[SCM] WebKit Debian packaging branch, debian/unstable, updated. debian/1.1.15-1-40151-g37bb677
rjw
rjw at 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Sat Sep 26 07:44:44 UTC 2009
The following commit has been merged in the debian/unstable branch:
commit 6f88393012182c89a6f2da4a6962b4dce62bb00b
Author: rjw <rjw at 268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Tue Jun 10 01:54:13 2003 +0000
Fixed 3281761.
This was a real doozie. It boiled down to a frame
attempting to access a siblings window object when that
frame wasn't loaded and didn't have a document.
Reviewed by Dave.
* khtml/ecma/kjs_window.cpp:
(Window::get):
(Window::isSafeScript):
(FrameArray::get):
Made the isSafeScript more tolerant. Always allow JS to execute
if the active domain is nil (local). Also allow JS to execute
if the target part has no document yet.
* khtml/khtml_part.cpp:
(KHTMLPart::init):
(KHTMLPart::openURL):
(KHTMLPart::jScript):
(KHTMLPart::scheduleRedirection):
(KHTMLPart::findFrame):
Flag redirects during load so we can later avoid
cancelling the redirect when the document would otherwise
normally load.
* khtml/khtmlpart_p.h:
* kwq/WebCoreBridge.mm:
(-[WebCoreBridge addData:]):
Document may now be nil. Replace assert with conditional check.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@4510 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/WebCore/ChangeLog-2003-10-25 b/WebCore/ChangeLog-2003-10-25
index e8a816f..7c21493 100644
--- a/WebCore/ChangeLog-2003-10-25
+++ b/WebCore/ChangeLog-2003-10-25
@@ -1,3 +1,35 @@
+2003-06-09 Richard Williamson <rjw at apple.com>
+
+ Fixed 3281761.
+ This was a real doozie. It boiled down to a frame
+ attempting to access a siblings window object when that
+ frame wasn't loaded and didn't have a document.
+
+ Reviewed by Dave.
+
+ * khtml/ecma/kjs_window.cpp:
+ (Window::get):
+ (Window::isSafeScript):
+ (FrameArray::get):
+ Made the isSafeScript more tolerant. Always allow JS to execute
+ if the active domain is nil (local). Also allow JS to execute
+ if the target part has no document yet.
+
+ * khtml/khtml_part.cpp:
+ (KHTMLPart::init):
+ (KHTMLPart::openURL):
+ (KHTMLPart::jScript):
+ (KHTMLPart::scheduleRedirection):
+ (KHTMLPart::findFrame):
+ Flag redirects during load so we can later avoid
+ cancelling the redirect when the document would otherwise
+ normally load.
+
+ * khtml/khtmlpart_p.h:
+ * kwq/WebCoreBridge.mm:
+ (-[WebCoreBridge addData:]):
+ Document may now be nil. Replace assert with conditional check.
+
2003-06-09 John Sullivan <sullivan at apple.com>
- finished fixing crash in 3275675 -- REGRESSION: crash when replacing <div> which contains iframe (at www.kbs.co.kr)
diff --git a/WebCore/ChangeLog-2005-08-23 b/WebCore/ChangeLog-2005-08-23
index e8a816f..7c21493 100644
--- a/WebCore/ChangeLog-2005-08-23
+++ b/WebCore/ChangeLog-2005-08-23
@@ -1,3 +1,35 @@
+2003-06-09 Richard Williamson <rjw at apple.com>
+
+ Fixed 3281761.
+ This was a real doozie. It boiled down to a frame
+ attempting to access a siblings window object when that
+ frame wasn't loaded and didn't have a document.
+
+ Reviewed by Dave.
+
+ * khtml/ecma/kjs_window.cpp:
+ (Window::get):
+ (Window::isSafeScript):
+ (FrameArray::get):
+ Made the isSafeScript more tolerant. Always allow JS to execute
+ if the active domain is nil (local). Also allow JS to execute
+ if the target part has no document yet.
+
+ * khtml/khtml_part.cpp:
+ (KHTMLPart::init):
+ (KHTMLPart::openURL):
+ (KHTMLPart::jScript):
+ (KHTMLPart::scheduleRedirection):
+ (KHTMLPart::findFrame):
+ Flag redirects during load so we can later avoid
+ cancelling the redirect when the document would otherwise
+ normally load.
+
+ * khtml/khtmlpart_p.h:
+ * kwq/WebCoreBridge.mm:
+ (-[WebCoreBridge addData:]):
+ Document may now be nil. Replace assert with conditional check.
+
2003-06-09 John Sullivan <sullivan at apple.com>
- finished fixing crash in 3275675 -- REGRESSION: crash when replacing <div> which contains iframe (at www.kbs.co.kr)
diff --git a/WebCore/khtml/ecma/kjs_window.cpp b/WebCore/khtml/ecma/kjs_window.cpp
index be13912..eee407d 100644
--- a/WebCore/khtml/ecma/kjs_window.cpp
+++ b/WebCore/khtml/ecma/kjs_window.cpp
@@ -688,6 +688,7 @@ Value Window::get(ExecState *exec, const Identifier &p) const
return Undefined();
}
}
+
KHTMLPart *kp = m_part->findFrame( p.qstring() );
if (kp)
return Value(retrieve(kp));
@@ -953,17 +954,32 @@ bool Window::isSafeScript(ExecState *exec) const
}
DOM::HTMLDocument thisDocument = m_part->htmlDocument();
+#if !APPLE_CHANGES
if ( thisDocument.isNull() ) {
kdDebug(6070) << "Window::isSafeScript: trying to access an XML document !?" << endl;
return false;
}
+#else
+ // JS may be attempting to access the "window" object, which should be valid,
+ // even if the document hasn't been constructed yet. If the document doesn't
+ // exist yet allow JS to access the window object.
+ if (thisDocument.isNull())
+ return true;
+#endif
DOM::HTMLDocument actDocument = activePart->htmlDocument();
+
if ( actDocument.isNull() ) {
kdDebug(6070) << "Window::isSafeScript: active part has no document!" << endl;
return false;
}
+
DOM::DOMString actDomain = actDocument.domain();
+
+ // Always allow local pages to execute any JS.
+ if (actDomain.isNull())
+ return true;
+
DOM::DOMString thisDomain = thisDocument.domain();
//kdDebug(6070) << "current domain:" << actDomain.string() << ", frame domain:" << thisDomain.string() << endl;
if ( actDomain == thisDomain )
@@ -1728,8 +1744,9 @@ Value FrameArray::get(ExecState *exec, const Identifier &p) const
KParts::ReadOnlyPart *frame = part->findFrame(p.qstring());
if (!frame) {
int i = (int)p.toDouble();
- if (i >= 0 && i < len)
+ if (i >= 0 && i < len){
frame = frames.at(i);
+ }
}
// we are potentially fetching a reference to a another Window object here.
diff --git a/WebCore/khtml/khtml_part.cpp b/WebCore/khtml/khtml_part.cpp
index 8e802a6..1d9d756 100644
--- a/WebCore/khtml/khtml_part.cpp
+++ b/WebCore/khtml/khtml_part.cpp
@@ -239,6 +239,10 @@ void KHTMLPart::init( KHTMLView *view, GUIProfile prof )
#else
// The java, javascript, and plugin settings will be set after the settings
// have been initialized.
+ d->m_bJScriptEnabled = true;
+ d->m_bJScriptDebugEnabled = true;
+ d->m_bJavaEnabled = true;
+ d->m_bPluginsEnabled = true;
#endif
#if !APPLE_CHANGES
@@ -367,6 +371,13 @@ bool KHTMLPart::openURL( const KURL &url )
{
kdDebug( 6050 ) << "KHTMLPart(" << this << ")::openURL " << url.url() << endl;
+ if (d->m_scheduledRedirection == redirectionDuringLoad){
+ // We're about to get a redirect that happened before the document was
+ // created. This can happen when one frame may change the location of a
+ // sibling.
+ return false;
+ }
+
cancelRedirection();
#if !APPLE_CHANGES
@@ -644,7 +655,9 @@ extern "C" { KJSProxy *kjs_html_init(KHTMLPart *khtmlpart); }
KJSProxy *KHTMLPart::jScript()
{
- if (!jScriptEnabled()) return 0;
+ if (!jScriptEnabled()){
+ return 0;
+ }
if ( !d->m_jscript )
{
@@ -1834,11 +1847,18 @@ void KHTMLPart::scheduleRedirection( double delay, const QString &url, bool doLo
return;
if ( d->m_scheduledRedirection == noRedirectionScheduled || delay < d->m_delayRedirect )
{
- d->m_scheduledRedirection = redirectionScheduled;
+ if (d->m_doc == 0){
+ // Handle a location change of a page with no document as a special case.
+ // This may happens when a frame changes the location of another frame.
+ d->m_scheduledRedirection = redirectionDuringLoad;
+ }
+ else
+ d->m_scheduledRedirection = redirectionScheduled;
d->m_delayRedirect = delay;
d->m_redirectURL = url;
d->m_redirectLockHistory = doLockHistory;
d->m_redirectUserGesture = userGesture;
+
if ( d->m_bComplete ) {
d->m_redirectionTimer.stop();
d->m_redirectionTimer.start( (int)(1000 * d->m_delayRedirect), true );
@@ -3523,6 +3543,7 @@ KHTMLPart *KHTMLPart::findFrame( const QString &f )
for (; it2 != end; ++it2 )
kdDebug() << " - having frame '" << (*it2).m_name << "'" << endl;
#endif
+
// ### http://www.w3.org/TR/html4/appendix/notes.html#notes-frames
ConstFrameIt it = d->m_frames.find( f );
if ( it == d->m_frames.end() )
diff --git a/WebCore/khtml/khtmlpart_p.h b/WebCore/khtml/khtmlpart_p.h
index 7e60bc8..4add4ef 100644
--- a/WebCore/khtml/khtmlpart_p.h
+++ b/WebCore/khtml/khtmlpart_p.h
@@ -93,7 +93,7 @@ typedef FrameList::Iterator FrameIt;
static int khtml_part_dcop_counter = 0;
-enum RedirectionScheduled { noRedirectionScheduled, redirectionScheduled, historyNavigationScheduled };
+enum RedirectionScheduled { noRedirectionScheduled, redirectionScheduled, historyNavigationScheduled, redirectionDuringLoad };
class KHTMLPartPrivate
{
diff --git a/WebCore/kwq/WebCoreBridge.mm b/WebCore/kwq/WebCoreBridge.mm
index 6940803..d56ca79 100644
--- a/WebCore/kwq/WebCoreBridge.mm
+++ b/WebCore/kwq/WebCoreBridge.mm
@@ -197,10 +197,14 @@ static bool initializedObjectCacheSize = FALSE;
{
DocumentImpl *doc = _part->xmlDocImpl();
- ASSERT (doc);
- doc->setShouldCreateRenderers([self shouldCreateRenderers]);
-
- _part->addData((const char *)[data bytes], [data length]);
+ // Document may be nil if the part is about to redirect
+ // as a result of JS executing during load, i.e. one frame
+ // changing another's location before the frame's document
+ // has been created.
+ if (doc){
+ doc->setShouldCreateRenderers([self shouldCreateRenderers]);
+ _part->addData((const char *)[data bytes], [data length]);
+ }
}
- (void)closeURL
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list