[SCM] WebKit Debian packaging branch, webkit-1.2, updated. upstream/1.2.2-27-g91dab87

Gustavo Noronha Silva gns at gnome.org
Thu Jul 15 21:13:23 UTC 2010 

The following commit has been merged in the webkit-1.2 branch:
commit b67a0f140a2bd536891418d8ff08374e87c0dc7a
Author: ap at apple.com <ap at apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Wed May 5 18:17:52 2010 +0000

            Reviewed by Adele Peterson.
    
            https://bugs.webkit.org/show_bug.cgi?id=26824
            <rdar://problem/7018610> EventHandler can operate on a wrong frame if focus changes during
            keyboard event dispatch.
    
            EventHandler object is tied to a frame, so it's wrong for it to continue processing a keyboard
            event if focused frame changes between keydown and keypress.
    
            * manual-tests/focus-change-between-key-events.html: Added.
    
            * page/EventHandler.cpp: (WebCore::EventHandler::keyEvent): Bail out early if focused frame
            changes while dispatching keydown. Also made similar changes for Windows to maintain matching
            behavior, even though EventHandler was re-entered anyway due to WM_KEYDOWN and WM_CHAR being
            separate events.
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@58829 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index c475296..dad9259 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,21 @@
+2010-05-05  Alexey Proskuryakov  <ap at apple.com>
+
+        Reviewed by Adele Peterson.
+
+        https://bugs.webkit.org/show_bug.cgi?id=26824
+        <rdar://problem/7018610> EventHandler can operate on a wrong frame if focus changes during
+        keyboard event dispatch.
+
+        EventHandler object is tied to a frame, so it's wrong for it to continue processing a keyboard
+        event if focused frame changes between keydown and keypress.
+
+        * manual-tests/focus-change-between-key-events.html: Added.
+
+        * page/EventHandler.cpp: (WebCore::EventHandler::keyEvent): Bail out early if focused frame
+        changes while dispatching keydown. Also made similar changes for Windows to maintain matching
+        behavior, even though EventHandler was re-entered anyway due to WM_KEYDOWN and WM_CHAR being
+        separate events.
+
 2010-05-03  Abhishek Arya  <inferno at chromium.org>
 
         Reviewed by Adam Barth.
diff --git a/WebCore/manual-tests/focus-change-between-key-events.html b/WebCore/manual-tests/focus-change-between-key-events.html
new file mode 100644
index 0000000..8ceb575
--- /dev/null
+++ b/WebCore/manual-tests/focus-change-between-key-events.html
@@ -0,0 +1,24 @@
+<body onload="document.getElementById('dummy').focus();">
+<iframe src="data:text/html,<body onload='document.getElementsByTagName(&quot;input&quot;)[0].focus()'><input></body>" id=victim name=victim>
+</iframe>
+<script>
+
+var cur_pos = 0;
+
+function maybe_redirect(e) {
+  var evt = window.event ? event : e;
+  var cc = evt.charCode ? evt.charCode : evt.keyCode;
+
+  document.getElementById('victim').focus();
+  frames['victim'].focus();
+
+  document.getElementById('dummy').value += String.fromCharCode(cc).toLowerCase();
+
+  setTimeout('focus();document.getElementById("dummy").focus()',1);
+}
+
+
+</script>
+<p>Type some text. It should only appear in the below input field.</p>
+<input type=text onkeydown="maybe_redirect(event)" id=dummy>
+</body>
diff --git a/WebCore/page/EventHandler.cpp b/WebCore/page/EventHandler.cpp
index 7791695..fcb93cf 100644
--- a/WebCore/page/EventHandler.cpp
+++ b/WebCore/page/EventHandler.cpp
@@ -2151,7 +2151,9 @@ bool EventHandler::keyEvent(const PlatformKeyboardEvent& initialKeyEvent)
 
     if (initialKeyEvent.type() == PlatformKeyboardEvent::RawKeyDown) {
         node->dispatchEvent(keydown, ec);
-        return keydown->defaultHandled() || keydown->defaultPrevented();
+        // If frame changed as a result of keydown dispatch, then return true to avoid sending a subsequent keypress message to the new frame.
+        bool changedFocusedFrame = m_frame->page() && m_frame != m_frame->page()->focusController()->focusedOrMainFrame();
+        return keydown->defaultHandled() || keydown->defaultPrevented() || changedFocusedFrame;
     }
 
     // Run input method in advance of DOM event handling.  This may result in the IM
@@ -2171,7 +2173,9 @@ bool EventHandler::keyEvent(const PlatformKeyboardEvent& initialKeyEvent)
     }
 
     node->dispatchEvent(keydown, ec);
-    bool keydownResult = keydown->defaultHandled() || keydown->defaultPrevented();
+    // If frame changed as a result of keydown dispatch, then return early to avoid sending a subsequent keypress message to the new frame.
+    bool changedFocusedFrame = m_frame->page() && m_frame != m_frame->page()->focusController()->focusedOrMainFrame();
+    bool keydownResult = keydown->defaultHandled() || keydown->defaultPrevented() || changedFocusedFrame;
     if (handledByInputMethod || (keydownResult && !backwardCompatibilityMode))
         return keydownResult;
     

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list