[SCM] WebKit Debian packaging branch, debian/experimental, updated. upstream/1.3.3-9427-gc2be6fc
tkent at chromium.org
tkent at chromium.org
Wed Dec 22 11:24:22 UTC 2010
The following commit has been merged in the debian/experimental branch:
commit 71f71608fed22d0976f492601b3ab2ec81ca2678
Author: tkent at chromium.org <tkent at chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Thu Jul 22 03:08:59 2010 +0000
2010-07-21 Kent Tamura <tkent at chromium.org>
Reviewed by Darin Adler.
Assertion failure by changing the type of an input element with a
non-number value to 'range'.
https://bugs.webkit.org/show_bug.cgi?id=42643
* fast/forms/input-value-sanitization-expected.txt: Added.
* fast/forms/input-value-sanitization.html: Added.
* fast/forms/script-tests/input-value-sanitization.js: Added.
2010-07-21 Kent Tamura <tkent at chromium.org>
Reviewed by Darin Adler.
Assertion failure by changing the type of an input element with a
non-number value to 'range'.
https://bugs.webkit.org/show_bug.cgi?id=42643
Test: fast/forms/input-value-sanitization.html
* html/HTMLInputElement.cpp:
(WebCore::HTMLInputElement::setInputType):
Update the value by HTMLInputElement::sanitizeValue() in a case that
storesValueSeparateFromAttribute() state is not changed.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@63876 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index 443064a..5a86562 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,15 @@
+2010-07-21 Kent Tamura <tkent at chromium.org>
+
+ Reviewed by Darin Adler.
+
+ Assertion failure by changing the type of an input element with a
+ non-number value to 'range'.
+ https://bugs.webkit.org/show_bug.cgi?id=42643
+
+ * fast/forms/input-value-sanitization-expected.txt: Added.
+ * fast/forms/input-value-sanitization.html: Added.
+ * fast/forms/script-tests/input-value-sanitization.js: Added.
+
2010-07-21 Justin Schuh <jschuh at chromium.org>
Unreviewed. Build fix.
diff --git a/LayoutTests/fast/forms/input-value-sanitization-expected.txt b/LayoutTests/fast/forms/input-value-sanitization-expected.txt
new file mode 100644
index 0000000..0de8071
--- /dev/null
+++ b/LayoutTests/fast/forms/input-value-sanitization-expected.txt
@@ -0,0 +1,10 @@
+Tests for value sanitization algorithm.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS input.value is "50"
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
diff --git a/LayoutTests/fast/forms/input-value-sanitization.html b/LayoutTests/fast/forms/input-value-sanitization.html
new file mode 100644
index 0000000..3401c16
--- /dev/null
+++ b/LayoutTests/fast/forms/input-value-sanitization.html
@@ -0,0 +1,13 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<html>
+<head>
+<link rel="stylesheet" href="../../fast/js/resources/js-test-style.css">
+<script src="../../fast/js/resources/js-test-pre.js"></script>
+</head>
+<body>
+<p id="description"></p>
+<div id="console"></div>
+<script src="script-tests/input-value-sanitization.js"></script>
+<script src="../../fast/js/resources/js-test-post.js"></script>
+</body>
+</html>
diff --git a/LayoutTests/fast/forms/script-tests/input-value-sanitization.js b/LayoutTests/fast/forms/script-tests/input-value-sanitization.js
new file mode 100644
index 0000000..285292c
--- /dev/null
+++ b/LayoutTests/fast/forms/script-tests/input-value-sanitization.js
@@ -0,0 +1,14 @@
+description('Tests for value sanitization algorithm.');
+
+var input = document.createElement('input');
+
+input.type = 'text';
+input.value = ':)';
+
+input.type = 'range';
+shouldBe('input.value', '"50"');
+
+// FIXME: Add more sanitization tests.
+// https://bugs.webkit.org/show_bug.cgi?id=37024
+
+var successfullyParsed = true;
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index 6116394..ad5ed03 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,18 @@
+2010-07-21 Kent Tamura <tkent at chromium.org>
+
+ Reviewed by Darin Adler.
+
+ Assertion failure by changing the type of an input element with a
+ non-number value to 'range'.
+ https://bugs.webkit.org/show_bug.cgi?id=42643
+
+ Test: fast/forms/input-value-sanitization.html
+
+ * html/HTMLInputElement.cpp:
+ (WebCore::HTMLInputElement::setInputType):
+ Update the value by HTMLInputElement::sanitizeValue() in a case that
+ storesValueSeparateFromAttribute() state is not changed.
+
2010-07-21 Adam Barth <abarth at webkit.org>
Reviewed by Eric Seidel.
diff --git a/WebCore/html/HTMLInputElement.cpp b/WebCore/html/HTMLInputElement.cpp
index b7ad118..c9fd560 100644
--- a/WebCore/html/HTMLInputElement.cpp
+++ b/WebCore/html/HTMLInputElement.cpp
@@ -863,8 +863,12 @@ void HTMLInputElement::setInputType(const String& t)
}
if (!didStoreValue && willStoreValue)
m_data.setValue(sanitizeValue(getAttribute(valueAttr)));
- else
- InputElement::updateValueIfNeeded(m_data, this);
+ else {
+ String oldValue = m_data.value();
+ String newValue = sanitizeValue(oldValue);
+ if (newValue != oldValue)
+ setValue(newValue);
+ }
if (wasPasswordField && !isPasswordField)
unregisterForActivationCallbackIfNeeded();
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list