[SCM] WebKit Debian packaging branch, webkit-1.2, updated. upstream/1.1.90-6072-g9a69373
mitz at apple.com
mitz at apple.com
Thu Apr 8 01:58:27 UTC 2010
The following commit has been merged in the webkit-1.2 branch:
commit a1ccbd93dee1c108097d5d788e2cf5e5b62946b6
Author: mitz at apple.com <mitz at apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Wed Feb 24 22:48:52 2010 +0000
<rdar://problem/7018611> innerHTML applies meta/link/title tags from a detached html element
Reviewed by Anders Carlsson.
WebCore:
Test: fast/parser/fragment-parser.html
Ensure that fragment parsing has no side effects on the fragment’s owner
document.
* html/HTMLParser.cpp:
(WebCore::HTMLParser::insertNode): Don’t call
dispatchDocumentElementAvailable() for fragments.
(WebCore::HTMLParser::handleError): Don’t copy attributes to the owner
document’s <html> and <body> elements when a redundant <html> or <body>
is encountered while parsing a fragment.
(WebCore::HTMLParser::framesetCreateErrorCheck): Don’t change the owner
document’s <body> element’s style when parsing a fragment.
(WebCore::HTMLParser::createHead): Don’t attach the new <head> to the
ownder document of a fragment.
LayoutTests:
* fast/parser/fragment-parser-expected.txt: Added.
* fast/parser/fragment-parser.html: Added.
* fast/parser/script-tests/fragment-parser.js: Added.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@55203 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index bdc7066..5ebf207 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,13 @@
+2010-02-24 Dan Bernstein <mitz at apple.com>
+
+ Reviewed by Anders Carlsson.
+
+ <rdar://problem/7018611> innerHTML applies meta/link/title tags from a detached html element
+
+ * fast/parser/fragment-parser-expected.txt: Added.
+ * fast/parser/fragment-parser.html: Added.
+ * fast/parser/script-tests/fragment-parser.js: Added.
+
2010-02-24 Oliver Hunt <oliver at apple.com>
Reviewed by Geoffrey Garen.
diff --git a/LayoutTests/fast/parser/fragment-parser-expected.txt b/LayoutTests/fast/parser/fragment-parser-expected.txt
new file mode 100644
index 0000000..09bd84e
--- /dev/null
+++ b/LayoutTests/fast/parser/fragment-parser-expected.txt
@@ -0,0 +1,25 @@
+Test that fragment parsing does not affect the host document.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS parse('<span><body bgcolor=red>') is ['<span></span>','<html><body></body></html>']
+PASS parse('<span><html bgcolor=red>') is ['<span></span>','<html><body></body></html>']
+PASS parse('<span><meta>') is ['<span></span>','<html><body></body></html>']
+PASS parse('<span><base>') is ['<span></span>','<html><body></body></html>']
+PASS parse('<html><script>') is ['','<html><body></body></html>']
+PASS parse('<html><style>') is ['','<html><body></body></html>']
+PASS parse('<html><meta>') is ['','<html><body></body></html>']
+PASS parse('<html><link>') is ['','<html><body></body></html>']
+PASS parse('<html><object>') is ['<object></object>','<html><body></body></html>']
+PASS parse('<html><embed>') is ['<embed>','<html><body></body></html>']
+PASS parse('<html><title>') is ['','<html><body></body></html>']
+PASS parse('<html><isindex>') is ['<div><hr>This is a searchable index. Enter search keywords: <isindex type="khtml_isindex"><hr></div>','<html><body></body></html>']
+PASS parse('<html><base>') is ['','<html><body></body></html>']
+PASS parse('<html><div>') is ['<div></div>','<html><body></body></html>']
+PASS parse('<frameset>') is ['<frameset></frameset>','<html><body></body></html>']
+PASS parse('<html>x', true) is ['x','no document element']
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
diff --git a/LayoutTests/fast/parser/fragment-parser.html b/LayoutTests/fast/parser/fragment-parser.html
new file mode 100644
index 0000000..f501461
--- /dev/null
+++ b/LayoutTests/fast/parser/fragment-parser.html
@@ -0,0 +1,13 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<html>
+<head>
+<link rel="stylesheet" href="../js/resources/js-test-style.css">
+<script src="../js/resources/js-test-pre.js"></script>
+</head>
+<body>
+<p id="description"></p>
+<div id="console"></div>
+<script src="script-tests/fragment-parser.js"></script>
+<script src="../js/resources/js-test-post.js"></script>
+</body>
+</html>
diff --git a/LayoutTests/fast/parser/script-tests/fragment-parser.js b/LayoutTests/fast/parser/script-tests/fragment-parser.js
new file mode 100644
index 0000000..3b9076a
--- /dev/null
+++ b/LayoutTests/fast/parser/script-tests/fragment-parser.js
@@ -0,0 +1,35 @@
+description('Test that fragment parsing does not affect the host document.');
+
+function parse(string, removeDocumentElement) {
+ var iframe = document.createElement("iframe");
+ document.body.appendChild(iframe);
+ var doc = iframe.contentDocument;
+ doc.documentElement.removeChild(doc.documentElement.firstChild);
+ if (removeDocumentElement)
+ doc.removeChild(doc.documentElement);
+
+ var div = doc.createDocumentFragment().appendChild(doc.createElement("div"));
+ div.innerHTML = string;
+ document.body.removeChild(iframe);
+ return [div.innerHTML, doc.documentElement ? doc.documentElement.outerHTML : "no document element"];
+}
+
+shouldBe("parse('<span><body bgcolor=red>')", "['<span></span>','<html><body></body></html>']");
+shouldBe("parse('<span><html bgcolor=red>')", "['<span></span>','<html><body></body></html>']");
+shouldBe("parse('<span><meta>')", "['<span></span>','<html><body></body></html>']");
+shouldBe("parse('<span><base>')", "['<span></span>','<html><body></body></html>']");
+shouldBe("parse('<html><script>')", "['','<html><body></body></html>']");
+shouldBe("parse('<html><style>')", "['','<html><body></body></html>']");
+shouldBe("parse('<html><meta>')", "['','<html><body></body></html>']");
+shouldBe("parse('<html><link>')", "['','<html><body></body></html>']");
+shouldBe("parse('<html><object>')", "['<object></object>','<html><body></body></html>']");
+shouldBe("parse('<html><embed>')", "['<embed>','<html><body></body></html>']");
+
+shouldBe("parse('<html><title>')", "['','<html><body></body></html>']");
+shouldBe("parse('<html><isindex>')", "['<div><hr>This is a searchable index. Enter search keywords: <isindex type=\"khtml_isindex\"><hr></div>','<html><body></body></html>']");
+shouldBe("parse('<html><base>')", "['','<html><body></body></html>']");
+shouldBe("parse('<html><div>')", "['<div></div>','<html><body></body></html>']");
+shouldBe("parse('<frameset>')", "['<frameset></frameset>','<html><body></body></html>']");
+shouldBe("parse('<html>x', true)", "['x','no document element']");
+
+var successfullyParsed = true;
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index cf1a87d..402651b 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,25 @@
+2010-02-24 Dan Bernstein <mitz at apple.com>
+
+ Reviewed by Anders Carlsson.
+
+ <rdar://problem/7018611> innerHTML applies meta/link/title tags from a detached html element
+
+ Test: fast/parser/fragment-parser.html
+
+ Ensure that fragment parsing has no side effects on the fragment’s owner
+ document.
+
+ * html/HTMLParser.cpp:
+ (WebCore::HTMLParser::insertNode): Don’t call
+ dispatchDocumentElementAvailable() for fragments.
+ (WebCore::HTMLParser::handleError): Don’t copy attributes to the owner
+ document’s <html> and <body> elements when a redundant <html> or <body>
+ is encountered while parsing a fragment.
+ (WebCore::HTMLParser::framesetCreateErrorCheck): Don’t change the owner
+ document’s <body> element’s style when parsing a fragment.
+ (WebCore::HTMLParser::createHead): Don’t attach the new <head> to the
+ ownder document of a fragment.
+
2010-02-24 David Levin <levin at chromium.org>
Reviewed by Darin Adler.
diff --git a/WebCore/html/HTMLParser.cpp b/WebCore/html/HTMLParser.cpp
index 644f63e..60ee7ae 100644
--- a/WebCore/html/HTMLParser.cpp
+++ b/WebCore/html/HTMLParser.cpp
@@ -400,7 +400,7 @@ bool HTMLParser::insertNode(Node* n, bool flat)
n->finishParsingChildren();
}
- if (localName == htmlTag && m_document->frame())
+ if (localName == htmlTag && m_document->frame() && !m_isParsingFragment)
m_document->frame()->loader()->dispatchDocumentElementAvailable();
return true;
@@ -446,7 +446,7 @@ bool HTMLParser::handleError(Node* n, bool flat, const AtomicString& localName,
}
} else if (h->hasLocalName(htmlTag)) {
if (!m_current->isDocumentNode() ) {
- if (m_document->documentElement() && m_document->documentElement()->hasTagName(htmlTag)) {
+ if (m_document->documentElement() && m_document->documentElement()->hasTagName(htmlTag) && !m_isParsingFragment) {
reportError(RedundantHTMLBodyError, &localName);
// we have another <HTML> element.... apply attributes to existing one
// make sure we don't overwrite already existing attributes
@@ -489,7 +489,7 @@ bool HTMLParser::handleError(Node* n, bool flat, const AtomicString& localName,
return false;
}
} else if (h->hasLocalName(bodyTag)) {
- if (m_inBody && m_document->body()) {
+ if (m_inBody && m_document->body() && !m_isParsingFragment) {
// we have another <BODY> element.... apply attributes to existing one
// make sure we don't overwrite already existing attributes
// some sites use <body bgcolor=rightcolor>...<body bgcolor=wrongcolor>
@@ -503,8 +503,7 @@ bool HTMLParser::handleError(Node* n, bool flat, const AtomicString& localName,
existingBody->setAttribute(it->name(), it->value());
}
return false;
- }
- else if (!m_current->isDocumentNode())
+ } else if (!m_current->isDocumentNode())
return false;
} else if (h->hasLocalName(areaTag)) {
if (m_currentMapElement) {
@@ -551,7 +550,7 @@ bool HTMLParser::handleError(Node* n, bool flat, const AtomicString& localName,
if (!m_haveFrameSet) {
// Ensure that head exists.
// But not for older versions of Mail, where the implicit <head> isn't expected - <rdar://problem/6863795>
- if (shouldCreateImplicitHead(m_document))
+ if (!m_isParsingFragment && shouldCreateImplicitHead(m_document))
createHead();
popBlock(headTag);
@@ -758,7 +757,7 @@ bool HTMLParser::framesetCreateErrorCheck(Token*, RefPtr<Node>&)
// we can't implement that behaviour now because it could cause too many
// regressions and the headaches are not worth the work as long as there is
// no site actually relying on that detail (Dirk)
- if (m_document->body())
+ if (m_document->body() && !m_isParsingFragment)
m_document->body()->setAttribute(styleAttr, "display:none");
m_inBody = false;
}
@@ -1590,12 +1589,16 @@ void HTMLParser::createHead()
if (m_head)
return;
- if (!m_document->documentElement()) {
+ if (!m_document->documentElement() && !m_isParsingFragment) {
insertNode(new HTMLHtmlElement(htmlTag, m_document));
- ASSERT(m_document->documentElement());
+ ASSERT(m_document->documentElement() || m_isParsingFragment);
}
m_head = new HTMLHeadElement(headTag, m_document);
+
+ if (m_isParsingFragment)
+ return;
+
HTMLElement* body = m_document->body();
ExceptionCode ec = 0;
m_document->documentElement()->insertBefore(m_head.get(), body, ec);
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list