[SCM] WebKit Debian packaging branch, debian/experimental, updated. upstream/1.3.3-10851-g50815da
yael.aharon at nokia.com
yael.aharon at nokia.com
Wed Dec 22 18:18:57 UTC 2010
The following commit has been merged in the debian/experimental branch:
commit a2bd274470cf3b11a587e45a87a2081059dbade4
Author: yael.aharon at nokia.com <yael.aharon at nokia.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Thu Dec 9 19:36:44 2010 +0000
2010-12-09 Yael Aharon <yael.aharon at nokia.com>
Reviewed by Antonio Gomes.
Spatial Navigation: Crash when handling iframe of size 0.
https://bugs.webkit.org/show_bug.cgi?id=50730
* fast/spatial-navigation/snav-hidden-iframe-zero-size-expected.txt: Added.
* fast/spatial-navigation/snav-hidden-iframe-zero-size.html: Added.
2010-12-09 Yael Aharon <yael.aharon at nokia.com>
Reviewed by Antonio Gomes.
Spatial Navigation: Crash when handling iframe of size 0.
https://bugs.webkit.org/show_bug.cgi?id=50730
if we have a frame of size 0, we would get into infinite loop and eventually crash. The reason is
that when the algorithm sees a starting rect of size 0, it assumes that there is no focused node,
thus restarts itself. The solution is to avoid considering iframes with size 0 for the spatial
navigation algorithm.
Test: fast/spatial-navigation/snav-hidden-iframe-zero-size.html
* page/FocusController.cpp:
(WebCore::updateFocusCandidateIfNeeded):
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@73634 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index 8b93780..abb1ef8 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,13 @@
+2010-12-09 Yael Aharon <yael.aharon at nokia.com>
+
+ Reviewed by Antonio Gomes.
+
+ Spatial Navigation: Crash when handling iframe of size 0.
+ https://bugs.webkit.org/show_bug.cgi?id=50730
+
+ * fast/spatial-navigation/snav-hidden-iframe-zero-size-expected.txt: Added.
+ * fast/spatial-navigation/snav-hidden-iframe-zero-size.html: Added.
+
2010-12-09 Sheriff Bot <webkit.review.bot at gmail.com>
Unreviewed, rolling out r73616.
diff --git a/LayoutTests/fast/spatial-navigation/snav-hidden-iframe-zero-size-expected.txt b/LayoutTests/fast/spatial-navigation/snav-hidden-iframe-zero-size-expected.txt
new file mode 100644
index 0000000..f223eda
--- /dev/null
+++ b/LayoutTests/fast/spatial-navigation/snav-hidden-iframe-zero-size-expected.txt
@@ -0,0 +1,9 @@
+This is link_1.
+
+
+This is
+an iframe with size 0.
+This is link_2.
+
+PASS gFocusedDocument.activeElement.getAttribute("id") is "end"
+This test is to test that an iframe with size 0 does not get focus, and neither do its descendants.
diff --git a/LayoutTests/fast/spatial-navigation/snav-hidden-iframe-zero-size.html b/LayoutTests/fast/spatial-navigation/snav-hidden-iframe-zero-size.html
new file mode 100644
index 0000000..60a785d
--- /dev/null
+++ b/LayoutTests/fast/spatial-navigation/snav-hidden-iframe-zero-size.html
@@ -0,0 +1,52 @@
+<html>
+ <head>
+ <script src="../js/resources/js-test-pre.js"></script>
+ <script src="resources/spatial-navigation-utils.js"></script>
+ <script type="application/javascript">
+
+ var resultMap = [
+ ["Down", "end"],
+ ["DONE", "DONE"]
+ ];
+
+ if (window.layoutTestController) {
+ layoutTestController.dumpAsText();
+ layoutTestController.setSpatialNavigationEnabled(true);
+ layoutTestController.overridePreference("WebKitTabToLinksPreferenceKey", 1);
+ layoutTestController.waitUntilDone();
+ }
+
+ function runTest()
+ {
+ // starting the test itself: get to a known place.
+ document.getElementById("start").focus();
+
+ initTest(resultMap, testCompleted);
+ }
+
+ function testCompleted()
+ {
+ if (window.layoutTestController)
+ layoutTestController.notifyDone();
+ }
+
+ window.onload = runTest;
+
+ </script>
+ <script src="js/resources/js-test-post.js"></script>
+ </head>
+
+ <body id="some-content" xmlns="http://www.w3.org/1999/xhtml">
+ <p>This is <a id="start" href="a">link_1</a>.</p>
+ <br>This is <iframe id="1" width=0 height=0 src="data:text/html,
+ <body>
+ <a id='11' href='http://a'>b</a>
+ <a id='12' href='http://a'>c</a>
+ <a id='13' href='http://a'>d</a>
+ </body>
+ "></iframe><br> an iframe with size 0.<br>
+ <p>This is <a id="end" href="a">link_2</a>.</p>
+ <div id="console"></div>
+ <p>This test is to test that an iframe with size 0 does not get focus, and neither do its descendants.
+ </body>
+</html>
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index 1b76675..60c0735 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,20 @@
+2010-12-09 Yael Aharon <yael.aharon at nokia.com>
+
+ Reviewed by Antonio Gomes.
+
+ Spatial Navigation: Crash when handling iframe of size 0.
+ https://bugs.webkit.org/show_bug.cgi?id=50730
+
+ if we have a frame of size 0, we would get into infinite loop and eventually crash. The reason is
+ that when the algorithm sees a starting rect of size 0, it assumes that there is no focused node,
+ thus restarts itself. The solution is to avoid considering iframes with size 0 for the spatial
+ navigation algorithm.
+
+ Test: fast/spatial-navigation/snav-hidden-iframe-zero-size.html
+
+ * page/FocusController.cpp:
+ (WebCore::updateFocusCandidateIfNeeded):
+
2010-12-09 Sheriff Bot <webkit.review.bot at gmail.com>
Unreviewed, rolling out r73616.
diff --git a/WebCore/page/FocusController.cpp b/WebCore/page/FocusController.cpp
index 9cf48cf..c0d2587 100644
--- a/WebCore/page/FocusController.cpp
+++ b/WebCore/page/FocusController.cpp
@@ -420,7 +420,7 @@ void updateFocusCandidateIfNeeded(FocusDirection direction, const IntRect& start
return;
// Ignore iframes that don't have a src attribute
- if (candidate.visibleNode->isFrameOwnerElement() && !static_cast<HTMLFrameOwnerElement*>(candidate.visibleNode)->contentFrame())
+ if (candidate.visibleNode->isFrameOwnerElement() && (!static_cast<HTMLFrameOwnerElement*>(candidate.visibleNode)->contentFrame() || candidate.rect.isEmpty()))
return;
// Ignore off screen child nodes of containers that do not scroll (overflow:hidden)
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list