[SCM] WebKit Debian packaging branch, webkit-1.2, updated. upstream/1.1.90-6072-g9a69373
ap at apple.com
ap at apple.com
Thu Apr 8 00:59:00 UTC 2010
The following commit has been merged in the webkit-1.2 branch:
commit b3b5c3b4fe4cae4d5fbc53b170e95d966b3efc09
Author: ap at apple.com <ap at apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Sat Jan 9 00:30:03 2010 +0000
Reviewed by Dan Bernstein.
https://bugs.webkit.org/show_bug.cgi?id=32962
HTML tags are wrongfully parsed when setting innerHTML of a SCRIPT element
Also fixed the same for STYLE elements.
Tests: fast/dom/css-innerHTML.html
fast/dom/script-innerHTML-x.xhtml
fast/dom/script-innerHTML.html
* html/HTMLElement.cpp: (WebCore::HTMLElement::setInnerHTML): Don't parse JS or CSS as HTML,
matching Firefox.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@53023 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index e5c52e5..a143c27 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,17 @@
+2010-01-08 Alexey Proskuryakov <ap at apple.com>
+
+ Reviewed by Dan Bernstein.
+
+ https://bugs.webkit.org/show_bug.cgi?id=32962
+ HTML tags are wrongfully parsed when setting innerHTML of a SCRIPT element
+
+ * fast/dom/css-innerHTML-expected.txt: Added.
+ * fast/dom/css-innerHTML.html: Added.
+ * fast/dom/script-innerHTML-expected.txt: Added.
+ * fast/dom/script-innerHTML-x-expected.txt: Added.
+ * fast/dom/script-innerHTML-x.xhtml: Added.
+ * fast/dom/script-innerHTML.html: Added.
+
2010-01-08 Dumitru Daniliuc <dumi at chromium.org>
Reviewed by Eric Seidel.
diff --git a/LayoutTests/fast/dom/css-innerHTML-expected.txt b/LayoutTests/fast/dom/css-innerHTML-expected.txt
new file mode 100644
index 0000000..797907a
--- /dev/null
+++ b/LayoutTests/fast/dom/css-innerHTML-expected.txt
@@ -0,0 +1,3 @@
+Should say PASS:
+
+PASS
diff --git a/LayoutTests/fast/dom/css-innerHTML.html b/LayoutTests/fast/dom/css-innerHTML.html
new file mode 100644
index 0000000..e63bacb
--- /dev/null
+++ b/LayoutTests/fast/dom/css-innerHTML.html
@@ -0,0 +1,13 @@
+<body>
+<p>Should say PASS:</p>
+<div id="test"></div>
+<script>
+if (window.layoutTestController)
+ layoutTestController.dumpAsText();
+
+var e= document.createElement('style');
+e.innerHTML= "<p>foobar</p>"; // yes, that's invalid CSS
+document.body.appendChild(e);
+// If it were parsed, it would have been just "foobar".
+document.getElementById("test").innerHTML = (e.textContent == "<p>foobar</p>") ? "PASS" : "FAIL";
+</script>
diff --git a/LayoutTests/fast/dom/script-innerHTML-expected.txt b/LayoutTests/fast/dom/script-innerHTML-expected.txt
new file mode 100644
index 0000000..797907a
--- /dev/null
+++ b/LayoutTests/fast/dom/script-innerHTML-expected.txt
@@ -0,0 +1,3 @@
+Should say PASS:
+
+PASS
diff --git a/LayoutTests/fast/dom/script-innerHTML-x-expected.txt b/LayoutTests/fast/dom/script-innerHTML-x-expected.txt
new file mode 100644
index 0000000..797907a
--- /dev/null
+++ b/LayoutTests/fast/dom/script-innerHTML-x-expected.txt
@@ -0,0 +1,3 @@
+Should say PASS:
+
+PASS
diff --git a/LayoutTests/fast/dom/script-innerHTML-x.xhtml b/LayoutTests/fast/dom/script-innerHTML-x.xhtml
new file mode 100644
index 0000000..54fbc90
--- /dev/null
+++ b/LayoutTests/fast/dom/script-innerHTML-x.xhtml
@@ -0,0 +1,17 @@
+<html xmlns="http://www.w3.org/1999/xhtml">
+<body>
+<p>Should say PASS:</p>
+<div id="test"></div>
+<script><![CDATA[
+if (window.layoutTestController)
+ layoutTestController.dumpAsText();
+
+var tagString = "document.getElementById('test').innerHTML='<p>PASS</p>';";
+var e= document.createElement('script');
+document.body.appendChild(e);
+
+e.innerHTML = tagString;
+]]>
+</script>
+</body>
+</html>
diff --git a/LayoutTests/fast/dom/script-innerHTML.html b/LayoutTests/fast/dom/script-innerHTML.html
new file mode 100644
index 0000000..a827337
--- /dev/null
+++ b/LayoutTests/fast/dom/script-innerHTML.html
@@ -0,0 +1,11 @@
+<body>
+<p>Should say PASS:</p>
+<div id="test"></div>
+<script>
+if (window.layoutTestController)
+ layoutTestController.dumpAsText();
+
+var e= document.createElement('script');
+e.innerHTML= "document.getElementById('test').innerHTML='<p>PASS';";
+document.body.appendChild(e);
+</script>
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index bd6b50b..838a239 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,19 @@
+2010-01-08 Alexey Proskuryakov <ap at apple.com>
+
+ Reviewed by Dan Bernstein.
+
+ https://bugs.webkit.org/show_bug.cgi?id=32962
+ HTML tags are wrongfully parsed when setting innerHTML of a SCRIPT element
+
+ Also fixed the same for STYLE elements.
+
+ Tests: fast/dom/css-innerHTML.html
+ fast/dom/script-innerHTML-x.xhtml
+ fast/dom/script-innerHTML.html
+
+ * html/HTMLElement.cpp: (WebCore::HTMLElement::setInnerHTML): Don't parse JS or CSS as HTML,
+ matching Firefox.
+
2010-01-08 Beth Dakin <bdakin at apple.com>
Reviewed by Oliver Hunt.
diff --git a/WebCore/html/HTMLElement.cpp b/WebCore/html/HTMLElement.cpp
index ae79678..431d72a 100644
--- a/WebCore/html/HTMLElement.cpp
+++ b/WebCore/html/HTMLElement.cpp
@@ -375,6 +375,13 @@ static void replaceChildrenWithText(HTMLElement* element, const String& text, Ex
void HTMLElement::setInnerHTML(const String& html, ExceptionCode& ec)
{
+ if (hasLocalName(scriptTag) || hasLocalName(styleTag)) {
+ // Script and CSS source shouldn't be parsed as HTML.
+ removeChildren();
+ appendChild(document()->createTextNode(html), ec);
+ return;
+ }
+
RefPtr<DocumentFragment> fragment = createContextualFragment(html);
if (!fragment) {
ec = NO_MODIFICATION_ALLOWED_ERR;
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list