userChosenEncoding = documentLoader()->overrideEncoding();
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list