[SCM] WebKit Debian packaging branch, debian/experimental, updated. upstream/1.3.3-9427-gc2be6fc

abarth at webkit.org abarth at webkit.org
Wed Dec 22 13:12:46 UTC 2010 

The following commit has been merged in the debian/experimental branch:
commit 73953a0825271f0183f5118a02fa5fad64868ae7
Author: abarth at webkit.org <abarth at webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Wed Sep 8 22:46:53 2010 +0000

    2010-09-08  Adam Barth  <abarth at webkit.org>
    
            Reviewed by Eric Seidel.
    
            move-during-parse-parent.html crashes
            https://bugs.webkit.org/show_bug.cgi?id=45210
    
            When inserting elements into the tree, they need to be associated with
            their parent's document, not the document for which the parser is
            running.  These two are different when the parent has been moved to a
            different document during parsing.
    
            Test: fast/parser/move-during-parsing.html
    
            * html/parser/HTMLConstructionSite.cpp:
            (WebCore::HTMLConstructionSite::insertComment):
            (WebCore::HTMLConstructionSite::insertCommentOnHTMLHtmlElement):
            (WebCore::HTMLConstructionSite::insertScriptElement):
            (WebCore::HTMLConstructionSite::insertTextNode):
            (WebCore::HTMLConstructionSite::createElement):
            (WebCore::HTMLConstructionSite::createHTMLElement):
    2010-09-08  Adam Barth  <abarth at webkit.org>
    
            Reviewed by Eric Seidel.
    
            move-during-parse-parent.html crashes
            https://bugs.webkit.org/show_bug.cgi?id=45210
    
            * fast/parser/move-during-parsing-expected.txt: Added.
            * fast/parser/move-during-parsing.html: Added.
            * fast/parser/resources/move-during-parsing-iframe.html: Added.
    
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@67030 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index fbc2857..274173a 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,14 @@
+2010-09-08  Adam Barth  <abarth at webkit.org>
+
+        Reviewed by Eric Seidel.
+
+        move-during-parse-parent.html crashes
+        https://bugs.webkit.org/show_bug.cgi?id=45210
+
+        * fast/parser/move-during-parsing-expected.txt: Added.
+        * fast/parser/move-during-parsing.html: Added.
+        * fast/parser/resources/move-during-parsing-iframe.html: Added.
+
 2010-09-08  Maciej Stachowiak  <mjs at apple.com>
 
         Rubber stamped by John Honeycutt.
diff --git a/LayoutTests/fast/parser/move-during-parsing-expected.txt b/LayoutTests/fast/parser/move-during-parsing-expected.txt
new file mode 100644
index 0000000..a7d97d3
--- /dev/null
+++ b/LayoutTests/fast/parser/move-during-parsing-expected.txt
@@ -0,0 +1,12 @@
+ALERT: parser/resources/move-during-parsing-iframe.html
+
+This text should not show inside the iframe. It should show inside the parent. Furthermore, there should be text saying "Middle of Page" and then "End of Page" below (also in the parent).
+
+Middle of Page
+
+End of Page
+
+--------
+Frame: '<!--framePath //<!--frame0-->-->'
+--------
+
diff --git a/LayoutTests/fast/parser/move-during-parsing.html b/LayoutTests/fast/parser/move-during-parsing.html
new file mode 100644
index 0000000..71d98bd
--- /dev/null
+++ b/LayoutTests/fast/parser/move-during-parsing.html
@@ -0,0 +1,13 @@
+<!DOCTYPE html>
+<html><head>
+<title>Move node during parse</title>
+<script>
+if (window.layoutTestController) {
+    layoutTestController.dumpAsText();
+    layoutTestController.dumpChildFramesAsText();
+}
+</script>
+</head>
+<body>
+<iframe src=resources/move-during-parsing-iframe.html></iframe>
+</body></html>
diff --git a/LayoutTests/fast/parser/resources/move-during-parsing-iframe.html b/LayoutTests/fast/parser/resources/move-during-parsing-iframe.html
new file mode 100644
index 0000000..cbbf984
--- /dev/null
+++ b/LayoutTests/fast/parser/resources/move-during-parsing-iframe.html
@@ -0,0 +1,21 @@
+<!DOCTYPE html>
+<html>
+<head>
+<title>Move node during parse</title>
+</head>
+<body>
+<div>
+<p>This text should not show inside the iframe. It should show inside the parent. Furthermore, there should be text saying "Middle of Page" and then "End of Page" below (also in the parent).</p>
+<script>
+if (parent.document.adoptNode) {
+  parent.document.documentElement.lastChild.appendChild(parent.document.adoptNode(document.getElementsByTagName("div")[0]));
+} else {
+  parent.document.documentElement.lastChild.appendChild(document.getElementsByTagName("div")[0]);
+}
+</script>
+<p>Middle of Page</p>
+<script>alert(window.location.href.match(/parser.*/));</script>
+<p>End of Page</p>
+</div>
+</body>
+</html>
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index 29f2c14..2272e36 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,25 @@
+2010-09-08  Adam Barth  <abarth at webkit.org>
+
+        Reviewed by Eric Seidel.
+
+        move-during-parse-parent.html crashes
+        https://bugs.webkit.org/show_bug.cgi?id=45210
+
+        When inserting elements into the tree, they need to be associated with
+        their parent's document, not the document for which the parser is
+        running.  These two are different when the parent has been moved to a
+        different document during parsing.
+
+        Test: fast/parser/move-during-parsing.html
+
+        * html/parser/HTMLConstructionSite.cpp:
+        (WebCore::HTMLConstructionSite::insertComment):
+        (WebCore::HTMLConstructionSite::insertCommentOnHTMLHtmlElement):
+        (WebCore::HTMLConstructionSite::insertScriptElement):
+        (WebCore::HTMLConstructionSite::insertTextNode):
+        (WebCore::HTMLConstructionSite::createElement):
+        (WebCore::HTMLConstructionSite::createHTMLElement):
+
 2010-09-08  Gabor Loki  <loki at webkit.org>
 
         Reviewed by Andreas Kling.
diff --git a/WebCore/html/parser/HTMLConstructionSite.cpp b/WebCore/html/parser/HTMLConstructionSite.cpp
index 975b1af..0172b3d 100644
--- a/WebCore/html/parser/HTMLConstructionSite.cpp
+++ b/WebCore/html/parser/HTMLConstructionSite.cpp
@@ -213,7 +213,7 @@ void HTMLConstructionSite::insertDoctype(AtomicHTMLToken& token)
 void HTMLConstructionSite::insertComment(AtomicHTMLToken& token)
 {
     ASSERT(token.type() == HTMLToken::Comment);
-    attach(currentElement(), Comment::create(m_document, token.comment()));
+    attach(currentElement(), Comment::create(currentElement()->document(), token.comment()));
 }
 
 void HTMLConstructionSite::insertCommentOnDocument(AtomicHTMLToken& token)
@@ -225,7 +225,8 @@ void HTMLConstructionSite::insertCommentOnDocument(AtomicHTMLToken& token)
 void HTMLConstructionSite::insertCommentOnHTMLHtmlElement(AtomicHTMLToken& token)
 {
     ASSERT(token.type() == HTMLToken::Comment);
-    attach(m_openElements.htmlElement(), Comment::create(m_document, token.comment()));
+    Element* parent = m_openElements.htmlElement();
+    attach(parent, Comment::create(parent->document(), token.comment()));
 }
 
 PassRefPtr<Element> HTMLConstructionSite::attachToCurrent(PassRefPtr<Element> child)
@@ -293,7 +294,7 @@ void HTMLConstructionSite::insertFormattingElement(AtomicHTMLToken& token)
 
 void HTMLConstructionSite::insertScriptElement(AtomicHTMLToken& token)
 {
-    RefPtr<HTMLScriptElement> element = HTMLScriptElement::create(scriptTag, m_document, true);
+    RefPtr<HTMLScriptElement> element = HTMLScriptElement::create(scriptTag, currentElement()->document(), true);
     if (m_fragmentScriptingPermission == FragmentScriptingAllowed)
         element->setAttributeMap(token.takeAtributes(), m_fragmentScriptingPermission);
     m_openElements.push(attachToCurrent(element.release()));
@@ -326,13 +327,13 @@ void HTMLConstructionSite::insertTextNode(const String& characters)
         return;
     }
 
-    attachAtSite(site, Text::create(m_document, characters));
+    attachAtSite(site, Text::create(site.parent->document(), characters));
 }
 
 PassRefPtr<Element> HTMLConstructionSite::createElement(AtomicHTMLToken& token, const AtomicString& namespaceURI)
 {
     QualifiedName tagName(nullAtom, token.name(), namespaceURI);
-    RefPtr<Element> element = m_document->createElement(tagName, true);
+    RefPtr<Element> element = currentElement()->document()->createElement(tagName, true);
     element->setAttributeMap(token.takeAtributes(), m_fragmentScriptingPermission);
     return element.release();
 }
@@ -343,7 +344,7 @@ PassRefPtr<Element> HTMLConstructionSite::createHTMLElement(AtomicHTMLToken& tok
     // FIXME: This can't use HTMLConstructionSite::createElement because we
     // have to pass the current form element.  We should rework form association
     // to occur after construction to allow better code sharing here.
-    RefPtr<Element> element = HTMLElementFactory::createHTMLElement(tagName, m_document, form(), true);
+    RefPtr<Element> element = HTMLElementFactory::createHTMLElement(tagName, currentElement()->document(), form(), true);
     element->setAttributeMap(token.takeAtributes(), m_fragmentScriptingPermission);
     ASSERT(element->isHTMLElement());
     return element.release();

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list