[SCM] WebKit Debian packaging branch, debian/experimental, updated. upstream/1.3.3-9427-gc2be6fc

tkent at chromium.org tkent at chromium.org
Wed Dec 22 11:24:22 UTC 2010 

The following commit has been merged in the debian/experimental branch:
commit 71f71608fed22d0976f492601b3ab2ec81ca2678
Author: tkent at chromium.org <tkent at chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Thu Jul 22 03:08:59 2010 +0000

    2010-07-21  Kent Tamura  <tkent at chromium.org>
    
            Reviewed by Darin Adler.
    
            Assertion failure by changing the type of an input element with a
            non-number value to 'range'.
            https://bugs.webkit.org/show_bug.cgi?id=42643
    
            * fast/forms/input-value-sanitization-expected.txt: Added.
            * fast/forms/input-value-sanitization.html: Added.
            * fast/forms/script-tests/input-value-sanitization.js: Added.
    2010-07-21  Kent Tamura  <tkent at chromium.org>
    
            Reviewed by Darin Adler.
    
            Assertion failure by changing the type of an input element with a
            non-number value to 'range'.
            https://bugs.webkit.org/show_bug.cgi?id=42643
    
            Test: fast/forms/input-value-sanitization.html
    
            * html/HTMLInputElement.cpp:
            (WebCore::HTMLInputElement::setInputType):
            Update the value by HTMLInputElement::sanitizeValue() in a case that
            storesValueSeparateFromAttribute() state is not changed.
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@63876 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index 443064a..5a86562 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,15 @@
+2010-07-21  Kent Tamura  <tkent at chromium.org>
+
+        Reviewed by Darin Adler.
+
+        Assertion failure by changing the type of an input element with a
+        non-number value to 'range'.
+        https://bugs.webkit.org/show_bug.cgi?id=42643
+
+        * fast/forms/input-value-sanitization-expected.txt: Added.
+        * fast/forms/input-value-sanitization.html: Added.
+        * fast/forms/script-tests/input-value-sanitization.js: Added.
+
 2010-07-21  Justin Schuh  <jschuh at chromium.org>
 
         Unreviewed. Build fix.
diff --git a/LayoutTests/fast/forms/input-value-sanitization-expected.txt b/LayoutTests/fast/forms/input-value-sanitization-expected.txt
new file mode 100644
index 0000000..0de8071
--- /dev/null
+++ b/LayoutTests/fast/forms/input-value-sanitization-expected.txt
@@ -0,0 +1,10 @@
+Tests for value sanitization algorithm.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS input.value is "50"
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
diff --git a/LayoutTests/fast/forms/input-value-sanitization.html b/LayoutTests/fast/forms/input-value-sanitization.html
new file mode 100644
index 0000000..3401c16
--- /dev/null
+++ b/LayoutTests/fast/forms/input-value-sanitization.html
@@ -0,0 +1,13 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<html>
+<head>
+<link rel="stylesheet" href="../../fast/js/resources/js-test-style.css">
+<script src="../../fast/js/resources/js-test-pre.js"></script>
+</head>
+<body>
+<p id="description"></p>
+<div id="console"></div>
+<script src="script-tests/input-value-sanitization.js"></script>
+<script src="../../fast/js/resources/js-test-post.js"></script>
+</body>
+</html>
diff --git a/LayoutTests/fast/forms/script-tests/input-value-sanitization.js b/LayoutTests/fast/forms/script-tests/input-value-sanitization.js
new file mode 100644
index 0000000..285292c
--- /dev/null
+++ b/LayoutTests/fast/forms/script-tests/input-value-sanitization.js
@@ -0,0 +1,14 @@
+description('Tests for value sanitization algorithm.');
+
+var input = document.createElement('input');
+
+input.type = 'text';
+input.value = ':)';
+
+input.type = 'range';
+shouldBe('input.value', '"50"');
+
+// FIXME: Add more sanitization tests.
+// https://bugs.webkit.org/show_bug.cgi?id=37024
+
+var successfullyParsed = true;
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index 6116394..ad5ed03 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,18 @@
+2010-07-21  Kent Tamura  <tkent at chromium.org>
+
+        Reviewed by Darin Adler.
+
+        Assertion failure by changing the type of an input element with a
+        non-number value to 'range'.
+        https://bugs.webkit.org/show_bug.cgi?id=42643
+
+        Test: fast/forms/input-value-sanitization.html
+
+        * html/HTMLInputElement.cpp:
+        (WebCore::HTMLInputElement::setInputType):
+        Update the value by HTMLInputElement::sanitizeValue() in a case that
+        storesValueSeparateFromAttribute() state is not changed.
+
 2010-07-21  Adam Barth  <abarth at webkit.org>
 
         Reviewed by Eric Seidel.
diff --git a/WebCore/html/HTMLInputElement.cpp b/WebCore/html/HTMLInputElement.cpp
index b7ad118..c9fd560 100644
--- a/WebCore/html/HTMLInputElement.cpp
+++ b/WebCore/html/HTMLInputElement.cpp
@@ -863,8 +863,12 @@ void HTMLInputElement::setInputType(const String& t)
             }
             if (!didStoreValue && willStoreValue)
                 m_data.setValue(sanitizeValue(getAttribute(valueAttr)));
-            else
-                InputElement::updateValueIfNeeded(m_data, this);
+            else {
+                String oldValue = m_data.value();
+                String newValue = sanitizeValue(oldValue);
+                if (newValue != oldValue)
+                    setValue(newValue);
+            }
 
             if (wasPasswordField && !isPasswordField)
                 unregisterForActivationCallbackIfNeeded();

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list