[SCM] WebKit Debian packaging branch, debian/experimental, updated. upstream/1.3.3-9427-gc2be6fc
tonyg at chromium.org
tonyg at chromium.org
Wed Dec 22 14:50:58 UTC 2010
The following commit has been merged in the debian/experimental branch:
commit 8500eb81bfe178fabdfc18f5e366480a434dd022
Author: tonyg at chromium.org <tonyg at chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Fri Oct 22 01:27:27 2010 +0000
2010-10-21 Tony Gentilcore <tonyg at chromium.org>
Reviewed by Adam Barth.
Ignore document.write() when it comes from a network task
https://bugs.webkit.org/show_bug.cgi?id=47560
write()s from deferred scripts are now ignored. This matches the latest
Firefox 4 beta behavior. The defer-write expectations are updated, and
the other tests are now all moot since deferred scrits can't write().
* fast/dom/HTMLScriptElement/defer-double-defer-write-expected.txt: Removed.
* fast/dom/HTMLScriptElement/defer-double-defer-write.html: Removed.
* fast/dom/HTMLScriptElement/defer-double-write-expected.txt: Removed.
* fast/dom/HTMLScriptElement/defer-double-write.html: Removed.
* fast/dom/HTMLScriptElement/defer-write.html: Updated to match FF4.
* fast/dom/HTMLScriptElement/remove-source-expected.txt: Added.
* fast/dom/HTMLScriptElement/remove-source.html: Added. Verifies that writes are still ignored when the src is removed after the script is requested but before it is executed.
* fast/dom/HTMLScriptElement/two-defer-writes-expected.txt: Removed.
* fast/dom/HTMLScriptElement/two-defer-writes.html: Removed.
* fast/dom/HTMLScriptElement/write-after-ignored-write-expected.txt: Added. Verifies that after a write from a network task is ignored, a write which is not from a network task still blows away the document.
* fast/dom/HTMLScriptElement/write-after-ignored-write.html: Added.
2010-10-21 Tony Gentilcore <tonyg at chromium.org>
Reviewed by Adam Barth.
Ignore document.write() when it comes from a network task
https://bugs.webkit.org/show_bug.cgi?id=47560
This implements the update to the spec made by:
http://www.w3.org/Bugs/Public/show_bug.cgi?id=9767
It also matches the latest Firefox 4 beta. The notable change is that
document.write from a deferred script no longer works. This avoids
blowing the patch away.
* dom/Document.cpp:
(WebCore::Document::Document):
(WebCore::Document::write):
* dom/Document.h:
(WebCore::DestructiveWriteCountIncrementer::DestructiveWriteCountIncrementer):
(WebCore::Document::ignoreDestructiveWriteCountIncrementer):
* dom/ScriptElement.cpp:
(WebCore::ScriptElement::insertedIntoDocument):
(WebCore::ScriptElementData::ScriptElementData):
(WebCore::ScriptElementData::evaluateScript):
* dom/ScriptElement.h:
* html/parser/HTMLScriptRunner.cpp:
(WebCore::HTMLScriptRunner::executePendingScriptAndDispatchEvent):
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@70282 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index 897df5f..af7b8f5 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,26 @@
+2010-10-21 Tony Gentilcore <tonyg at chromium.org>
+
+ Reviewed by Adam Barth.
+
+ Ignore document.write() when it comes from a network task
+ https://bugs.webkit.org/show_bug.cgi?id=47560
+
+ write()s from deferred scripts are now ignored. This matches the latest
+ Firefox 4 beta behavior. The defer-write expectations are updated, and
+ the other tests are now all moot since deferred scrits can't write().
+
+ * fast/dom/HTMLScriptElement/defer-double-defer-write-expected.txt: Removed.
+ * fast/dom/HTMLScriptElement/defer-double-defer-write.html: Removed.
+ * fast/dom/HTMLScriptElement/defer-double-write-expected.txt: Removed.
+ * fast/dom/HTMLScriptElement/defer-double-write.html: Removed.
+ * fast/dom/HTMLScriptElement/defer-write.html: Updated to match FF4.
+ * fast/dom/HTMLScriptElement/remove-source-expected.txt: Added.
+ * fast/dom/HTMLScriptElement/remove-source.html: Added. Verifies that writes are still ignored when the src is removed after the script is requested but before it is executed.
+ * fast/dom/HTMLScriptElement/two-defer-writes-expected.txt: Removed.
+ * fast/dom/HTMLScriptElement/two-defer-writes.html: Removed.
+ * fast/dom/HTMLScriptElement/write-after-ignored-write-expected.txt: Added. Verifies that after a write from a network task is ignored, a write which is not from a network task still blows away the document.
+ * fast/dom/HTMLScriptElement/write-after-ignored-write.html: Added.
+
2010-10-21 James Robinson <jamesr at chromium.org>
Update chromium baselines, primarly for underline pixel changes.
diff --git a/LayoutTests/fast/dom/HTMLScriptElement/defer-double-defer-write.html b/LayoutTests/fast/dom/HTMLScriptElement/defer-double-defer-write.html
deleted file mode 100644
index 0412050..0000000
--- a/LayoutTests/fast/dom/HTMLScriptElement/defer-double-defer-write.html
+++ /dev/null
@@ -1,6 +0,0 @@
-<script>
-if (window.layoutTestController)
- layoutTestController.dumpAsText();
-</script>
-FAIL
-<script defer src="data:text/javascript,document.write('FAIL'); document.write('<script defer src=\'data:text/javascript,document.write("PASS");\'></script>'); document.close();"></script>
diff --git a/LayoutTests/fast/dom/HTMLScriptElement/defer-double-write-expected.txt b/LayoutTests/fast/dom/HTMLScriptElement/defer-double-write-expected.txt
deleted file mode 100755
index 8d04f96..0000000
--- a/LayoutTests/fast/dom/HTMLScriptElement/defer-double-write-expected.txt
+++ /dev/null
@@ -1 +0,0 @@
-1 2
diff --git a/LayoutTests/fast/dom/HTMLScriptElement/defer-double-write.html b/LayoutTests/fast/dom/HTMLScriptElement/defer-double-write.html
deleted file mode 100644
index e55e1d3..0000000
--- a/LayoutTests/fast/dom/HTMLScriptElement/defer-double-write.html
+++ /dev/null
@@ -1,6 +0,0 @@
-<script>
-if (window.layoutTestController)
- layoutTestController.dumpAsText();
-</script>
-FAIL
-<script defer src="data:text/javascript,document.writeln(1); document.write('<script src=\'data:text/javascript,document.writeln(2)\'></script>');"></script>
diff --git a/LayoutTests/fast/dom/HTMLScriptElement/defer-write.html b/LayoutTests/fast/dom/HTMLScriptElement/defer-write.html
index 0c0bbff..c29ddac 100644
--- a/LayoutTests/fast/dom/HTMLScriptElement/defer-write.html
+++ b/LayoutTests/fast/dom/HTMLScriptElement/defer-write.html
@@ -2,5 +2,5 @@
if (window.layoutTestController)
layoutTestController.dumpAsText();
</script>
-FAIL
-<script defer src="data:text/javascript,document.write('PASS');"></script>
+PASS
+<script defer src="data:text/javascript,document.write('FAIL');"></script>
diff --git a/LayoutTests/fast/dom/HTMLScriptElement/defer-double-defer-write-expected.txt b/LayoutTests/fast/dom/HTMLScriptElement/remove-source-expected.txt
old mode 100755
new mode 100644
similarity index 100%
rename from LayoutTests/fast/dom/HTMLScriptElement/defer-double-defer-write-expected.txt
rename to LayoutTests/fast/dom/HTMLScriptElement/remove-source-expected.txt
diff --git a/LayoutTests/fast/dom/HTMLScriptElement/remove-source.html b/LayoutTests/fast/dom/HTMLScriptElement/remove-source.html
new file mode 100644
index 0000000..99dacb4
--- /dev/null
+++ b/LayoutTests/fast/dom/HTMLScriptElement/remove-source.html
@@ -0,0 +1,12 @@
+<script>
+if (window.layoutTestController) {
+ layoutTestController.dumpAsText();
+ layoutTestController.waitUntilDone();
+}
+
+var script = document.createElement("script");
+script.src = "data:text/javascript,document.write('FAIL');if (window.layoutTestController) layoutTestController.notifyDone();";
+document.getElementsByTagName("head")[0].appendChild(script);
+script.src = "";
+</script>
+PASS
diff --git a/LayoutTests/fast/dom/HTMLScriptElement/two-defer-writes.html b/LayoutTests/fast/dom/HTMLScriptElement/two-defer-writes.html
deleted file mode 100644
index 4b0d378..0000000
--- a/LayoutTests/fast/dom/HTMLScriptElement/two-defer-writes.html
+++ /dev/null
@@ -1,7 +0,0 @@
-<script>
-if (window.layoutTestController)
- layoutTestController.dumpAsText();
-</script>
-FAIL
-<script defer src="data:text/javascript,document.write('PASS');"></script>
-<script defer src="data:text/javascript,document.write('FAIL');"></script>
diff --git a/LayoutTests/fast/dom/HTMLScriptElement/two-defer-writes-expected.txt b/LayoutTests/fast/dom/HTMLScriptElement/write-after-ignored-write-expected.txt
similarity index 100%
rename from LayoutTests/fast/dom/HTMLScriptElement/two-defer-writes-expected.txt
rename to LayoutTests/fast/dom/HTMLScriptElement/write-after-ignored-write-expected.txt
diff --git a/LayoutTests/fast/dom/HTMLScriptElement/write-after-ignored-write.html b/LayoutTests/fast/dom/HTMLScriptElement/write-after-ignored-write.html
new file mode 100644
index 0000000..6d7bbd5
--- /dev/null
+++ b/LayoutTests/fast/dom/HTMLScriptElement/write-after-ignored-write.html
@@ -0,0 +1,8 @@
+<script>
+if (window.layoutTestController)
+ layoutTestController.dumpAsText();
+</script>
+<body onload="document.write('PASS')">
+FAIL
+<script defer src="data:text/javascript,document.write('FAIL');"></script>
+
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index a0ee039..faf1119 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,31 @@
+2010-10-21 Tony Gentilcore <tonyg at chromium.org>
+
+ Reviewed by Adam Barth.
+
+ Ignore document.write() when it comes from a network task
+ https://bugs.webkit.org/show_bug.cgi?id=47560
+
+ This implements the update to the spec made by:
+ http://www.w3.org/Bugs/Public/show_bug.cgi?id=9767
+
+ It also matches the latest Firefox 4 beta. The notable change is that
+ document.write from a deferred script no longer works. This avoids
+ blowing the patch away.
+
+ * dom/Document.cpp:
+ (WebCore::Document::Document):
+ (WebCore::Document::write):
+ * dom/Document.h:
+ (WebCore::DestructiveWriteCountIncrementer::DestructiveWriteCountIncrementer):
+ (WebCore::Document::ignoreDestructiveWriteCountIncrementer):
+ * dom/ScriptElement.cpp:
+ (WebCore::ScriptElement::insertedIntoDocument):
+ (WebCore::ScriptElementData::ScriptElementData):
+ (WebCore::ScriptElementData::evaluateScript):
+ * dom/ScriptElement.h:
+ * html/parser/HTMLScriptRunner.cpp:
+ (WebCore::HTMLScriptRunner::executePendingScriptAndDispatchEvent):
+
2010-10-21 Ryosuke Niwa <rniwa at webkit.org>
Unreviewed Leopard build fix attempt.
diff --git a/WebCore/GNUmakefile.am b/WebCore/GNUmakefile.am
index 1f25500..26b692d 100644
--- a/WebCore/GNUmakefile.am
+++ b/WebCore/GNUmakefile.am
@@ -1141,6 +1141,7 @@ webcore_sources += \
WebCore/dom/ExceptionCode.cpp \
WebCore/dom/ExceptionCode.h \
WebCore/dom/FragmentScriptingPermission.h \
+ WebCore/dom/IgnoreDestructiveWriteCountIncrementer.h \
WebCore/dom/InputElement.cpp \
WebCore/dom/InputElement.h \
WebCore/dom/HashChangeEvent.h \
diff --git a/WebCore/WebCore.gypi b/WebCore/WebCore.gypi
index a1a96e1..fae817a 100644
--- a/WebCore/WebCore.gypi
+++ b/WebCore/WebCore.gypi
@@ -1212,6 +1212,7 @@
'dom/ExceptionCode.cpp',
'dom/ExceptionCode.h',
'dom/FragmentScriptingPermission.h',
+ 'dom/IgnoreDestructiveWriteCountIncrementer.h',
'dom/InputElement.cpp',
'dom/InputElement.h',
'dom/HashChangeEvent.h',
diff --git a/WebCore/WebCore.vcproj/WebCore.vcproj b/WebCore/WebCore.vcproj/WebCore.vcproj
index fd9421c..0d9c224 100644
--- a/WebCore/WebCore.vcproj/WebCore.vcproj
+++ b/WebCore/WebCore.vcproj/WebCore.vcproj
@@ -42203,6 +42203,10 @@
</FileConfiguration>
</File>
<File
+ RelativePath="..\dom\IgnoreDestructiveWriteCountIncrementer.h"
+ >
+ </File>
+ <File
RelativePath="..\dom\InputElement.h"
>
</File>
diff --git a/WebCore/WebCore.xcodeproj/project.pbxproj b/WebCore/WebCore.xcodeproj/project.pbxproj
index 54d1fe5..098f916 100644
--- a/WebCore/WebCore.xcodeproj/project.pbxproj
+++ b/WebCore/WebCore.xcodeproj/project.pbxproj
@@ -2597,6 +2597,7 @@
8A9A587511E84C81008ACFD1 /* JSPerformance.h in Headers */ = {isa = PBXBuildFile; fileRef = 8A9A587311E84C81008ACFD1 /* JSPerformance.h */; };
8A9A588711E84F37008ACFD1 /* JSTiming.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 8A9A587611E84C98008ACFD1 /* JSTiming.cpp */; };
8A9A588811E84F37008ACFD1 /* JSTiming.h in Headers */ = {isa = PBXBuildFile; fileRef = 8A9A587711E84C98008ACFD1 /* JSTiming.h */; };
+ 8AB4BC77126FDB7100DEB727 /* IgnoreDestructiveWriteCountIncrementer.h in Headers */ = {isa = PBXBuildFile; fileRef = 8AB4BC76126FDB7100DEB727 /* IgnoreDestructiveWriteCountIncrementer.h */; };
8AF4E55511DC5A36000ED3DE /* Navigation.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 8AF4E55211DC5A36000ED3DE /* Navigation.cpp */; };
8AF4E55611DC5A36000ED3DE /* Navigation.h in Headers */ = {isa = PBXBuildFile; fileRef = 8AF4E55311DC5A36000ED3DE /* Navigation.h */; };
8AF4E55B11DC5A63000ED3DE /* Timing.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 8AF4E55811DC5A63000ED3DE /* Timing.cpp */; };
@@ -8660,6 +8661,7 @@
8A9A587311E84C81008ACFD1 /* JSPerformance.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = JSPerformance.h; sourceTree = "<group>"; };
8A9A587611E84C98008ACFD1 /* JSTiming.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = JSTiming.cpp; sourceTree = "<group>"; };
8A9A587711E84C98008ACFD1 /* JSTiming.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = JSTiming.h; sourceTree = "<group>"; };
+ 8AB4BC76126FDB7100DEB727 /* IgnoreDestructiveWriteCountIncrementer.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = IgnoreDestructiveWriteCountIncrementer.h; sourceTree = "<group>"; };
8AF4E55211DC5A36000ED3DE /* Navigation.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = Navigation.cpp; sourceTree = "<group>"; };
8AF4E55311DC5A36000ED3DE /* Navigation.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = Navigation.h; sourceTree = "<group>"; };
8AF4E55411DC5A36000ED3DE /* Navigation.idl */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = Navigation.idl; sourceTree = "<group>"; };
@@ -18098,6 +18100,7 @@
A853123C11D0471B00D4D077 /* FragmentScriptingPermission.h */,
2442BBF81194C9D300D49469 /* HashChangeEvent.h */,
8482B7441198C32E00BFB005 /* HashChangeEvent.idl */,
+ 8AB4BC76126FDB7100DEB727 /* IgnoreDestructiveWriteCountIncrementer.h */,
08700BE60F086C5300919419 /* InputElement.cpp */,
08591AA40F085C4E009BACB1 /* InputElement.h */,
85031B2D0A44EFC700F992E0 /* KeyboardEvent.cpp */,
@@ -21141,6 +21144,7 @@
088A0E0C126EF1DB00978F7A /* SVGPropertyTraits.h in Headers */,
089021A9126EF5DE0092D5EA /* SVGAnimatedLength.h in Headers */,
089021AD126EF5E90092D5EA /* SVGAnimatedLengthList.h in Headers */,
+ 8AB4BC77126FDB7100DEB727 /* IgnoreDestructiveWriteCountIncrementer.h in Headers */,
);
runOnlyForDeploymentPostprocessing = 0;
};
diff --git a/WebCore/dom/Document.cpp b/WebCore/dom/Document.cpp
index e89eb72..0916e69 100644
--- a/WebCore/dom/Document.cpp
+++ b/WebCore/dom/Document.cpp
@@ -364,7 +364,7 @@ Document::Document(Frame* frame, const KURL& url, bool isXHTML, bool isHTML, con
, m_frameElementsShouldIgnoreScrolling(false)
, m_containsValidityStyleRules(false)
, m_updateFocusAppearanceRestoresSelection(false)
- , m_writeDisabled(false)
+ , m_ignoreDestructiveWriteCount(0)
, m_title("")
, m_rawTitle("")
, m_titleSetExplicitly(false)
@@ -2129,10 +2129,8 @@ void Document::write(const SegmentedString& text, Document* ownerDocument)
printf("Beginning a document.write at %d\n", elapsedTime());
#endif
- // If the insertion point is undefined and the Document has the
- // "write-neutralised" flag set, then abort these steps.
bool hasInsertionPoint = m_parser && m_parser->hasInsertionPoint();
- if (!hasInsertionPoint && writeDisabled())
+ if (!hasInsertionPoint && m_ignoreDestructiveWriteCount)
return;
if (!hasInsertionPoint)
diff --git a/WebCore/dom/Document.h b/WebCore/dom/Document.h
index a98901e..221ca2f 100644
--- a/WebCore/dom/Document.h
+++ b/WebCore/dom/Document.h
@@ -1030,9 +1030,6 @@ public:
void webkitDidExitFullScreenForElement(Element*);
#endif
- bool writeDisabled() const { return m_writeDisabled; }
- void setWriteDisabled(bool flag) { m_writeDisabled = flag; }
-
// Used to allow element that loads data without going through a FrameLoader to delay the 'load' event.
void incrementLoadEventDelayCount() { ++m_loadEventDelayCount; }
void decrementLoadEventDelayCount();
@@ -1049,6 +1046,8 @@ protected:
void clearXMLVersion() { m_xmlVersion = String(); }
private:
+ friend class IgnoreDestructiveWriteCountIncrementer;
+
void detachParser();
typedef void (*ArgumentsCallback)(const String& keyString, const String& valueString, Document*, void* data);
@@ -1203,8 +1202,8 @@ private:
bool m_containsValidityStyleRules;
bool m_updateFocusAppearanceRestoresSelection;
- // http://www.whatwg.org/specs/web-apps/current-work/#write-neutralised
- bool m_writeDisabled;
+ // http://www.whatwg.org/specs/web-apps/current-work/#ignore-destructive-writes-counter
+ unsigned m_ignoreDestructiveWriteCount;
String m_title;
String m_rawTitle;
diff --git a/WebCore/dom/IgnoreDestructiveWriteCountIncrementer.h b/WebCore/dom/IgnoreDestructiveWriteCountIncrementer.h
new file mode 100644
index 0000000..9d1835a
--- /dev/null
+++ b/WebCore/dom/IgnoreDestructiveWriteCountIncrementer.h
@@ -0,0 +1,57 @@
+/*
+ * Copyright (C) 2010 Google, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY GOOGLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL GOOGLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef IgnoreDestructiveWriteCountIncrementer_h
+#define IgnoreDestructiveWriteCountIncrementer_h
+
+#include "Document.h"
+#include <wtf/Noncopyable.h>
+
+namespace WebCore {
+
+class IgnoreDestructiveWriteCountIncrementer : public Noncopyable {
+public:
+ explicit IgnoreDestructiveWriteCountIncrementer(Document* document)
+ : m_count(document ? &document->m_ignoreDestructiveWriteCount : 0)
+ {
+ if (!m_count)
+ return;
+ ++(*m_count);
+ }
+
+ ~IgnoreDestructiveWriteCountIncrementer()
+ {
+ if (!m_count)
+ return;
+ --(*m_count);
+ }
+
+private:
+ unsigned* m_count;
+};
+
+}
+
+#endif
diff --git a/WebCore/dom/ScriptElement.cpp b/WebCore/dom/ScriptElement.cpp
index 46c85e3..28c7594 100644
--- a/WebCore/dom/ScriptElement.cpp
+++ b/WebCore/dom/ScriptElement.cpp
@@ -33,6 +33,7 @@
#include "FrameLoader.h"
#include "HTMLNames.h"
#include "HTMLScriptElement.h"
+#include "IgnoreDestructiveWriteCountIncrementer.h"
#include "MIMETypeRegistry.h"
#include "Page.h"
#include "ScriptController.h"
@@ -57,14 +58,6 @@ void ScriptElement::insertedIntoDocument(ScriptElementData& data, const String&
// http://www.whatwg.org/specs/web-apps/current-work/#script
- // If the element's Document has an active parser, and the parser's script
- // nesting level is non-zero, but this script element does not have the
- // "parser-inserted" flag set, the user agent must set the element's
- // "write-neutralised" flag.
- DocumentParser* parser = data.element()->document()->parser();
- if (parser && parser->hasInsertionPoint())
- data.setWriteDisabled(true);
-
if (!sourceUrl.isEmpty()) {
data.requestScript(sourceUrl);
return;
@@ -142,7 +135,6 @@ ScriptElementData::ScriptElementData(ScriptElement* scriptElement, Element* elem
, m_element(element)
, m_cachedScript(0)
, m_createdByParser(false)
- , m_writeDisabled(false)
, m_requested(false)
, m_evaluated(false)
, m_firedLoad(false)
@@ -191,7 +183,9 @@ void ScriptElementData::evaluateScript(const ScriptSourceCode& sourceCode)
if (m_evaluated || sourceCode.isEmpty() || !shouldExecuteAsJavaScript())
return;
- if (Frame* frame = m_element->document()->frame()) {
+ RefPtr<Document> document = m_element->document();
+ ASSERT(document);
+ if (Frame* frame = document->frame()) {
if (!frame->script()->canExecuteScripts(AboutToExecuteScript))
return;
@@ -199,25 +193,12 @@ void ScriptElementData::evaluateScript(const ScriptSourceCode& sourceCode)
// http://www.whatwg.org/specs/web-apps/current-work/#script
- // If the script element's "write-neutralised" flag is set, then flag
- // the Document the script element was in when the "write-neutralised"
- // flag was set as being itself "write-neutralised". Let neutralised doc
- // be that Document.
- if (m_writeDisabled) {
- ASSERT(!m_element->document()->writeDisabled());
- m_element->document()->setWriteDisabled(true);
- }
-
- // Create a script from the script element node, using the script
- // block's source and the script block's type.
- // Note: This is where the script is compiled and actually executed.
- frame->script()->evaluate(sourceCode);
-
- // Remove the "write-neutralised" flag from neutralised doc, if it was
- // set in the earlier step.
- if (m_writeDisabled) {
- ASSERT(m_element->document()->writeDisabled());
- m_element->document()->setWriteDisabled(false);
+ {
+ IgnoreDestructiveWriteCountIncrementer ignoreDesctructiveWriteCountIncrementer(m_requested ? document.get() : 0);
+ // Create a script from the script element node, using the script
+ // block's source and the script block's type.
+ // Note: This is where the script is compiled and actually executed.
+ frame->script()->evaluate(sourceCode);
}
Document::updateStyleForAllDocuments();
diff --git a/WebCore/dom/ScriptElement.h b/WebCore/dom/ScriptElement.h
index 698ffbc..c663e43 100644
--- a/WebCore/dom/ScriptElement.h
+++ b/WebCore/dom/ScriptElement.h
@@ -82,8 +82,6 @@ public:
Element* element() const { return m_element; }
bool createdByParser() const { return m_createdByParser; }
void setCreatedByParser(bool value) { m_createdByParser = value; }
- bool writeDisabled() const { return m_writeDisabled; }
- void setWriteDisabled(bool value) { m_writeDisabled = value; }
bool haveFiredLoadEvent() const { return m_firedLoad; }
void setHaveFiredLoadEvent(bool firedLoad) { m_firedLoad = firedLoad; }
@@ -101,7 +99,6 @@ private:
Element* m_element;
CachedResourceHandle<CachedScript> m_cachedScript;
bool m_createdByParser; // HTML5: "parser-inserted"
- bool m_writeDisabled; // http://www.whatwg.org/specs/web-apps/current-work/#write-neutralised
bool m_requested;
bool m_evaluated; // HTML5: "already started"
bool m_firedLoad;
diff --git a/WebCore/html/parser/HTMLScriptRunner.cpp b/WebCore/html/parser/HTMLScriptRunner.cpp
index 4f54f42..75db644 100644
--- a/WebCore/html/parser/HTMLScriptRunner.cpp
+++ b/WebCore/html/parser/HTMLScriptRunner.cpp
@@ -35,6 +35,7 @@
#include "HTMLScriptRunnerHost.h"
#include "HTMLInputStream.h"
#include "HTMLNames.h"
+#include "IgnoreDestructiveWriteCountIncrementer.h"
#include "NestingLevelIncrementer.h"
#include "NotImplemented.h"
#include "ScriptElement.h"
@@ -135,6 +136,7 @@ void HTMLScriptRunner::executePendingScriptAndDispatchEvent(PendingScript& pendi
RefPtr<Element> scriptElement = pendingScript.releaseElementAndClear();
{
NestingLevelIncrementer nestingLevelIncrementer(m_scriptNestingLevel);
+ IgnoreDestructiveWriteCountIncrementer ignoreDestructiveWriteCountIncrementer(m_document);
if (errorOccurred)
scriptElement->dispatchEvent(createScriptErrorEvent());
else {
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list