[SCM] WebKit Debian packaging branch, webkit-1.2, updated. upstream/1.1.90-6072-g9a69373
Gustavo Noronha Silva
gns at gnome.org
Thu Apr 8 02:24:48 UTC 2010
The following commit has been merged in the webkit-1.2 branch:
commit 79e3402f2170cd34849c036a1d4156bb3ee8fbfc
Author: ggaren at apple.com <ggaren at apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Thu Apr 1 01:54:40 2010 +0000
Crash submitting display:none textarea in a form
https://bugs.webkit.org/show_bug.cgi?id=36905
Reviewed by Darin Adler.
WebCore:
Test: fast/forms/textarea-submit-crash.html
* html/HTMLTextAreaElement.cpp:
(WebCore::HTMLTextAreaElement::appendFormData): Do update layout before
asking our renderer for its text, since we can't rely on our renderer's
text if layout is needed.
* rendering/RenderTextControl.cpp:
(WebCore::RenderTextControl::textWithHardLineBreaks): Don't update layout
while being asked for our text, since doing so may delete us, causing a crash.
LayoutTests:
* fast/forms/textarea-submit-crash-expected.txt: Added.
* fast/forms/textarea-submit-crash.html: Added.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@56885 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index 565c82e..12eede5 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,13 @@
+2010-03-31 Geoffrey Garen <ggaren at apple.com>
+
+ Reviewed by Darin Adler.
+
+ Crash submitting display:none textarea in a form
+ https://bugs.webkit.org/show_bug.cgi?id=36905
+
+ * fast/forms/textarea-submit-crash-expected.txt: Added.
+ * fast/forms/textarea-submit-crash.html: Added.
+
2010-03-31 Mark Rowe <mrowe at apple.com>
Reviewed by Darin Adler.
diff --git a/LayoutTests/fast/forms/textarea-submit-crash-expected.txt b/LayoutTests/fast/forms/textarea-submit-crash-expected.txt
new file mode 100644
index 0000000..a173c90
--- /dev/null
+++ b/LayoutTests/fast/forms/textarea-submit-crash-expected.txt
@@ -0,0 +1,6 @@
+This tests that a display:none textarea doesn't crash when submitted in a form.
+
+
+PASS: You didn't crash.
+Submitted form value: ?value=123456789
+
diff --git a/LayoutTests/fast/forms/textarea-submit-crash.html b/LayoutTests/fast/forms/textarea-submit-crash.html
new file mode 100644
index 0000000..4102137
--- /dev/null
+++ b/LayoutTests/fast/forms/textarea-submit-crash.html
@@ -0,0 +1,31 @@
+<p>This tests that a display:none textarea doesn't crash when submitted in a form.</p>
+<form action="?" id="form">
+ <textarea id="textarea" name=value style="-webkit-appearance:textarea" wrap=hard>123456789</textarea>
+</form>
+
+<pre id="console"></pre>
+
+<script>
+function log(s) {
+ document.getElementById('console').appendChild(document.createTextNode(s + "\n"));
+}
+
+(function () {
+ if (document.URL.indexOf('?') == -1) {
+ if (window.layoutTestController) {
+ layoutTestController.dumpAsText();
+ layoutTestController.waitUntilDone();
+ }
+
+ document.getElementById("textarea").style.display = "none";
+ document.getElementById("form").submit();
+ return;
+ }
+
+ log("PASS: You didn't crash.");
+ log("Submitted form value: " + location.search);
+
+ if (window.layoutTestController)
+ layoutTestController.notifyDone();
+})();
+</script>
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index e4ccde4..afd7c7d 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,21 @@
+2010-03-31 Geoffrey Garen <ggaren at apple.com>
+
+ Reviewed by Darin Adler.
+
+ Crash submitting display:none textarea in a form
+ https://bugs.webkit.org/show_bug.cgi?id=36905
+
+ Test: fast/forms/textarea-submit-crash.html
+
+ * html/HTMLTextAreaElement.cpp:
+ (WebCore::HTMLTextAreaElement::appendFormData): Do update layout before
+ asking our renderer for its text, since we can't rely on our renderer's
+ text if layout is needed.
+
+ * rendering/RenderTextControl.cpp:
+ (WebCore::RenderTextControl::textWithHardLineBreaks): Don't update layout
+ while being asked for our text, since doing so may delete us, causing a crash.
+
2010-03-31 Mark Rowe <mrowe at apple.com>
Reviewed by Darin Adler.
diff --git a/WebCore/html/HTMLTextAreaElement.cpp b/WebCore/html/HTMLTextAreaElement.cpp
index 79bf45f..439d109 100644
--- a/WebCore/html/HTMLTextAreaElement.cpp
+++ b/WebCore/html/HTMLTextAreaElement.cpp
@@ -166,6 +166,8 @@ bool HTMLTextAreaElement::appendFormData(FormDataList& encoding, bool)
if (name().isEmpty())
return false;
+ document()->updateLayout();
+
// FIXME: It's not acceptable to ignore the HardWrap setting when there is no renderer.
// While we have no evidence this has ever been a practical problem, it would be best to fix it some day.
RenderTextControl* control = toRenderTextControl(renderer());
diff --git a/WebCore/rendering/RenderTextControl.cpp b/WebCore/rendering/RenderTextControl.cpp
index d18940b..0cb11dd 100644
--- a/WebCore/rendering/RenderTextControl.cpp
+++ b/WebCore/rendering/RenderTextControl.cpp
@@ -373,8 +373,6 @@ String RenderTextControl::textWithHardLineBreaks()
if (!firstChild)
return "";
- document()->updateLayout();
-
RenderObject* renderer = firstChild->renderer();
if (!renderer)
return "";
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list