[SCM] WebKit Debian packaging branch, debian/experimental, updated. upstream/1.3.3-9427-gc2be6fc
commit-queue at webkit.org
commit-queue at webkit.org
Wed Dec 22 13:20:03 UTC 2010
The following commit has been merged in the debian/experimental branch:
commit a0e4c97076c80ab4a61821842fb96602dfbcbbd6
Author: commit-queue at webkit.org <commit-queue at webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Sat Sep 11 08:59:57 2010 +0000
2010-09-11 Mihai Parparita <mihaip at chromium.org>
Reviewed by Adam Barth.
URIs in styles created via innerHTML are not resolved against the document's base URI
https://bugs.webkit.org/show_bug.cgi?id=45565
Add test to read back the background image URL from an element that was
created via innerHTML (reduction of http://crbug.com/55023).
* fast/innerHTML/innerHTML-uri-resolution-expected.txt: Added.
* fast/innerHTML/innerHTML-uri-resolution.html: Added.
2010-09-11 Mihai Parparita <mihaip at chromium.org>
Reviewed by Adam Barth.
URIs in styles created via innerHTML are not resolved against the document's base URI
https://bugs.webkit.org/show_bug.cgi?id=45565
The dummy document used for fragment parsing created by
FragmentParsingContext should use the base URI of the fragment's
document. Since (HTML)Document doesn't expose a setter for the base URI
(and shouldn't), we allow it to be set by the constructor/create
function.
Also remove some obsolete code that references the legacy tree builder
from HTMLElement that I happened to notice.
Test: fast/innerHTML/innerHTML-uri-resolution.html
* dom/Document.cpp:
(WebCore::Document::Document):
* dom/Document.h:
* html/HTMLDocument.cpp:
(WebCore::HTMLDocument::HTMLDocument):
* html/HTMLDocument.h:
(WebCore::HTMLDocument::create):
* html/HTMLElement.cpp:
(WebCore::createFragmentFromSource):
(WebCore::HTMLElement::setInnerHTML):
* html/parser/HTMLTreeBuilder.cpp:
(WebCore::HTMLTreeBuilder::FragmentParsingContext::FragmentParsingContext):
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@67292 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index af05f43..6e49f58 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,16 @@
+2010-09-11 Mihai Parparita <mihaip at chromium.org>
+
+ Reviewed by Adam Barth.
+
+ URIs in styles created via innerHTML are not resolved against the document's base URI
+ https://bugs.webkit.org/show_bug.cgi?id=45565
+
+ Add test to read back the background image URL from an element that was
+ created via innerHTML (reduction of http://crbug.com/55023).
+
+ * fast/innerHTML/innerHTML-uri-resolution-expected.txt: Added.
+ * fast/innerHTML/innerHTML-uri-resolution.html: Added.
+
2010-09-10 Alexey Proskuryakov <ap at apple.com>
Reviewed by Darin Adler.
diff --git a/LayoutTests/fast/innerHTML/innerHTML-uri-resolution-expected.txt b/LayoutTests/fast/innerHTML/innerHTML-uri-resolution-expected.txt
new file mode 100644
index 0000000..505f436
--- /dev/null
+++ b/LayoutTests/fast/innerHTML/innerHTML-uri-resolution-expected.txt
@@ -0,0 +1,10 @@
+Checks that URIs used in styles that are set via innerHTML are resolved against the current document's base URI.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS cssUriWasResolvedAgainstDocumentUri is true
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
diff --git a/LayoutTests/fast/innerHTML/innerHTML-uri-resolution.html b/LayoutTests/fast/innerHTML/innerHTML-uri-resolution.html
new file mode 100644
index 0000000..e6c5dc1
--- /dev/null
+++ b/LayoutTests/fast/innerHTML/innerHTML-uri-resolution.html
@@ -0,0 +1,28 @@
+<!DOCTYPE html>
+<html>
+<head>
+<link rel="stylesheet" href="../js/resources/js-test-style.css">
+<script src="../js/resources/js-test-pre.js"></script>
+</head>
+<body>
+<p id="description"></p>
+<div id="console"></div>
+<div id="container"></div>
+<script>
+ description('Checks that URIs used in styles that are set via innerHTML are resolved against the current document\'s base URI.');
+
+ document.getElementById('container').innerHTML =
+ '<span id="test-span" style="background-image: url(image.png)"></span>';
+
+ var currentUri = document.location.href;
+ var currentPath = currentUri.substring(0, currentUri.lastIndexOf('/'));
+ var cssUriWasResolvedAgainstDocumentUri = document.getElementById("test-span").style.backgroundImage == 'url(' + currentPath + '/image.png)';
+
+ // Can't log the actual path since it's different depending on where the test is run.
+ shouldBeTrue('cssUriWasResolvedAgainstDocumentUri');
+
+ var successfullyParsed = true;
+</script>
+<script src="../js/resources/js-test-post.js"></script>
+</body>
+</html>
\ No newline at end of file
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index 43a1eb5..f527c5f 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,34 @@
+2010-09-11 Mihai Parparita <mihaip at chromium.org>
+
+ Reviewed by Adam Barth.
+
+ URIs in styles created via innerHTML are not resolved against the document's base URI
+ https://bugs.webkit.org/show_bug.cgi?id=45565
+
+ The dummy document used for fragment parsing created by
+ FragmentParsingContext should use the base URI of the fragment's
+ document. Since (HTML)Document doesn't expose a setter for the base URI
+ (and shouldn't), we allow it to be set by the constructor/create
+ function.
+
+ Also remove some obsolete code that references the legacy tree builder
+ from HTMLElement that I happened to notice.
+
+ Test: fast/innerHTML/innerHTML-uri-resolution.html
+
+ * dom/Document.cpp:
+ (WebCore::Document::Document):
+ * dom/Document.h:
+ * html/HTMLDocument.cpp:
+ (WebCore::HTMLDocument::HTMLDocument):
+ * html/HTMLDocument.h:
+ (WebCore::HTMLDocument::create):
+ * html/HTMLElement.cpp:
+ (WebCore::createFragmentFromSource):
+ (WebCore::HTMLElement::setInnerHTML):
+ * html/parser/HTMLTreeBuilder.cpp:
+ (WebCore::HTMLTreeBuilder::FragmentParsingContext::FragmentParsingContext):
+
2010-09-10 Jesus Sanchez-Palencia <jesus.palencia at openbossa.org>
Reviewed by Darin Adler.
diff --git a/WebCore/dom/Document.cpp b/WebCore/dom/Document.cpp
index 9ba489d..f630c98 100644
--- a/WebCore/dom/Document.cpp
+++ b/WebCore/dom/Document.cpp
@@ -351,7 +351,7 @@ private:
Document* m_document;
};
-Document::Document(Frame* frame, const KURL& url, bool isXHTML, bool isHTML)
+Document::Document(Frame* frame, const KURL& url, bool isXHTML, bool isHTML, const KURL& baseURL)
: ContainerNode(0)
, m_compatibilityMode(NoQuirksMode)
, m_compatibilityModeLocked(false)
@@ -421,6 +421,11 @@ Document::Document(Frame* frame, const KURL& url, bool isXHTML, bool isHTML)
if (frame || !url.isEmpty())
setURL(url);
+ // Setting of m_baseURL needs to happen after the setURL call, since that
+ // calls updateBaseURL, which would clobber the passed in value.
+ if (!baseURL.isNull())
+ m_baseURL = baseURL;
+
m_axObjectCache = 0;
m_markers = new DocumentMarkerController();
diff --git a/WebCore/dom/Document.h b/WebCore/dom/Document.h
index dc7d9e8..1adc4b0 100644
--- a/WebCore/dom/Document.h
+++ b/WebCore/dom/Document.h
@@ -1025,7 +1025,7 @@ public:
bool isDelayingLoadEvent() const { return m_loadEventDelayCount; }
protected:
- Document(Frame*, const KURL&, bool isXHTML, bool isHTML);
+ Document(Frame*, const KURL& url, bool isXHTML, bool isHTML, const KURL& baseURL = KURL());
void clearXMLVersion() { m_xmlVersion = String(); }
diff --git a/WebCore/html/HTMLDocument.cpp b/WebCore/html/HTMLDocument.cpp
index d68a8cc..b5e976d 100644
--- a/WebCore/html/HTMLDocument.cpp
+++ b/WebCore/html/HTMLDocument.cpp
@@ -80,8 +80,8 @@ namespace WebCore {
using namespace HTMLNames;
-HTMLDocument::HTMLDocument(Frame* frame, const KURL& url)
- : Document(frame, url, false, true)
+HTMLDocument::HTMLDocument(Frame* frame, const KURL& url, const KURL& baseURL)
+ : Document(frame, url, false, true, baseURL)
{
clearXMLVersion();
}
diff --git a/WebCore/html/HTMLDocument.h b/WebCore/html/HTMLDocument.h
index 5dbe627..12deee2 100644
--- a/WebCore/html/HTMLDocument.h
+++ b/WebCore/html/HTMLDocument.h
@@ -35,9 +35,9 @@ class HTMLElement;
class HTMLDocument : public Document, public CachedResourceClient {
public:
- static PassRefPtr<HTMLDocument> create(Frame* frame, const KURL& url)
+ static PassRefPtr<HTMLDocument> create(Frame* frame, const KURL& url, const KURL& baseURL = KURL())
{
- return adoptRef(new HTMLDocument(frame, url));
+ return adoptRef(new HTMLDocument(frame, url, baseURL));
}
virtual ~HTMLDocument();
@@ -81,7 +81,7 @@ public:
bool hasExtraNamedItem(AtomicStringImpl* name);
protected:
- HTMLDocument(Frame*, const KURL&);
+ HTMLDocument(Frame* frame, const KURL& url, const KURL& baseURL = KURL());
private:
virtual PassRefPtr<Element> createElement(const AtomicString& tagName, ExceptionCode&);
diff --git a/WebCore/html/HTMLElement.cpp b/WebCore/html/HTMLElement.cpp
index 0862130..28b4b90 100644
--- a/WebCore/html/HTMLElement.cpp
+++ b/WebCore/html/HTMLElement.cpp
@@ -266,11 +266,6 @@ String HTMLElement::outerHTML() const
return createMarkup(this);
}
-static bool useLegacyTreeBuilder(Document*)
-{
- return false;
-}
-
// FIXME: This logic should move into Range::createContextualFragment
PassRefPtr<DocumentFragment> HTMLElement::deprecatedCreateContextualFragment(const String& markup, FragmentScriptingPermission scriptingPermission)
{
@@ -341,13 +336,6 @@ static PassRefPtr<DocumentFragment> createFragmentFromSource(const String& marku
Document* document = contextElement->document();
RefPtr<DocumentFragment> fragment;
- if (useLegacyTreeBuilder(document)) {
- fragment = contextElement->deprecatedCreateContextualFragment(markup);
- if (!fragment)
- ec = NO_MODIFICATION_ALLOWED_ERR;
- return fragment;
- }
-
fragment = DocumentFragment::create(document);
if (document->isHTMLDocument()) {
fragment->parseHTML(markup, contextElement);
@@ -364,14 +352,6 @@ static PassRefPtr<DocumentFragment> createFragmentFromSource(const String& marku
void HTMLElement::setInnerHTML(const String& html, ExceptionCode& ec)
{
- // FIXME: This code can be removed, it's handled by the HTMLDocumentParser correctly.
- if (useLegacyTreeBuilder(document()) && (hasLocalName(scriptTag) || hasLocalName(styleTag))) {
- // Script and CSS source shouldn't be parsed as HTML.
- removeChildren();
- appendChild(document()->createTextNode(html), ec);
- return;
- }
-
RefPtr<DocumentFragment> fragment = createFragmentFromSource(html, this, ec);
if (fragment)
replaceChildrenWithFragment(this, fragment.release(), ec);
diff --git a/WebCore/html/parser/HTMLTreeBuilder.cpp b/WebCore/html/parser/HTMLTreeBuilder.cpp
index 406bb6c..c87d494 100644
--- a/WebCore/html/parser/HTMLTreeBuilder.cpp
+++ b/WebCore/html/parser/HTMLTreeBuilder.cpp
@@ -402,7 +402,7 @@ HTMLTreeBuilder::FragmentParsingContext::FragmentParsingContext()
}
HTMLTreeBuilder::FragmentParsingContext::FragmentParsingContext(DocumentFragment* fragment, Element* contextElement, FragmentScriptingPermission scriptingPermission)
- : m_dummyDocumentForFragmentParsing(HTMLDocument::create(0, KURL()))
+ : m_dummyDocumentForFragmentParsing(HTMLDocument::create(0, KURL(), fragment->document()->baseURI()))
, m_fragment(fragment)
, m_contextElement(contextElement)
, m_scriptingPermission(scriptingPermission)
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list