[SCM] WebKit Debian packaging branch, debian/unstable, updated. debian/1.2.2-1-31-g831fcca
Gustavo Noronha Silva
kov at debian.org
Thu Jul 15 22:05:19 UTC 2010
The following commit has been merged in the debian/unstable branch:
commit 0c5d6a56e27b8f92813fbe8419ba86c29ba9a5bc
Author: Gustavo Noronha Silva <kov at debian.org>
Date: Thu Jul 15 18:18:52 2010 -0300
Dropping Debian changes that are included in the next release
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index f26e483..6e4f1f6 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,17 +1,3 @@
-2010-07-09 Gustavo Noronha Silva <gns at gnome.org>
-
- Reviewed by NOBODY (OOPS!).
-
- [GTK] Crashes when going back with page cache in unknown circunstances
- https://bugs.webkit.org/show_bug.cgi?id=41710
-
- Could not yet find a way to reproduce this in a layout test. The
- issue is document being NULL, so this NULL-check should be enough
- to get rid of the crash.
-
- * page/EventHandler.cpp:
- (WebCore::EventHandler::sendScrollEvent):
-
2010-07-07 Gustavo Noronha Silva <gustavo.noronha at collabora.co.uk>
Reviewed by Xan Lopez.
diff --git a/WebCore/bindings/js/JSAttrCustom.cpp b/WebCore/bindings/js/JSAttrCustom.cpp
index 4cd40ac..3c01535 100644
--- a/WebCore/bindings/js/JSAttrCustom.cpp
+++ b/WebCore/bindings/js/JSAttrCustom.cpp
@@ -33,7 +33,6 @@
#include "Document.h"
#include "HTMLFrameElementBase.h"
#include "HTMLNames.h"
-#include "JSDOMBinding.h"
using namespace JSC;
@@ -47,8 +46,13 @@ void JSAttr::setValue(ExecState* exec, JSValue value)
String attrValue = valueToStringWithNullCheck(exec, value);
Element* ownerElement = imp->ownerElement();
- if (ownerElement && !allowSettingSrcToJavascriptURL(exec, ownerElement, imp->name(), attrValue))
- return;
+ if (ownerElement && (ownerElement->hasTagName(iframeTag) || ownerElement->hasTagName(frameTag))) {
+ if (equalIgnoringCase(imp->name(), "src") && protocolIsJavaScript(deprecatedParseURL(attrValue))) {
+ Document* contentDocument = static_cast<HTMLFrameElementBase*>(ownerElement)->contentDocument();
+ if (contentDocument && !checkNodeSecurity(exec, contentDocument))
+ return;
+ }
+ }
ExceptionCode ec = 0;
imp->setValue(attrValue, ec);
diff --git a/WebCore/bindings/js/JSDOMBinding.cpp b/WebCore/bindings/js/JSDOMBinding.cpp
index 393c1ee..f294dad 100644
--- a/WebCore/bindings/js/JSDOMBinding.cpp
+++ b/WebCore/bindings/js/JSDOMBinding.cpp
@@ -24,7 +24,6 @@
#include "debugger/DebuggerCallFrame.h"
#include "ActiveDOMObject.h"
-#include "CSSHelper.h"
#include "DOMCoreException.h"
#include "DOMObjectHashTableMap.h"
#include "Document.h"
@@ -34,7 +33,6 @@
#include "Frame.h"
#include "HTMLAudioElement.h"
#include "HTMLCanvasElement.h"
-#include "HTMLFrameElementBase.h"
#include "HTMLImageElement.h"
#include "HTMLNames.h"
#include "HTMLScriptElement.h"
@@ -632,16 +630,6 @@ bool shouldAllowNavigation(ExecState* exec, Frame* frame)
return lexicalFrame && lexicalFrame->loader()->shouldAllowNavigation(frame);
}
-bool allowSettingSrcToJavascriptURL(ExecState* exec, Element* element, const String& name, const String& value)
-{
- if ((element->hasTagName(iframeTag) || element->hasTagName(frameTag)) && equalIgnoringCase(name, "src") && protocolIsJavaScript(deprecatedParseURL(value))) {
- Document* contentDocument = static_cast<HTMLFrameElementBase*>(element)->contentDocument();
- if (contentDocument && !checkNodeSecurity(exec, contentDocument))
- return false;
- }
- return true;
-}
-
void printErrorMessageForFrame(Frame* frame, const String& message)
{
if (!frame)
diff --git a/WebCore/bindings/js/JSDOMBinding.h b/WebCore/bindings/js/JSDOMBinding.h
index 40f7e40..219472b 100644
--- a/WebCore/bindings/js/JSDOMBinding.h
+++ b/WebCore/bindings/js/JSDOMBinding.h
@@ -301,8 +301,6 @@ namespace WebCore {
bool allowsAccessFromFrame(JSC::ExecState*, Frame*);
bool allowsAccessFromFrame(JSC::ExecState*, Frame*, String& message);
bool shouldAllowNavigation(JSC::ExecState*, Frame*);
- bool allowSettingSrcToJavascriptURL(JSC::ExecState*, Element*, const String&, const String&);
-
void printErrorMessageForFrame(Frame*, const String& message);
JSC::JSValue objectToStringFunctionGetter(JSC::ExecState*, JSC::JSValue, const JSC::Identifier& propertyName);
diff --git a/WebCore/bindings/js/JSElementCustom.cpp b/WebCore/bindings/js/JSElementCustom.cpp
index 94012fd..c725290 100644
--- a/WebCore/bindings/js/JSElementCustom.cpp
+++ b/WebCore/bindings/js/JSElementCustom.cpp
@@ -36,7 +36,6 @@
#include "HTMLFrameElementBase.h"
#include "HTMLNames.h"
#include "JSAttr.h"
-#include "JSDOMBinding.h"
#include "JSHTMLElementWrapperFactory.h"
#include "JSNodeList.h"
#include "NodeList.h"
@@ -64,6 +63,16 @@ void JSElement::markChildren(MarkStack& markStack)
markDOMObjectWrapper(markStack, globalData, static_cast<StyledElement*>(element)->inlineStyleDecl());
}
+static inline bool allowSettingSrcToJavascriptURL(ExecState* exec, Element* element, const String& name, const String& value)
+{
+ if ((element->hasTagName(iframeTag) || element->hasTagName(frameTag)) && equalIgnoringCase(name, "src") && protocolIsJavaScript(deprecatedParseURL(value))) {
+ Document* contentDocument = static_cast<HTMLFrameElementBase*>(element)->contentDocument();
+ if (contentDocument && !checkNodeSecurity(exec, contentDocument))
+ return false;
+ }
+ return true;
+}
+
JSValue JSElement::setAttribute(ExecState* exec, const ArgList& args)
{
ExceptionCode ec = 0;
diff --git a/WebCore/bindings/js/JSNamedNodeMapCustom.cpp b/WebCore/bindings/js/JSNamedNodeMapCustom.cpp
index 965498a..13f3628 100644
--- a/WebCore/bindings/js/JSNamedNodeMapCustom.cpp
+++ b/WebCore/bindings/js/JSNamedNodeMapCustom.cpp
@@ -35,38 +35,6 @@ using namespace JSC;
namespace WebCore {
-JSValue JSNamedNodeMap::setNamedItem(ExecState* exec, const ArgList& args)
-{
- NamedNodeMap* imp = static_cast<NamedNodeMap*>(impl());
- ExceptionCode ec = 0;
- Node* newNode = toNode(args.at(0));
-
- if (newNode && newNode->nodeType() == Node::ATTRIBUTE_NODE && imp->element()) {
- if (!allowSettingSrcToJavascriptURL(exec, imp->element(), newNode->nodeName(), newNode->nodeValue()))
- return jsNull();
- }
-
- JSValue result = toJS(exec, globalObject(), WTF::getPtr(imp->setNamedItem(newNode, ec)));
- setDOMException(exec, ec);
- return result;
-}
-
-JSValue JSNamedNodeMap::setNamedItemNS(ExecState* exec, const ArgList& args)
-{
- NamedNodeMap* imp = static_cast<NamedNodeMap*>(impl());
- ExceptionCode ec = 0;
- Node* newNode = toNode(args.at(0));
-
- if (newNode && newNode->nodeType() == Node::ATTRIBUTE_NODE && imp->element()) {
- if (!allowSettingSrcToJavascriptURL(exec, imp->element(), newNode->nodeName(), newNode->nodeValue()))
- return jsNull();
- }
-
- JSValue result = toJS(exec, globalObject(), WTF::getPtr(imp->setNamedItemNS(newNode, ec)));
- setDOMException(exec, ec);
- return result;
-}
-
bool JSNamedNodeMap::canGetItemsForName(ExecState*, NamedNodeMap* impl, const Identifier& propertyName)
{
return impl->getNamedItem(propertyName);
diff --git a/WebCore/bindings/js/JSNodeCustom.cpp b/WebCore/bindings/js/JSNodeCustom.cpp
index 06022a2..39bdf0c 100644
--- a/WebCore/bindings/js/JSNodeCustom.cpp
+++ b/WebCore/bindings/js/JSNodeCustom.cpp
@@ -38,7 +38,6 @@
#include "JSAttr.h"
#include "JSCDATASection.h"
#include "JSComment.h"
-#include "JSDOMBinding.h"
#include "JSDocument.h"
#include "JSDocumentFragment.h"
#include "JSDocumentType.h"
@@ -67,53 +66,12 @@ using namespace JSC;
namespace WebCore {
-static inline bool isAttrFrameSrc(Element *element, const String& name)
-{
- return element && (element->hasTagName(HTMLNames::iframeTag) || element->hasTagName(HTMLNames::frameTag)) && equalIgnoringCase(name, "src");
-}
-
-void JSNode::setNodeValue(JSC::ExecState* exec, JSC::JSValue value)
-{
- Node* imp = static_cast<Node*>(impl());
- String nodeValue = valueToStringWithNullCheck(exec, value);
-
- if (imp->nodeType() == Node::ATTRIBUTE_NODE) {
- Element* ownerElement = static_cast<Attr*>(impl())->ownerElement();
- if (ownerElement && !allowSettingSrcToJavascriptURL(exec, ownerElement, imp->nodeName(), nodeValue))
- return;
- }
-
- ExceptionCode ec = 0;
- imp->setNodeValue(nodeValue, ec);
- setDOMException(exec, ec);
-}
-
-void JSNode::setTextContent(JSC::ExecState* exec, JSC::JSValue value)
-{
- Node* imp = static_cast<Node*>(impl());
- String nodeValue = valueToStringWithNullCheck(exec, value);
-
- if (imp->nodeType() == Node::ATTRIBUTE_NODE) {
- Element* ownerElement = static_cast<Attr*>(impl())->ownerElement();
- if (ownerElement && !allowSettingSrcToJavascriptURL(exec, ownerElement, imp->nodeName(), nodeValue))
- return;
- }
-
- ExceptionCode ec = 0;
- imp->setTextContent(nodeValue, ec);
- setDOMException(exec, ec);
-}
+typedef int ExpectionCode;
JSValue JSNode::insertBefore(ExecState* exec, const ArgList& args)
{
- Node* imp = static_cast<Node*>(impl());
- if (imp->nodeType() == Node::ATTRIBUTE_NODE && isAttrFrameSrc(static_cast<Attr*>(impl())->ownerElement(), imp->nodeName())) {
- setDOMException(exec, NOT_SUPPORTED_ERR);
- return jsNull();
- }
-
ExceptionCode ec = 0;
- bool ok = imp->insertBefore(toNode(args.at(0)), toNode(args.at(1)), ec, true);
+ bool ok = impl()->insertBefore(toNode(args.at(0)), toNode(args.at(1)), ec, true);
setDOMException(exec, ec);
if (ok)
return args.at(0);
@@ -122,14 +80,8 @@ JSValue JSNode::insertBefore(ExecState* exec, const ArgList& args)
JSValue JSNode::replaceChild(ExecState* exec, const ArgList& args)
{
- Node* imp = static_cast<Node*>(impl());
- if (imp->nodeType() == Node::ATTRIBUTE_NODE && isAttrFrameSrc(static_cast<Attr*>(impl())->ownerElement(), imp->nodeName())) {
- setDOMException(exec, NOT_SUPPORTED_ERR);
- return jsNull();
- }
-
ExceptionCode ec = 0;
- bool ok = imp->replaceChild(toNode(args.at(0)), toNode(args.at(1)), ec, true);
+ bool ok = impl()->replaceChild(toNode(args.at(0)), toNode(args.at(1)), ec, true);
setDOMException(exec, ec);
if (ok)
return args.at(1);
@@ -138,14 +90,8 @@ JSValue JSNode::replaceChild(ExecState* exec, const ArgList& args)
JSValue JSNode::removeChild(ExecState* exec, const ArgList& args)
{
- Node* imp = static_cast<Node*>(impl());
- if (imp->nodeType() == Node::ATTRIBUTE_NODE && isAttrFrameSrc(static_cast<Attr*>(impl())->ownerElement(), imp->nodeName())) {
- setDOMException(exec, NOT_SUPPORTED_ERR);
- return jsNull();
- }
-
ExceptionCode ec = 0;
- bool ok = imp->removeChild(toNode(args.at(0)), ec);
+ bool ok = impl()->removeChild(toNode(args.at(0)), ec);
setDOMException(exec, ec);
if (ok)
return args.at(0);
@@ -154,14 +100,8 @@ JSValue JSNode::removeChild(ExecState* exec, const ArgList& args)
JSValue JSNode::appendChild(ExecState* exec, const ArgList& args)
{
- Node* imp = static_cast<Node*>(impl());
- if (imp->nodeType() == Node::ATTRIBUTE_NODE && isAttrFrameSrc(static_cast<Attr*>(impl())->ownerElement(), imp->nodeName())) {
- setDOMException(exec, NOT_SUPPORTED_ERR);
- return jsNull();
- }
-
ExceptionCode ec = 0;
- bool ok = imp->appendChild(toNode(args.at(0)), ec, true);
+ bool ok = impl()->appendChild(toNode(args.at(0)), ec, true);
setDOMException(exec, ec);
if (ok)
return args.at(0);
diff --git a/WebCore/css/CSSHelper.cpp b/WebCore/css/CSSHelper.cpp
index c3418b4..8e6f3a0 100644
--- a/WebCore/css/CSSHelper.cpp
+++ b/WebCore/css/CSSHelper.cpp
@@ -36,7 +36,7 @@ String deprecatedParseURL(const String& url)
int o = 0;
int l = i->length();
- while (0 < l && (*i)[o] <= ' ') {
+ while (o < l && (*i)[o] <= ' ') {
++o;
--l;
}
@@ -53,7 +53,7 @@ String deprecatedParseURL(const String& url)
l -= 5;
}
- while (0 < l && (*i)[o] <= ' ') {
+ while (o < l && (*i)[o] <= ' ') {
++o;
--l;
}
@@ -65,7 +65,7 @@ String deprecatedParseURL(const String& url)
l -= 2;
}
- while (0 < l && (*i)[o] <= ' ') {
+ while (o < l && (*i)[o] <= ' ') {
++o;
--l;
}
diff --git a/WebCore/dom/Attr.idl b/WebCore/dom/Attr.idl
index 3c73bc0..af84478 100644
--- a/WebCore/dom/Attr.idl
+++ b/WebCore/dom/Attr.idl
@@ -28,9 +28,7 @@ module core {
// DOM Level 1
readonly attribute [ConvertNullStringTo=Null] DOMString name;
-
readonly attribute boolean specified;
-
attribute [ConvertNullStringTo=Null, ConvertNullToNullString, CustomSetter] DOMString value
setter raises(DOMException);
diff --git a/WebCore/dom/ContainerNode.cpp b/WebCore/dom/ContainerNode.cpp
index c17489a..fb2852f 100644
--- a/WebCore/dom/ContainerNode.cpp
+++ b/WebCore/dom/ContainerNode.cpp
@@ -292,32 +292,19 @@ void ContainerNode::willRemove()
Node::willRemove();
}
-static void willRemoveChild(Node* child)
+static ExceptionCode willRemoveChild(Node *child)
{
- // update auxiliary doc info (e.g. iterators) to note that node is being removed
- child->document()->nodeWillBeRemoved(child);
- child->document()->incDOMTreeVersion();
+ ExceptionCode ec = 0;
// fire removed from document mutation events.
dispatchChildRemovalEvents(child);
+ if (ec)
+ return ec;
if (child->attached())
child->willRemove();
-}
-
-static void willRemoveChildren(ContainerNode* container)
-{
- container->document()->nodeChildrenWillBeRemoved(container);
- container->document()->incDOMTreeVersion();
-
- // FIXME: Adding new children from event handlers can cause an infinite loop here.
- for (RefPtr<Node> child = container->firstChild(); child; child = child->nextSibling()) {
- // fire removed from document mutation events.
- dispatchChildRemovalEvents(child.get());
-
- if (child->attached())
- child->willRemove();
- }
+
+ return 0;
}
bool ContainerNode::removeChild(Node* oldChild, ExceptionCode& ec)
@@ -341,7 +328,10 @@ bool ContainerNode::removeChild(Node* oldChild, ExceptionCode& ec)
}
RefPtr<Node> child = oldChild;
- willRemoveChild(child.get());
+
+ ec = willRemoveChild(child.get());
+ if (ec)
+ return false;
// Mutation events might have moved this child into a different parent.
if (child->parentNode() != this) {
@@ -409,12 +399,14 @@ bool ContainerNode::removeChildren()
return false;
// The container node can be removed from event handlers.
- RefPtr<ContainerNode> protect(this);
-
+ RefPtr<Node> protect(this);
+
// Do any prep work needed before actually starting to detach
// and remove... e.g. stop loading frames, fire unload events.
- willRemoveChildren(protect.get());
-
+ // FIXME: Adding new children from event handlers can cause an infinite loop here.
+ for (RefPtr<Node> n = m_firstChild; n; n = n->nextSibling())
+ willRemoveChild(n.get());
+
// exclude this node when looking for removed focusedNode since only children will be removed
document()->removeFocusedNodeOfSubtree(this, true);
@@ -944,8 +936,6 @@ static void dispatchChildInsertionEvents(Node* child)
static void dispatchChildRemovalEvents(Node* child)
{
- ASSERT(!eventDispatchForbidden());
-
#if ENABLE(INSPECTOR)
if (Page* page = child->document()->page()) {
if (InspectorController* inspectorController = page->inspectorController())
@@ -956,6 +946,11 @@ static void dispatchChildRemovalEvents(Node* child)
RefPtr<Node> c = child;
RefPtr<Document> document = child->document();
+ // update auxiliary doc info (e.g. iterators) to note that node is being removed
+ document->nodeWillBeRemoved(child);
+
+ document->incDOMTreeVersion();
+
// dispatch pre-removal mutation events
if (c->parentNode() && document->hasListenerType(Document::DOMNODEREMOVED_LISTENER))
c->dispatchEvent(MutationEvent::create(eventNames().DOMNodeRemovedEvent, true, c->parentNode()));
diff --git a/WebCore/dom/Document.cpp b/WebCore/dom/Document.cpp
index 060ef37..59fefa3 100644
--- a/WebCore/dom/Document.cpp
+++ b/WebCore/dom/Document.cpp
@@ -2879,28 +2879,6 @@ void Document::nodeChildrenChanged(ContainerNode* container)
}
}
-void Document::nodeChildrenWillBeRemoved(ContainerNode* container)
-{
- if (!disableRangeMutation(page())) {
- HashSet<Range*>::const_iterator end = m_ranges.end();
- for (HashSet<Range*>::const_iterator it = m_ranges.begin(); it != end; ++it)
- (*it)->nodeChildrenWillBeRemoved(container);
- }
-
- HashSet<NodeIterator*>::const_iterator nodeIteratorsEnd = m_nodeIterators.end();
- for (HashSet<NodeIterator*>::const_iterator it = m_nodeIterators.begin(); it != nodeIteratorsEnd; ++it) {
- for (Node* n = container->firstChild(); n; n = n->nextSibling())
- (*it)->nodeWillBeRemoved(n);
- }
-
- if (Frame* frame = this->frame()) {
- for (Node* n = container->firstChild(); n; n = n->nextSibling()) {
- frame->selection()->nodeWillBeRemoved(n);
- frame->dragCaretController()->nodeWillBeRemoved(n);
- }
- }
-}
-
void Document::nodeWillBeRemoved(Node* n)
{
HashSet<NodeIterator*>::const_iterator nodeIteratorsEnd = m_nodeIterators.end();
diff --git a/WebCore/dom/Document.h b/WebCore/dom/Document.h
index 1f4e22c..df87ebd 100644
--- a/WebCore/dom/Document.h
+++ b/WebCore/dom/Document.h
@@ -611,9 +611,6 @@ public:
void detachRange(Range*);
void nodeChildrenChanged(ContainerNode*);
- // nodeChildrenWillBeRemoved is used when removing all node children at once.
- void nodeChildrenWillBeRemoved(ContainerNode*);
- // nodeWillBeRemoved is only safe when removing one node at a time.
void nodeWillBeRemoved(Node*);
void textInserted(Node*, unsigned offset, unsigned length);
diff --git a/WebCore/dom/Element.cpp b/WebCore/dom/Element.cpp
index 90fc535..2c42187 100644
--- a/WebCore/dom/Element.cpp
+++ b/WebCore/dom/Element.cpp
@@ -938,7 +938,7 @@ void Element::recalcStyle(StyleChange change)
newStyle->setChildrenAffectedByDirectAdjacentRules();
}
- if (ch != NoChange || pseudoStyleCacheIsInvalid(currentStyle.get(), newStyle.get()) || change == Force && renderer() && renderer()->requiresForcedStyleRecalcPropagation()) {
+ if (ch != NoChange || pseudoStyleCacheIsInvalid(currentStyle.get(), newStyle.get())) {
setRenderStyle(newStyle);
} else if (needsStyleRecalc() && (styleChangeType() != SyntheticStyleChange) && (document()->usesSiblingRules() || document()->usesDescendantRules())) {
// Although no change occurred, we use the new style so that the cousin style sharing code won't get
@@ -1430,15 +1430,9 @@ void Element::normalizeAttributes()
NamedNodeMap* attrs = attributes(true);
if (!attrs)
return;
-
- if (attrs->isEmpty())
- return;
-
- Vector<RefPtr<Attribute> > attributeVector;
- attrs->copyAttributesToVector(attributeVector);
- size_t numAttrs = attributeVector.size();
- for (size_t i = 0; i < numAttrs; ++i) {
- if (Attr* attr = attributeVector[i]->attr())
+ unsigned numAttrs = attrs->length();
+ for (unsigned i = 0; i < numAttrs; i++) {
+ if (Attr* attr = attrs->attributeItem(i)->attr())
attr->normalize();
}
}
diff --git a/WebCore/dom/NamedAttrMap.cpp b/WebCore/dom/NamedAttrMap.cpp
index ee979cf..d8a6ba8 100644
--- a/WebCore/dom/NamedAttrMap.cpp
+++ b/WebCore/dom/NamedAttrMap.cpp
@@ -172,11 +172,6 @@ PassRefPtr<Node> NamedNodeMap::item(unsigned index) const
return m_attributes[index]->createAttrIfNeeded(m_element);
}
-void NamedNodeMap::copyAttributesToVector(Vector<RefPtr<Attribute> >& copy)
-{
- copy = m_attributes;
-}
-
Attribute* NamedNodeMap::getAttributeItemSlowCase(const String& name, bool shouldIgnoreAttributeCase) const
{
unsigned len = length();
diff --git a/WebCore/dom/NamedAttrMap.h b/WebCore/dom/NamedAttrMap.h
index e292576..d5136b5 100644
--- a/WebCore/dom/NamedAttrMap.h
+++ b/WebCore/dom/NamedAttrMap.h
@@ -72,8 +72,6 @@ public:
Attribute* attributeItem(unsigned index) const { return m_attributes[index].get(); }
Attribute* getAttributeItem(const QualifiedName&) const;
- void copyAttributesToVector(Vector<RefPtr<Attribute> >&);
-
void shrinkToLength() { m_attributes.shrinkCapacity(length()); }
void reserveInitialCapacity(unsigned capacity) { m_attributes.reserveInitialCapacity(capacity); }
diff --git a/WebCore/dom/NamedNodeMap.idl b/WebCore/dom/NamedNodeMap.idl
index 7bfbf23..4d36577 100644
--- a/WebCore/dom/NamedNodeMap.idl
+++ b/WebCore/dom/NamedNodeMap.idl
@@ -28,7 +28,7 @@ module core {
Node getNamedItem(in DOMString name);
- [Custom] Node setNamedItem(in Node node)
+ Node setNamedItem(in Node node)
raises(DOMException);
Node removeNamedItem(in DOMString name)
@@ -46,7 +46,7 @@ module core {
// FIXME: the implementation does take an exceptioncode parameter.
/*raises(DOMException)*/;
- [Custom] Node setNamedItemNS(in Node node)
+ Node setNamedItemNS(in Node node)
raises(DOMException);
[OldStyleObjC] Node removeNamedItemNS(in [ConvertNullToNullString] DOMString namespaceURI,
diff --git a/WebCore/dom/Node.idl b/WebCore/dom/Node.idl
index 22d9a85..0489316 100644
--- a/WebCore/dom/Node.idl
+++ b/WebCore/dom/Node.idl
@@ -51,7 +51,7 @@ module core {
readonly attribute [ConvertNullStringTo=Null] DOMString nodeName;
// FIXME: the spec says this can also raise on retrieval.
- attribute [CustomSetter, ConvertNullStringTo=Null, ConvertNullToNullString] DOMString nodeValue
+ attribute [ConvertNullStringTo=Null, ConvertNullToNullString] DOMString nodeValue
setter raises(DOMException);
readonly attribute unsigned short nodeType;
@@ -96,7 +96,7 @@ module core {
readonly attribute [ConvertNullStringTo=Null] DOMString baseURI;
// FIXME: the spec says this can also raise on retrieval.
- attribute [CustomSetter, ConvertNullStringTo=Null, ConvertNullToNullString] DOMString textContent
+ attribute [ConvertNullStringTo=Null, ConvertNullToNullString] DOMString textContent
setter raises(DOMException);
boolean isSameNode(in Node other);
diff --git a/WebCore/dom/Range.cpp b/WebCore/dom/Range.cpp
index 689b590..52d1785 100644
--- a/WebCore/dom/Range.cpp
+++ b/WebCore/dom/Range.cpp
@@ -1716,31 +1716,6 @@ void Range::nodeChildrenChanged(ContainerNode* container)
boundaryNodeChildrenChanged(m_end, container);
}
-static inline void boundaryNodeChildrenWillBeRemoved(RangeBoundaryPoint& boundary, ContainerNode* container)
-{
- for (Node* nodeToBeRemoved = container->firstChild(); nodeToBeRemoved; nodeToBeRemoved = nodeToBeRemoved->nextSibling()) {
- if (boundary.childBefore() == nodeToBeRemoved) {
- boundary.setToStartOfNode(container);
- return;
- }
-
- for (Node* n = boundary.container(); n; n = n->parentNode()) {
- if (n == nodeToBeRemoved) {
- boundary.setToStartOfNode(container);
- return;
- }
- }
- }
-}
-
-void Range::nodeChildrenWillBeRemoved(ContainerNode* container)
-{
- ASSERT(container);
- ASSERT(container->document() == m_ownerDocument);
- boundaryNodeChildrenWillBeRemoved(m_start, container);
- boundaryNodeChildrenWillBeRemoved(m_end, container);
-}
-
static inline void boundaryNodeWillBeRemoved(RangeBoundaryPoint& boundary, Node* nodeToBeRemoved)
{
if (boundary.childBefore() == nodeToBeRemoved) {
diff --git a/WebCore/dom/Range.h b/WebCore/dom/Range.h
index bfddd32..fd0f66a 100644
--- a/WebCore/dom/Range.h
+++ b/WebCore/dom/Range.h
@@ -111,7 +111,6 @@ public:
void textQuads(Vector<FloatQuad>&, bool useSelectionHeight = false);
void nodeChildrenChanged(ContainerNode*);
- void nodeChildrenWillBeRemoved(ContainerNode*);
void nodeWillBeRemoved(Node*);
void textInserted(Node*, unsigned offset, unsigned length);
diff --git a/WebCore/dom/make_names.pl b/WebCore/dom/make_names.pl
index 67cf340..2d92a05 100755
--- a/WebCore/dom/make_names.pl
+++ b/WebCore/dom/make_names.pl
@@ -287,10 +287,8 @@ sub printConstructorInterior
# Handle media elements.
if ($tags{$tagName}{wrapperOnlyIfMediaIsAvailable}) {
print F <<END
- Settings* settings = document->settings();
- if (!MediaPlayer::isAvailable() || (settings && !settings->isMediaEnabled()))
+ if (!MediaPlayer::isAvailable())
return HTMLElement::create($constructorTagName, document);
-
END
;
}
@@ -640,7 +638,7 @@ printElementIncludes($F);
print F <<END
#include <wtf/HashMap.h>
-#if ENABLE(DASHBOARD_SUPPORT) || ENABLE(VIDEO)
+#if ENABLE(DASHBOARD_SUPPORT)
#include "Document.h"
#include "Settings.h"
#endif
@@ -841,8 +839,7 @@ sub printWrapperFunctions
print F <<END
static JSNode* create${JSInterfaceName}Wrapper(ExecState* exec, JSDOMGlobalObject* globalObject, PassRefPtr<$parameters{namespace}Element> element)
{
- Settings* settings = element->document()->settings();
- if (!MediaPlayer::isAvailable() || (settings && !settings->isMediaEnabled()))
+ if (!MediaPlayer::isAvailable())
return CREATE_DOM_NODE_WRAPPER(exec, globalObject, $parameters{namespace}Element, element.get());
return CREATE_DOM_NODE_WRAPPER(exec, globalObject, ${JSInterfaceName}, element.get());
}
@@ -860,29 +857,14 @@ END
;
}
} elsif ($wrapperFactoryType eq "V8") {
- if ($tags{$tagName}{wrapperOnlyIfMediaIsAvailable}) {
- print F <<END
-static v8::Handle<v8::Value> create${JSInterfaceName}Wrapper($parameters{namespace}Element* element)
-{
- Settings* settings = element->document()->settings();
- if (!MediaPlayer::isAvailable() || (settings && !settings->isMediaEnabled()))
- return toV8(static_cast<$parameters{namespace}Element*>(element));
- return toV8(static_cast<${JSInterfaceName}*>(element));
-}
-
-END
-;
- } else {
print F <<END
static v8::Handle<v8::Value> create${JSInterfaceName}Wrapper($parameters{namespace}Element* element)
{
return toV8(static_cast<${JSInterfaceName}*>(element));
}
-
END
;
- }
}
if ($conditional) {
@@ -913,16 +895,7 @@ sub printWrapperFactoryCppFile
printElementIncludes($F);
- print F <<END
-#include <wtf/StdLibExtras.h>
-
-#if ENABLE(VIDEO)
-#include "Document.h"
-#include "Settings.h"
-#endif
-
-END
-;
+ print F "\n#include <wtf/StdLibExtras.h>\n\n";
if ($wrapperFactoryType eq "JS") {
print F <<END
diff --git a/WebCore/editing/EditorCommand.cpp b/WebCore/editing/EditorCommand.cpp
index 4cb34ac..34fa46d 100644
--- a/WebCore/editing/EditorCommand.cpp
+++ b/WebCore/editing/EditorCommand.cpp
@@ -1069,21 +1069,6 @@ static bool supportedFromMenuOrKeyBinding(Frame*, EditorCommandSource source)
return source == CommandFromMenuOrKeyBinding;
}
-static bool supportedCopyCut(Frame* frame, EditorCommandSource source)
-{
- switch (source) {
- case CommandFromMenuOrKeyBinding:
- return true;
- case CommandFromDOM:
- case CommandFromDOMWithUserInterface: {
- Settings* settings = frame ? frame->settings() : 0;
- return settings && settings->javaScriptCanAccessClipboard();
- }
- }
- ASSERT_NOT_REACHED();
- return false;
-}
-
static bool supportedPaste(Frame* frame, EditorCommandSource source)
{
switch (source) {
@@ -1092,7 +1077,7 @@ static bool supportedPaste(Frame* frame, EditorCommandSource source)
case CommandFromDOM:
case CommandFromDOMWithUserInterface: {
Settings* settings = frame ? frame->settings() : 0;
- return settings && (settings->javaScriptCanAccessClipboard() ? settings->isDOMPasteAllowed() : 0);
+ return settings && settings->isDOMPasteAllowed();
}
}
ASSERT_NOT_REACHED();
@@ -1319,9 +1304,9 @@ static const CommandMap& createCommandMap()
{ "BackColor", { executeBackColor, supported, enabledInRichlyEditableText, stateNone, valueBackColor, notTextInsertion, doNotAllowExecutionWhenDisabled } },
{ "BackwardDelete", { executeDeleteBackward, supportedFromMenuOrKeyBinding, enabledInEditableText, stateNone, valueNull, notTextInsertion, doNotAllowExecutionWhenDisabled } }, // FIXME: remove BackwardDelete when Safari for Windows stops using it.
{ "Bold", { executeToggleBold, supported, enabledInRichlyEditableText, stateBold, valueNull, notTextInsertion, doNotAllowExecutionWhenDisabled } },
- { "Copy", { executeCopy, supportedCopyCut, enabledCopy, stateNone, valueNull, notTextInsertion, allowExecutionWhenDisabled } },
+ { "Copy", { executeCopy, supported, enabledCopy, stateNone, valueNull, notTextInsertion, allowExecutionWhenDisabled } },
{ "CreateLink", { executeCreateLink, supported, enabledInRichlyEditableText, stateNone, valueNull, notTextInsertion, doNotAllowExecutionWhenDisabled } },
- { "Cut", { executeCut, supportedCopyCut, enabledCut, stateNone, valueNull, notTextInsertion, allowExecutionWhenDisabled } },
+ { "Cut", { executeCut, supported, enabledCut, stateNone, valueNull, notTextInsertion, allowExecutionWhenDisabled } },
{ "Delete", { executeDelete, supported, enabledDelete, stateNone, valueNull, notTextInsertion, doNotAllowExecutionWhenDisabled } },
{ "DeleteBackward", { executeDeleteBackward, supportedFromMenuOrKeyBinding, enabledInEditableText, stateNone, valueNull, notTextInsertion, doNotAllowExecutionWhenDisabled } },
{ "DeleteBackwardByDecomposingPreviousCharacter", { executeDeleteBackwardByDecomposingPreviousCharacter, supportedFromMenuOrKeyBinding, enabledInEditableText, stateNone, valueNull, notTextInsertion, doNotAllowExecutionWhenDisabled } },
diff --git a/WebCore/editing/markup.cpp b/WebCore/editing/markup.cpp
index 9b2634e..787dad9 100644
--- a/WebCore/editing/markup.cpp
+++ b/WebCore/editing/markup.cpp
@@ -404,12 +404,10 @@ static void appendStartMarkup(Vector<UChar>& result, const Node* node, const Ran
if (Node* parent = node->parentNode()) {
if (parent->hasTagName(scriptTag)
|| parent->hasTagName(styleTag)
+ || parent->hasTagName(textareaTag)
|| parent->hasTagName(xmpTag)) {
appendUCharRange(result, ucharRange(node, range));
break;
- } else if (parent->hasTagName(textareaTag)) {
- appendEscapedContent(result, ucharRange(node, range), documentIsHTML);
- break;
}
}
if (!annotate) {
diff --git a/WebCore/html/canvas/CanvasRenderingContext2D.cpp b/WebCore/html/canvas/CanvasRenderingContext2D.cpp
index 6fe74f9..8add19c 100644
--- a/WebCore/html/canvas/CanvasRenderingContext2D.cpp
+++ b/WebCore/html/canvas/CanvasRenderingContext2D.cpp
@@ -1211,7 +1211,7 @@ PassRefPtr<CanvasPattern> CanvasRenderingContext2D::createPattern(HTMLImageEleme
if (!cachedImage || !image->cachedImage()->image())
return CanvasPattern::create(Image::nullImage(), repeatX, repeatY, true);
- bool originClean = !canvas()->document()->securityOrigin()->taintsCanvas(KURL(KURL(), cachedImage->url())) && cachedImage->image()->hasSingleSecurityOrigin();
+ bool originClean = !canvas()->document()->securityOrigin()->taintsCanvas(KURL(KURL(), cachedImage->url()));
return CanvasPattern::create(cachedImage->image(), repeatX, repeatY, originClean);
}
diff --git a/WebCore/loader/DocumentThreadableLoader.cpp b/WebCore/loader/DocumentThreadableLoader.cpp
index 55f51ac..de0a0b0 100644
--- a/WebCore/loader/DocumentThreadableLoader.cpp
+++ b/WebCore/loader/DocumentThreadableLoader.cpp
@@ -81,19 +81,16 @@ DocumentThreadableLoader::DocumentThreadableLoader(Document* document, Threadabl
ASSERT(m_options.crossOriginRequestPolicy == UseAccessControl);
- OwnPtr<ResourceRequest> crossOriginRequest(new ResourceRequest(request));
- crossOriginRequest->removeCredentials();
- crossOriginRequest->setAllowCookies(m_options.allowCredentials);
-
- if (!m_options.forcePreflight && isSimpleCrossOriginAccessRequest(crossOriginRequest->httpMethod(), crossOriginRequest->httpHeaderFields()))
- makeSimpleCrossOriginAccessRequest(*crossOriginRequest);
+ if (!m_options.forcePreflight && isSimpleCrossOriginAccessRequest(request.httpMethod(), request.httpHeaderFields()))
+ makeSimpleCrossOriginAccessRequest(request);
else {
- m_actualRequest.set(crossOriginRequest.release());
+ m_actualRequest.set(new ResourceRequest(request));
+ m_actualRequest->setAllowCookies(m_options.allowCredentials);
- if (CrossOriginPreflightResultCache::shared().canSkipPreflight(document->securityOrigin()->toString(), m_actualRequest->url(), m_options.allowCredentials, m_actualRequest->httpMethod(), m_actualRequest->httpHeaderFields()))
+ if (CrossOriginPreflightResultCache::shared().canSkipPreflight(document->securityOrigin()->toString(), request.url(), m_options.allowCredentials, request.httpMethod(), request.httpHeaderFields()))
preflightSuccess();
else
- makeCrossOriginAccessRequestWithPreflight(*m_actualRequest);
+ makeCrossOriginAccessRequestWithPreflight(request);
}
}
@@ -109,6 +106,8 @@ void DocumentThreadableLoader::makeSimpleCrossOriginAccessRequest(const Resource
// Make a copy of the passed request so that we can modify some details.
ResourceRequest crossOriginRequest(request);
+ crossOriginRequest.removeCredentials();
+ crossOriginRequest.setAllowCookies(m_options.allowCredentials);
crossOriginRequest.setHTTPOrigin(m_document->securityOrigin()->toString());
loadRequest(crossOriginRequest, DoSecurityCheck);
@@ -288,17 +287,11 @@ void DocumentThreadableLoader::preflightSuccess()
void DocumentThreadableLoader::preflightFailure()
{
- m_actualRequest = 0; // Prevent didFinishLoading() from bypassing access check.
m_client->didFail(ResourceError());
}
void DocumentThreadableLoader::loadRequest(const ResourceRequest& request, SecurityCheckPolicy securityCheck)
{
- // Any credential should have been removed from the cross-site requests.
- const KURL& requestURL = request.url();
- ASSERT(m_sameOriginRequest || requestURL.user().isEmpty());
- ASSERT(m_sameOriginRequest || requestURL.pass().isEmpty());
-
if (m_async) {
// Don't sniff content or send load callbacks for the preflight request.
bool sendLoadCallbacks = m_options.sendLoadCallbacks && !m_actualRequest;
@@ -322,15 +315,15 @@ void DocumentThreadableLoader::loadRequest(const ResourceRequest& request, Secur
// No exception for file:/// resources, see <rdar://problem/4962298>.
// Also, if we have an HTTP response, then it wasn't a network error in fact.
- if (!error.isNull() && !requestURL.isLocalFile() && response.httpStatusCode() <= 0) {
+ if (!error.isNull() && !request.url().isLocalFile() && response.httpStatusCode() <= 0) {
m_client->didFail(error);
return;
}
// FIXME: FrameLoader::loadSynchronously() does not tell us whether a redirect happened or not, so we guess by comparing the
// request and response URLs. This isn't a perfect test though, since a server can serve a redirect to the same URL that was
- // requested. Also comparing the request and response URLs as strings will fail if the requestURL still has its credentials.
- if (requestURL != response.url() && !isAllowedRedirect(response.url())) {
+ // requested.
+ if (request.url() != response.url() && !isAllowedRedirect(response.url())) {
m_client->didFailRedirectCheck();
return;
}
diff --git a/WebCore/loader/HistoryController.cpp b/WebCore/loader/HistoryController.cpp
index e065e8e..55b68dc 100644
--- a/WebCore/loader/HistoryController.cpp
+++ b/WebCore/loader/HistoryController.cpp
@@ -656,17 +656,15 @@ void HistoryController::pushState(PassRefPtr<SerializedScriptValue> stateObject,
void HistoryController::replaceState(PassRefPtr<SerializedScriptValue> stateObject, const String& title, const String& urlString)
{
- // FIXME: We should always have m_currentItem here!!
- // https://bugs.webkit.org/show_bug.cgi?id=36464
- if (!m_currentItem) {
- ASSERT_NOT_REACHED();
- return;
- }
+ Page* page = m_frame->page();
+ ASSERT(page);
+ HistoryItem* current = page->backForwardList()->currentItem();
+ ASSERT(current);
if (!urlString.isEmpty())
- m_currentItem->setURLString(urlString);
- m_currentItem->setTitle(title);
- m_currentItem->setStateObject(stateObject);
+ current->setURLString(urlString);
+ current->setTitle(title);
+ current->setStateObject(stateObject);
}
} // namespace WebCore
diff --git a/WebCore/page/EventHandler.cpp b/WebCore/page/EventHandler.cpp
index fcb93cf..c81783c 100644
--- a/WebCore/page/EventHandler.cpp
+++ b/WebCore/page/EventHandler.cpp
@@ -2151,9 +2151,7 @@ bool EventHandler::keyEvent(const PlatformKeyboardEvent& initialKeyEvent)
if (initialKeyEvent.type() == PlatformKeyboardEvent::RawKeyDown) {
node->dispatchEvent(keydown, ec);
- // If frame changed as a result of keydown dispatch, then return true to avoid sending a subsequent keypress message to the new frame.
- bool changedFocusedFrame = m_frame->page() && m_frame != m_frame->page()->focusController()->focusedOrMainFrame();
- return keydown->defaultHandled() || keydown->defaultPrevented() || changedFocusedFrame;
+ return keydown->defaultHandled() || keydown->defaultPrevented();
}
// Run input method in advance of DOM event handling. This may result in the IM
@@ -2173,9 +2171,7 @@ bool EventHandler::keyEvent(const PlatformKeyboardEvent& initialKeyEvent)
}
node->dispatchEvent(keydown, ec);
- // If frame changed as a result of keydown dispatch, then return early to avoid sending a subsequent keypress message to the new frame.
- bool changedFocusedFrame = m_frame->page() && m_frame != m_frame->page()->focusController()->focusedOrMainFrame();
- bool keydownResult = keydown->defaultHandled() || keydown->defaultPrevented() || changedFocusedFrame;
+ bool keydownResult = keydown->defaultHandled() || keydown->defaultPrevented();
if (handledByInputMethod || (keydownResult && !backwardCompatibilityMode))
return keydownResult;
@@ -2635,7 +2631,7 @@ void EventHandler::sendResizeEvent()
void EventHandler::sendScrollEvent()
{
setFrameWasScrolledByUser();
- if (m_frame->view() && m_frame->document())
+ if (m_frame->view())
m_frame->document()->dispatchEvent(Event::create(eventNames().scrollEvent, true, false));
}
diff --git a/WebCore/page/FrameView.cpp b/WebCore/page/FrameView.cpp
index d38f655..caa78bd 100644
--- a/WebCore/page/FrameView.cpp
+++ b/WebCore/page/FrameView.cpp
@@ -1275,13 +1275,14 @@ void FrameView::scheduleRelayoutOfSubtree(RenderObject* relayoutRoot)
{
ASSERT(m_frame->view() == this);
- if (m_frame->contentRenderer() && m_frame->contentRenderer()->needsLayout()) {
+ if (!m_layoutSchedulingEnabled || (m_frame->contentRenderer()
+ && m_frame->contentRenderer()->needsLayout())) {
if (relayoutRoot)
relayoutRoot->markContainingBlocksForLayout(false);
return;
}
- if (layoutPending() || !m_layoutSchedulingEnabled) {
+ if (layoutPending()) {
if (m_layoutRoot != relayoutRoot) {
if (isObjectAncestorContainerOf(m_layoutRoot, relayoutRoot)) {
// Keep the current root
@@ -1298,7 +1299,7 @@ void FrameView::scheduleRelayoutOfSubtree(RenderObject* relayoutRoot)
relayoutRoot->markContainingBlocksForLayout(false);
}
}
- } else if (m_layoutSchedulingEnabled) {
+ } else {
int delay = m_frame->document()->minimumLayoutDelay();
m_layoutRoot = relayoutRoot;
m_delayedLayout = delay != 0;
diff --git a/WebCore/page/Geolocation.cpp b/WebCore/page/Geolocation.cpp
index 9acbc7f..e1f692b 100644
--- a/WebCore/page/Geolocation.cpp
+++ b/WebCore/page/Geolocation.cpp
@@ -29,6 +29,7 @@
#include "Geolocation.h"
#include "Chrome.h"
+#include "Document.h"
#include "Frame.h"
#include "Page.h"
#include <wtf/CurrentTime.h>
@@ -219,7 +220,6 @@ Geolocation::~Geolocation()
void Geolocation::disconnectFrame()
{
- stopTimers();
stopUpdating();
if (m_frame) {
if (m_frame->document())
@@ -232,8 +232,6 @@ void Geolocation::disconnectFrame()
Geoposition* Geolocation::lastPosition()
{
- ASSERT(isAllowed());
-
#if ENABLE(CLIENT_BASED_GEOLOCATION)
if (!m_frame)
return 0;
@@ -381,6 +379,22 @@ void Geolocation::clearWatch(int watchId)
stopUpdating();
}
+void Geolocation::suspend()
+{
+#if !ENABLE(CLIENT_BASED_GEOLOCATION)
+ if (hasListeners())
+ m_service->suspend();
+#endif
+}
+
+void Geolocation::resume()
+{
+#if !ENABLE(CLIENT_BASED_GEOLOCATION)
+ if (hasListeners())
+ m_service->resume();
+#endif
+}
+
void Geolocation::setIsAllowed(bool allowed)
{
// This may be due to either a new position from the service, or a cached
diff --git a/WebCore/page/Geolocation.h b/WebCore/page/Geolocation.h
index b8ec566..c44b9e5 100644
--- a/WebCore/page/Geolocation.h
+++ b/WebCore/page/Geolocation.h
@@ -35,6 +35,13 @@
#include "PositionErrorCallback.h"
#include "PositionOptions.h"
#include "Timer.h"
+#include <wtf/HashMap.h>
+#include <wtf/HashSet.h>
+#include <wtf/OwnPtr.h>
+#include <wtf/PassRefPtr.h>
+#include <wtf/RefCounted.h>
+#include <wtf/RefPtr.h>
+#include <wtf/Vector.h>
namespace WebCore {
@@ -53,15 +60,26 @@ class Geolocation : public RefCounted<Geolocation>
public:
static PassRefPtr<Geolocation> create(Frame* frame) { return adoptRef(new Geolocation(frame)); }
- ~Geolocation();
+ virtual ~Geolocation();
void disconnectFrame();
+ Geoposition* lastPosition();
+
void getCurrentPosition(PassRefPtr<PositionCallback>, PassRefPtr<PositionErrorCallback>, PassRefPtr<PositionOptions>);
int watchPosition(PassRefPtr<PositionCallback>, PassRefPtr<PositionErrorCallback>, PassRefPtr<PositionOptions>);
void clearWatch(int watchId);
+ void suspend();
+ void resume();
+
void setIsAllowed(bool);
+ bool isAllowed() const { return m_allowGeolocation == Yes; }
+ bool isDenied() const { return m_allowGeolocation == No; }
+
+ void setShouldClearCache(bool shouldClearCache) { m_shouldClearCache = shouldClearCache; }
+ bool shouldClearCache() const { return m_shouldClearCache; }
+ Frame* frame() const { return m_frame; }
#if ENABLE(CLIENT_BASED_GEOLOCATION)
void setPosition(GeolocationPosition*);
@@ -71,11 +89,6 @@ public:
#endif
private:
- Geoposition* lastPosition();
-
- bool isAllowed() const { return m_allowGeolocation == Yes; }
- bool isDenied() const { return m_allowGeolocation == No; }
-
Geolocation(Frame*);
class GeoNotifier : public RefCounted<GeoNotifier> {
diff --git a/WebCore/page/Geolocation.idl b/WebCore/page/Geolocation.idl
index 58b219c..76056a3 100644
--- a/WebCore/page/Geolocation.idl
+++ b/WebCore/page/Geolocation.idl
@@ -26,6 +26,8 @@
module core {
interface [OmitConstructor] Geolocation {
+ readonly attribute Geoposition lastPosition;
+
[Custom] void getCurrentPosition(in PositionCallback successCallback, in PositionErrorCallback errorCallback, in PositionOptions options);
[Custom] long watchPosition(in PositionCallback successCallback, in PositionErrorCallback errorCallback, in PositionOptions options);
diff --git a/WebCore/page/Settings.cpp b/WebCore/page/Settings.cpp
index 18d310a..a791f74 100644
--- a/WebCore/page/Settings.cpp
+++ b/WebCore/page/Settings.cpp
@@ -72,7 +72,6 @@ Settings::Settings(Page* page)
, m_privateBrowsingEnabled(false)
, m_caretBrowsingEnabled(false)
, m_areImagesEnabled(true)
- , m_isMediaEnabled(true)
, m_arePluginsEnabled(false)
, m_localStorageEnabled(false)
, m_isJavaScriptEnabled(false)
@@ -80,7 +79,6 @@ Settings::Settings(Page* page)
, m_allowUniversalAccessFromFileURLs(true)
, m_allowFileAccessFromFileURLs(true)
, m_javaScriptCanOpenWindowsAutomatically(false)
- , m_javaScriptCanAccessClipboard(false)
, m_shouldPrintBackgrounds(false)
, m_textAreasAreResizable(false)
#if ENABLE(DASHBOARD_SUPPORT)
@@ -264,11 +262,6 @@ void Settings::setImagesEnabled(bool areImagesEnabled)
m_areImagesEnabled = areImagesEnabled;
}
-void Settings::setMediaEnabled(bool isMediaEnabled)
-{
- m_isMediaEnabled = isMediaEnabled;
-}
-
void Settings::setPluginsEnabled(bool arePluginsEnabled)
{
m_arePluginsEnabled = arePluginsEnabled;
@@ -298,11 +291,6 @@ void Settings::setJavaScriptCanOpenWindowsAutomatically(bool javaScriptCanOpenWi
m_javaScriptCanOpenWindowsAutomatically = javaScriptCanOpenWindowsAutomatically;
}
-void Settings::setJavaScriptCanAccessClipboard(bool javaScriptCanAccessClipboard)
-{
- m_javaScriptCanAccessClipboard = javaScriptCanAccessClipboard;
-}
-
void Settings::setDefaultTextEncodingName(const String& defaultTextEncodingName)
{
m_defaultTextEncodingName = defaultTextEncodingName;
diff --git a/WebCore/page/Settings.h b/WebCore/page/Settings.h
index 6ca7d41..70c3cbd 100644
--- a/WebCore/page/Settings.h
+++ b/WebCore/page/Settings.h
@@ -122,9 +122,6 @@ namespace WebCore {
void setJavaScriptCanOpenWindowsAutomatically(bool);
bool javaScriptCanOpenWindowsAutomatically() const { return m_javaScriptCanOpenWindowsAutomatically; }
- void setJavaScriptCanAccessClipboard(bool);
- bool javaScriptCanAccessClipboard() const { return m_javaScriptCanAccessClipboard; }
-
void setSpatialNavigationEnabled(bool);
bool isSpatialNavigationEnabled() const { return m_isSpatialNavigationEnabled; }
@@ -134,9 +131,6 @@ namespace WebCore {
void setImagesEnabled(bool);
bool areImagesEnabled() const { return m_areImagesEnabled; }
- void setMediaEnabled(bool);
- bool isMediaEnabled() const { return m_isMediaEnabled; }
-
void setPluginsEnabled(bool);
bool arePluginsEnabled() const { return m_arePluginsEnabled; }
@@ -329,7 +323,6 @@ namespace WebCore {
bool m_privateBrowsingEnabled : 1;
bool m_caretBrowsingEnabled : 1;
bool m_areImagesEnabled : 1;
- bool m_isMediaEnabled : 1;
bool m_arePluginsEnabled : 1;
bool m_localStorageEnabled : 1;
bool m_isJavaScriptEnabled : 1;
@@ -337,7 +330,6 @@ namespace WebCore {
bool m_allowUniversalAccessFromFileURLs: 1;
bool m_allowFileAccessFromFileURLs: 1;
bool m_javaScriptCanOpenWindowsAutomatically : 1;
- bool m_javaScriptCanAccessClipboard : 1;
bool m_shouldPrintBackgrounds : 1;
bool m_textAreasAreResizable : 1;
#if ENABLE(DASHBOARD_SUPPORT)
diff --git a/WebCore/rendering/FixedTableLayout.cpp b/WebCore/rendering/FixedTableLayout.cpp
index 4d6b88c..09af518 100644
--- a/WebCore/rendering/FixedTableLayout.cpp
+++ b/WebCore/rendering/FixedTableLayout.cpp
@@ -166,7 +166,8 @@ int FixedTableLayout::calcWidthArray(int)
int usedSpan = 0;
int i = 0;
- while (usedSpan < span && cCol + i < nEffCols) {
+ while (usedSpan < span) {
+ ASSERT(cCol + i < nEffCols);
int eSpan = m_table->spanOfEffCol(cCol + i);
// Only set if no col element has already set it.
if (m_width[cCol + i].isAuto() && w.type() != Auto) {
diff --git a/WebCore/rendering/RenderBlock.cpp b/WebCore/rendering/RenderBlock.cpp
index ce34444..5e788a4 100644
--- a/WebCore/rendering/RenderBlock.cpp
+++ b/WebCore/rendering/RenderBlock.cpp
@@ -2358,14 +2358,8 @@ void RenderBlock::removeFloatingObject(RenderBox* o)
DeprecatedPtrListIterator<FloatingObject> it(*m_floatingObjects);
while (it.current()) {
if (it.current()->m_renderer == o) {
- if (childrenInline()) {
- int bottom = it.current()->m_bottom;
- // Special-case zero- and less-than-zero-height floats: those don't touch
- // the line that they're on, but it still needs to be dirtied. This is
- // accomplished by pretending they have a height of 1.
- bottom = max(bottom, it.current()->m_top + 1);
- markLinesDirtyInVerticalRange(0, bottom);
- }
+ if (childrenInline())
+ markLinesDirtyInVerticalRange(0, it.current()->m_bottom);
m_floatingObjects->removeRef(it.current());
}
++it;
@@ -3016,8 +3010,8 @@ void RenderBlock::clearFloats()
addIntrudingFloats(block, xoffset, offset);
if (childrenInline()) {
- int changeTop = numeric_limits<int>::max();
- int changeBottom = numeric_limits<int>::min();
+ int changeTop = INT_MAX;
+ int changeBottom = INT_MIN;
if (m_floatingObjects) {
for (FloatingObject* f = m_floatingObjects->first(); f; f = m_floatingObjects->next()) {
FloatingObject* oldFloatingObject = floatMap.get(f->m_renderer);
@@ -4645,7 +4639,7 @@ void RenderBlock::updateFirstLetter()
// Drill into inlines looking for our first text child.
RenderObject* currChild = firstLetterBlock->firstChild();
- while (currChild && currChild->needsLayout() && ((!currChild->isReplaced() && !currChild->isRenderButton() && !currChild->isMenuList()) || currChild->isFloatingOrPositioned()) && !currChild->isText()) {
+ while (currChild && currChild->needsLayout() && (!currChild->isReplaced() || currChild->isFloatingOrPositioned()) && !currChild->isText()) {
if (currChild->isFloatingOrPositioned()) {
if (currChild->style()->styleType() == FIRST_LETTER)
break;
diff --git a/WebCore/rendering/RenderBlockLineLayout.cpp b/WebCore/rendering/RenderBlockLineLayout.cpp
index 6e89060..191b24a 100644
--- a/WebCore/rendering/RenderBlockLineLayout.cpp
+++ b/WebCore/rendering/RenderBlockLineLayout.cpp
@@ -646,6 +646,7 @@ void RenderBlock::layoutInlineChildren(bool relayoutChildren, int& repaintTop, i
bool endLineMatched = false;
bool checkForEndLineMatch = endLine;
bool checkForFloatsFromLastLine = false;
+ int lastHeight = height();
bool isLineEmpty = true;
@@ -770,7 +771,8 @@ void RenderBlock::layoutInlineChildren(bool relayoutChildren, int& repaintTop, i
} else
m_floatingObjects->first();
for (FloatingObject* f = m_floatingObjects->current(); f; f = m_floatingObjects->next()) {
- lastRootBox()->floats().append(f->m_renderer);
+ if (f->m_bottom > lastHeight)
+ lastRootBox()->floats().append(f->m_renderer);
ASSERT(f->m_renderer == floats[floatIndex].object);
// If a float's geometry has changed, give up on syncing with clean lines.
if (floats[floatIndex].rect != IntRect(f->m_left, f->m_top, f->m_width, f->m_bottom - f->m_top))
@@ -780,6 +782,7 @@ void RenderBlock::layoutInlineChildren(bool relayoutChildren, int& repaintTop, i
lastFloat = m_floatingObjects->last();
}
+ lastHeight = height();
lineMidpointState.reset();
resolver.setPosition(end);
}
@@ -839,8 +842,10 @@ void RenderBlock::layoutInlineChildren(bool relayoutChildren, int& repaintTop, i
m_floatingObjects->next();
} else
m_floatingObjects->first();
- for (FloatingObject* f = m_floatingObjects->current(); f; f = m_floatingObjects->next())
- lastRootBox()->floats().append(f->m_renderer);
+ for (FloatingObject* f = m_floatingObjects->current(); f; f = m_floatingObjects->next()) {
+ if (f->m_bottom > lastHeight)
+ lastRootBox()->floats().append(f->m_renderer);
+ }
lastFloat = m_floatingObjects->last();
}
size_t floatCount = floats.size();
diff --git a/WebCore/rendering/RenderButton.h b/WebCore/rendering/RenderButton.h
index 1fc5eb6..7fd6ab0 100644
--- a/WebCore/rendering/RenderButton.h
+++ b/WebCore/rendering/RenderButton.h
@@ -57,14 +57,12 @@ public:
virtual bool canHaveChildren() const;
-private:
+protected:
virtual void styleWillChange(StyleDifference, const RenderStyle* newStyle);
virtual void styleDidChange(StyleDifference, const RenderStyle* oldStyle);
virtual bool hasLineIfEmpty() const { return true; }
- virtual bool requiresForcedStyleRecalcPropagation() const { return true; }
-
void timerFired(Timer<RenderButton>*);
RenderTextFragment* m_buttonText;
diff --git a/WebCore/rendering/RenderDataGrid.h b/WebCore/rendering/RenderDataGrid.h
index ce221ea..467edcc 100644
--- a/WebCore/rendering/RenderDataGrid.h
+++ b/WebCore/rendering/RenderDataGrid.h
@@ -53,8 +53,6 @@ public:
private:
virtual void styleDidChange(StyleDifference, const RenderStyle* oldStyle);
- virtual bool requiresForcedStyleRecalcPropagation() const { return true; }
-
RenderStyle* columnStyle(DataGridColumn*);
RenderStyle* headerStyle(DataGridColumn*);
void recalcStyleForColumns();
diff --git a/WebCore/rendering/RenderFileUploadControl.h b/WebCore/rendering/RenderFileUploadControl.h
index d77eadc..454041a 100644
--- a/WebCore/rendering/RenderFileUploadControl.h
+++ b/WebCore/rendering/RenderFileUploadControl.h
@@ -56,8 +56,6 @@ private:
virtual void styleDidChange(StyleDifference, const RenderStyle* oldStyle);
- virtual bool requiresForcedStyleRecalcPropagation() const { return true; }
-
// FileChooserClient methods.
void valueChanged();
void repaint() { RenderBlock::repaint(); }
diff --git a/WebCore/rendering/RenderInline.cpp b/WebCore/rendering/RenderInline.cpp
index 69e6eab..6d3f462 100644
--- a/WebCore/rendering/RenderInline.cpp
+++ b/WebCore/rendering/RenderInline.cpp
@@ -274,7 +274,7 @@ void RenderInline::splitInlines(RenderBlock* fromBlock, RenderBlock* toBlock,
// has to move into the inline continuation. Call updateBeforeAfterContent to ensure that the inline's :after
// content gets properly destroyed.
if (document()->usesBeforeAfterRules())
- inlineCurr->children()->updateBeforeAfterContent(inlineCurr, AFTER);
+ inlineCurr->children()->updateBeforeAfterContent(this, AFTER);
// Now we need to take all of the children starting from the first child
// *after* currChild and append them all to the clone.
diff --git a/WebCore/rendering/RenderListItem.h b/WebCore/rendering/RenderListItem.h
index d140979..c4c41dc 100644
--- a/WebCore/rendering/RenderListItem.h
+++ b/WebCore/rendering/RenderListItem.h
@@ -63,8 +63,6 @@ private:
virtual void styleDidChange(StyleDifference, const RenderStyle* oldStyle);
- virtual bool requiresForcedStyleRecalcPropagation() const { return true; }
-
void updateMarkerLocation();
inline int calcValue() const;
void updateValueNow() const;
diff --git a/WebCore/rendering/RenderListMarker.cpp b/WebCore/rendering/RenderListMarker.cpp
index 6c8f769..d0353ee 100644
--- a/WebCore/rendering/RenderListMarker.cpp
+++ b/WebCore/rendering/RenderListMarker.cpp
@@ -101,10 +101,8 @@ static inline String toAlphabeticOrNumeric(int number, const UChar* sequence, in
int length = 1;
if (type == AlphabeticSequence) {
- while ((numberShadow /= sequenceSize) > 0) {
- --numberShadow;
- letters[lettersSize - ++length] = sequence[numberShadow % sequenceSize];
- }
+ while ((numberShadow /= sequenceSize) > 0)
+ letters[lettersSize - ++length] = sequence[numberShadow % sequenceSize - 1];
} else {
while ((numberShadow /= sequenceSize) > 0)
letters[lettersSize - ++length] = sequence[numberShadow % sequenceSize];
diff --git a/WebCore/rendering/RenderMedia.h b/WebCore/rendering/RenderMedia.h
index 32d6d65..0d24c4c 100644
--- a/WebCore/rendering/RenderMedia.h
+++ b/WebCore/rendering/RenderMedia.h
@@ -118,8 +118,6 @@ private:
virtual void styleDidChange(StyleDifference, const RenderStyle* oldStyle);
- virtual bool requiresForcedStyleRecalcPropagation() const { return true; }
-
RefPtr<HTMLElement> m_controlsShadowRoot;
RefPtr<MediaControlElement> m_panel;
RefPtr<MediaControlMuteButtonElement> m_muteButton;
diff --git a/WebCore/rendering/RenderMenuList.h b/WebCore/rendering/RenderMenuList.h
index 7e80d35..f3c1b55 100644
--- a/WebCore/rendering/RenderMenuList.h
+++ b/WebCore/rendering/RenderMenuList.h
@@ -72,8 +72,6 @@ private:
virtual void styleDidChange(StyleDifference, const RenderStyle* oldStyle);
- virtual bool requiresForcedStyleRecalcPropagation() const { return true; }
-
// PopupMenuClient methods
virtual String itemText(unsigned listIndex) const;
virtual String itemToolTip(unsigned listIndex) const;
diff --git a/WebCore/rendering/RenderObject.h b/WebCore/rendering/RenderObject.h
index f5719db..46abfca 100644
--- a/WebCore/rendering/RenderObject.h
+++ b/WebCore/rendering/RenderObject.h
@@ -322,8 +322,6 @@ public:
bool cellWidthChanged() const { return m_cellWidthChanged; }
void setCellWidthChanged(bool b = true) { m_cellWidthChanged = b; }
- virtual bool requiresForcedStyleRecalcPropagation() const { return false; }
-
#if ENABLE(MATHML)
virtual bool isRenderMathMLBlock() const { return false; }
#endif // ENABLE(MATHML)
@@ -414,6 +412,7 @@ public:
void drawArcForBoxSide(GraphicsContext*, int x, int y, float thickness, IntSize radius, int angleStart,
int angleSpan, BoxSide, Color, EBorderStyle, bool firstCorner);
+public:
// The pseudo element style can be cached or uncached. Use the cached method if the pseudo element doesn't respect
// any pseudo classes (and therefore has no concept of changing state).
RenderStyle* getCachedPseudoStyle(PseudoId, RenderStyle* parentStyle = 0) const;
diff --git a/WebCore/rendering/RenderProgress.h b/WebCore/rendering/RenderProgress.h
index 5f42491..ee60d9d 100644
--- a/WebCore/rendering/RenderProgress.h
+++ b/WebCore/rendering/RenderProgress.h
@@ -50,8 +50,6 @@ inline RenderProgress* toRenderProgress(RenderObject* object)
// This will catch anyone doing an unnecessary cast.
void toRenderProgress(const RenderProgress*);
- virtual bool requiresForcedStyleRecalcPropagation() const { return true; }
-
} // namespace WebCore
#endif
diff --git a/WebCore/rendering/RenderSlider.h b/WebCore/rendering/RenderSlider.h
index fc8ce24..92ad73b 100644
--- a/WebCore/rendering/RenderSlider.h
+++ b/WebCore/rendering/RenderSlider.h
@@ -58,8 +58,6 @@ namespace WebCore {
virtual void styleDidChange(StyleDifference, const RenderStyle* oldStyle);
- virtual bool requiresForcedStyleRecalcPropagation() const { return true; }
-
PassRefPtr<RenderStyle> createThumbStyle(const RenderStyle* parentStyle);
int trackSize();
diff --git a/WebCore/rendering/RenderText.cpp b/WebCore/rendering/RenderText.cpp
index 81f1dde..aa919e0 100644
--- a/WebCore/rendering/RenderText.cpp
+++ b/WebCore/rendering/RenderText.cpp
@@ -203,7 +203,7 @@ void RenderText::deleteTextBoxes()
PassRefPtr<StringImpl> RenderText::originalText() const
{
Node* e = node();
- return (e && e->isTextNode()) ? static_cast<Text*>(e)->dataImpl() : 0;
+ return e ? static_cast<Text*>(e)->dataImpl() : 0;
}
void RenderText::absoluteRects(Vector<IntRect>& rects, int tx, int ty)
diff --git a/WebCore/rendering/RenderTextControl.h b/WebCore/rendering/RenderTextControl.h
index 984f41d..2fc8edc 100644
--- a/WebCore/rendering/RenderTextControl.h
+++ b/WebCore/rendering/RenderTextControl.h
@@ -107,8 +107,6 @@ private:
virtual bool canBeProgramaticallyScrolled(bool) const { return true; }
- virtual bool requiresForcedStyleRecalcPropagation() const { return true; }
-
String finishText(Vector<UChar>&) const;
bool m_wasChangedSinceLastChangeEvent;
diff --git a/WebCore/rendering/RenderTextFragment.cpp b/WebCore/rendering/RenderTextFragment.cpp
index 1e15d66..f3398a3 100644
--- a/WebCore/rendering/RenderTextFragment.cpp
+++ b/WebCore/rendering/RenderTextFragment.cpp
@@ -47,7 +47,7 @@ RenderTextFragment::RenderTextFragment(Node* node, StringImpl* str)
PassRefPtr<StringImpl> RenderTextFragment::originalText() const
{
Node* e = node();
- RefPtr<StringImpl> result = ((e && e->isTextNode()) ? static_cast<Text*>(e)->dataImpl() : contentString());
+ RefPtr<StringImpl> result = (e ? static_cast<Text*>(e)->dataImpl() : contentString());
if (result && (start() > 0 || start() < result->length()))
result = result->substring(start(), end());
return result.release();
@@ -80,7 +80,7 @@ UChar RenderTextFragment::previousCharacter()
{
if (start()) {
Node* e = node();
- StringImpl* original = ((e && e->isTextNode()) ? static_cast<Text*>(e)->dataImpl() : contentString());
+ StringImpl* original = (e ? static_cast<Text*>(e)->dataImpl() : contentString());
if (original)
return (*original)[start() - 1];
}
diff --git a/WebCore/svg/graphics/SVGImage.cpp b/WebCore/svg/graphics/SVGImage.cpp
index e5e13b5..86862c3 100644
--- a/WebCore/svg/graphics/SVGImage.cpp
+++ b/WebCore/svg/graphics/SVGImage.cpp
@@ -247,7 +247,6 @@ bool SVGImage::dataChanged(bool allDataReceived)
// The comment said that the Cache code does not know about CachedImages
// holding Frames and won't know to break the cycle. But
m_page.set(new Page(m_chromeClient.get(), dummyContextMenuClient, dummyEditorClient, dummyDragClient, dummyInspectorClient, 0, 0));
- m_page->settings()->setMediaEnabled(false);
m_page->settings()->setJavaScriptEnabled(false);
m_page->settings()->setPluginsEnabled(false);
diff --git a/WebKit/gtk/NEWS b/WebKit/gtk/NEWS
index 05c2405..42f57c6 100644
--- a/WebKit/gtk/NEWS
+++ b/WebKit/gtk/NEWS
@@ -1,20 +1,4 @@
================
-WebKitGTK+ 1.2.2
-================
-
-What's new in WebKitGTK+ 1.2.2?
-
- - New stable release, API and ABI compatible with previous 1.2.x
- versions;
- - A number of crashes discovered since the 1.2.1 release have been
- fixed;
- - A new function has been added toc clear the back/forward
- list:
- webkit_web_back_forward_list_clear;
- - The infamous "cursor hangs when dragging" bug has been squashed;
- - Scrollbars no longer working after going back has also been fixed.
-
-================
WebKitGTK+ 1.2.0
================
diff --git a/WebKit/gtk/webkit/webkitwebsettings.cpp b/WebKit/gtk/webkit/webkitwebsettings.cpp
index 19c4168..7ec6154 100644
--- a/WebKit/gtk/webkit/webkitwebsettings.cpp
+++ b/WebKit/gtk/webkit/webkitwebsettings.cpp
@@ -96,7 +96,6 @@ struct _WebKitWebSettingsPrivate {
gboolean enable_spatial_navigation;
gchar* user_agent;
gboolean javascript_can_open_windows_automatically;
- gboolean javascript_can_access_clipboard;
gboolean enable_offline_web_application_cache;
WebKitEditingBehavior editing_behavior;
gboolean enable_universal_access_from_file_uris;
@@ -146,7 +145,6 @@ enum {
PROP_ENABLE_SPATIAL_NAVIGATION,
PROP_USER_AGENT,
PROP_JAVASCRIPT_CAN_OPEN_WINDOWS_AUTOMATICALLY,
- PROP_JAVASCRIPT_CAN_ACCESS_CLIPBOARD,
PROP_ENABLE_OFFLINE_WEB_APPLICATION_CACHE,
PROP_EDITING_BEHAVIOR,
PROP_ENABLE_UNIVERSAL_ACCESS_FROM_FILE_URIS,
@@ -625,22 +623,6 @@ static void webkit_web_settings_class_init(WebKitWebSettingsClass* klass)
_("Whether JavaScript can open windows automatically"),
FALSE,
flags));
-
- /**
- * WebKitWebSettings:javascript-can-access-clipboard
- *
- * Whether JavaScript can access Clipboard.
- *
- * Since: 1.3.0
- */
- g_object_class_install_property(gobject_class,
- PROP_JAVASCRIPT_CAN_ACCESS_CLIPBOARD,
- g_param_spec_boolean("javascript-can-access-clipboard",
- _("JavaScript can access Clipboard"),
- _("Whether JavaScript can access Clipboard"),
- FALSE,
- flags));
-
/**
* WebKitWebSettings:enable-offline-web-application-cache
*
@@ -1041,9 +1023,6 @@ static void webkit_web_settings_set_property(GObject* object, guint prop_id, con
case PROP_JAVASCRIPT_CAN_OPEN_WINDOWS_AUTOMATICALLY:
priv->javascript_can_open_windows_automatically = g_value_get_boolean(value);
break;
- case PROP_JAVASCRIPT_CAN_ACCESS_CLIPBOARD:
- priv->javascript_can_access_clipboard = g_value_get_boolean(value);
- break;
case PROP_ENABLE_OFFLINE_WEB_APPLICATION_CACHE:
priv->enable_offline_web_application_cache = g_value_get_boolean(value);
break;
@@ -1182,9 +1161,6 @@ static void webkit_web_settings_get_property(GObject* object, guint prop_id, GVa
case PROP_JAVASCRIPT_CAN_OPEN_WINDOWS_AUTOMATICALLY:
g_value_set_boolean(value, priv->javascript_can_open_windows_automatically);
break;
- case PROP_JAVASCRIPT_CAN_ACCESS_CLIPBOARD:
- g_value_set_boolean(value, priv->javascript_can_access_clipboard);
- break;
case PROP_ENABLE_OFFLINE_WEB_APPLICATION_CACHE:
g_value_set_boolean(value, priv->enable_offline_web_application_cache);
break;
@@ -1279,7 +1255,6 @@ WebKitWebSettings* webkit_web_settings_copy(WebKitWebSettings* web_settings)
"enable-spatial-navigation", priv->enable_spatial_navigation,
"user-agent", webkit_web_settings_get_user_agent(web_settings),
"javascript-can-open-windows-automatically", priv->javascript_can_open_windows_automatically,
- "javascript-can-access-clipboard", priv->javascript_can_access_clipboard,
"enable-offline-web-application-cache", priv->enable_offline_web_application_cache,
"editing-behavior", priv->editing_behavior,
"enable-universal-access-from-file-uris", priv->enable_universal_access_from_file_uris,
diff --git a/WebKit/gtk/webkit/webkitwebview.cpp b/WebKit/gtk/webkit/webkitwebview.cpp
index 1f3a445..b8ebea2 100644
--- a/WebKit/gtk/webkit/webkitwebview.cpp
+++ b/WebKit/gtk/webkit/webkitwebview.cpp
@@ -2646,8 +2646,7 @@ static void webkit_web_view_update_settings(WebKitWebView* webView)
gboolean autoLoadImages, autoShrinkImages, printBackgrounds,
enableScripts, enablePlugins, enableDeveloperExtras, resizableTextAreas,
enablePrivateBrowsing, enableCaretBrowsing, enableHTML5Database, enableHTML5LocalStorage,
- enableXSSAuditor, enableSpatialNavigation, javascriptCanOpenWindows,
- javaScriptCanAccessClipboard, enableOfflineWebAppCache,
+ enableXSSAuditor, enableSpatialNavigation, javascriptCanOpenWindows, enableOfflineWebAppCache,
enableUniversalAccessFromFileURI, enableFileAccessFromFileURI,
enableDOMPaste, tabKeyCyclesThroughElements,
enableSiteSpecificQuirks, usePageCache, enableJavaApplet;
@@ -2677,7 +2676,6 @@ static void webkit_web_view_update_settings(WebKitWebView* webView)
"enable-xss-auditor", &enableXSSAuditor,
"enable-spatial-navigation", &enableSpatialNavigation,
"javascript-can-open-windows-automatically", &javascriptCanOpenWindows,
- "javascript-can-access-clipboard", &javaScriptCanAccessClipboard,
"enable-offline-web-application-cache", &enableOfflineWebAppCache,
"editing-behavior", &editingBehavior,
"enable-universal-access-from-file-uris", &enableUniversalAccessFromFileURI,
@@ -2713,7 +2711,6 @@ static void webkit_web_view_update_settings(WebKitWebView* webView)
settings->setXSSAuditorEnabled(enableXSSAuditor);
settings->setSpatialNavigationEnabled(enableSpatialNavigation);
settings->setJavaScriptCanOpenWindowsAutomatically(javascriptCanOpenWindows);
- settings->setJavaScriptCanAccessClipboard(javaScriptCanAccessClipboard);
settings->setOfflineWebApplicationCacheEnabled(enableOfflineWebAppCache);
settings->setEditingBehavior(core(editingBehavior));
settings->setAllowUniversalAccessFromFileURLs(enableUniversalAccessFromFileURI);
@@ -2811,8 +2808,6 @@ static void webkit_web_view_settings_notify(WebKitWebSettings* webSettings, GPar
settings->setSpatialNavigationEnabled(g_value_get_boolean(&value));
else if (name == g_intern_string("javascript-can-open-windows-automatically"))
settings->setJavaScriptCanOpenWindowsAutomatically(g_value_get_boolean(&value));
- else if (name == g_intern_string("javascript-can-access-clipboard"))
- settings->setJavaScriptCanAccessClipboard(g_value_get_boolean(&value));
else if (name == g_intern_string("enable-offline-web-application-cache"))
settings->setOfflineWebApplicationCacheEnabled(g_value_get_boolean(&value));
else if (name == g_intern_string("editing-behavior"))
diff --git a/WebKitTools/DumpRenderTree/LayoutTestController.cpp b/WebKitTools/DumpRenderTree/LayoutTestController.cpp
index 9287f45..a9ebe81 100644
--- a/WebKitTools/DumpRenderTree/LayoutTestController.cpp
+++ b/WebKitTools/DumpRenderTree/LayoutTestController.cpp
@@ -902,18 +902,6 @@ static JSValueRef setPrivateBrowsingEnabledCallback(JSContextRef context, JSObje
return JSValueMakeUndefined(context);
}
-static JSValueRef setJavaScriptCanAccessClipboardCallback(JSContextRef context, JSObjectRef function, JSObjectRef thisObject, size_t argumentCount, const JSValueRef arguments[], JSValueRef* exception)
-{
- // Has mac & windows implementation
- if (argumentCount < 1)
- return JSValueMakeUndefined(context);
-
- LayoutTestController* controller = static_cast<LayoutTestController*>(JSObjectGetPrivate(thisObject));
- controller->setJavaScriptCanAccessClipboard(JSValueToBoolean(context, arguments[0]));
-
- return JSValueMakeUndefined(context);
-}
-
static JSValueRef setXSSAuditorEnabledCallback(JSContextRef context, JSObjectRef function, JSObjectRef thisObject, size_t argumentCount, const JSValueRef arguments[], JSValueRef* exception)
{
// Has mac & windows implementation
@@ -1498,7 +1486,6 @@ JSStaticFunction* LayoutTestController::staticFunctions()
{ "setWillSendRequestReturnsNull", setWillSendRequestReturnsNullCallback, kJSPropertyAttributeReadOnly | kJSPropertyAttributeDontDelete },
{ "setWillSendRequestReturnsNullOnRedirect", setWillSendRequestReturnsNullOnRedirectCallback, kJSPropertyAttributeReadOnly | kJSPropertyAttributeDontDelete },
{ "setWindowIsKey", setWindowIsKeyCallback, kJSPropertyAttributeReadOnly | kJSPropertyAttributeDontDelete },
- { "setJavaScriptCanAccessClipboard", setJavaScriptCanAccessClipboardCallback, kJSPropertyAttributeReadOnly | kJSPropertyAttributeDontDelete },
{ "showWebInspector", showWebInspectorCallback, kJSPropertyAttributeReadOnly | kJSPropertyAttributeDontDelete },
{ "testOnscreen", testOnscreenCallback, kJSPropertyAttributeReadOnly | kJSPropertyAttributeDontDelete },
{ "testRepaint", testRepaintCallback, kJSPropertyAttributeReadOnly | kJSPropertyAttributeDontDelete },
diff --git a/WebKitTools/DumpRenderTree/LayoutTestController.h b/WebKitTools/DumpRenderTree/LayoutTestController.h
index cf84eb1..72e10d2 100644
--- a/WebKitTools/DumpRenderTree/LayoutTestController.h
+++ b/WebKitTools/DumpRenderTree/LayoutTestController.h
@@ -79,7 +79,6 @@ public:
void setDomainRelaxationForbiddenForURLScheme(bool forbidden, JSStringRef scheme);
void setIconDatabaseEnabled(bool iconDatabaseEnabled);
void setJavaScriptProfilingEnabled(bool profilingEnabled);
- void setJavaScriptCanAccessClipboard(bool flag);
void setMainFrameIsFirstResponder(bool flag);
void setMockGeolocationError(int code, JSStringRef message);
void setMockGeolocationPosition(double latitude, double longitude, double accuracy);
diff --git a/WebKitTools/DumpRenderTree/gtk/DumpRenderTree.cpp b/WebKitTools/DumpRenderTree/gtk/DumpRenderTree.cpp
index 6141b21..dbb1344 100644
--- a/WebKitTools/DumpRenderTree/gtk/DumpRenderTree.cpp
+++ b/WebKitTools/DumpRenderTree/gtk/DumpRenderTree.cpp
@@ -320,7 +320,6 @@ static void resetDefaultsToConsistentValues()
"enable-html5-local-storage", TRUE,
"enable-xss-auditor", FALSE,
"enable-spatial-navigation", FALSE,
- "javascript-can-access-clipboard", TRUE,
"javascript-can-open-windows-automatically", TRUE,
"enable-offline-web-application-cache", TRUE,
"enable-universal-access-from-file-uris", TRUE,
diff --git a/WebKitTools/DumpRenderTree/gtk/LayoutTestControllerGtk.cpp b/WebKitTools/DumpRenderTree/gtk/LayoutTestControllerGtk.cpp
index 6b3a46c..ff2ca58 100644
--- a/WebKitTools/DumpRenderTree/gtk/LayoutTestControllerGtk.cpp
+++ b/WebKitTools/DumpRenderTree/gtk/LayoutTestControllerGtk.cpp
@@ -337,15 +337,6 @@ void LayoutTestController::setPrivateBrowsingEnabled(bool flag)
g_object_set(G_OBJECT(settings), "enable-private-browsing", flag, NULL);
}
-void LayoutTestController::setJavaScriptCanAccessClipboard(bool flag)
-{
- WebKitWebView* view = webkit_web_frame_get_web_view(mainFrame);
- ASSERT(view);
-
- WebKitWebSettings* settings = webkit_web_view_get_settings(view);
- g_object_set(G_OBJECT(settings), "javascript-can-access-clipboard", flag, NULL);
-}
-
void LayoutTestController::setXSSAuditorEnabled(bool flag)
{
WebKitWebView* view = webkit_web_frame_get_web_view(mainFrame);
diff --git a/debian/patches/cve-2010-1386.patch b/debian/patches/cve-2010-1386.patch
deleted file mode 100644
index 9edeb27..0000000
--- a/debian/patches/cve-2010-1386.patch
+++ /dev/null
@@ -1,118 +0,0 @@
-description: fix cve-2010-1386
-author: Michael Gilbert <michael.s.gilbert at gmail.com>
-origin: http://trac.webkit.org/changeset/56188
-Index: webkit-1.2.1/WebCore/page/Geolocation.cpp
-===================================================================
---- webkit-1.2.1.orig/WebCore/page/Geolocation.cpp 2010-06-28 17:07:35.000000000 -0400
-+++ webkit-1.2.1/WebCore/page/Geolocation.cpp 2010-06-28 17:11:07.000000000 -0400
-@@ -29,7 +29,6 @@
- #include "Geolocation.h"
-
- #include "Chrome.h"
--#include "Document.h"
- #include "Frame.h"
- #include "Page.h"
- #include <wtf/CurrentTime.h>
-@@ -232,6 +231,8 @@
-
- Geoposition* Geolocation::lastPosition()
- {
-+ ASSERT(isAllowed());
-+
- #if ENABLE(CLIENT_BASED_GEOLOCATION)
- if (!m_frame)
- return 0;
-@@ -379,22 +380,6 @@
- stopUpdating();
- }
-
--void Geolocation::suspend()
--{
--#if !ENABLE(CLIENT_BASED_GEOLOCATION)
-- if (hasListeners())
-- m_service->suspend();
--#endif
--}
--
--void Geolocation::resume()
--{
--#if !ENABLE(CLIENT_BASED_GEOLOCATION)
-- if (hasListeners())
-- m_service->resume();
--#endif
--}
--
- void Geolocation::setIsAllowed(bool allowed)
- {
- // This may be due to either a new position from the service, or a cached
-Index: webkit-1.2.1/WebCore/page/Geolocation.h
-===================================================================
---- webkit-1.2.1.orig/WebCore/page/Geolocation.h 2010-06-28 17:07:35.000000000 -0400
-+++ webkit-1.2.1/WebCore/page/Geolocation.h 2010-06-28 17:11:31.000000000 -0400
-@@ -35,13 +35,6 @@
- #include "PositionErrorCallback.h"
- #include "PositionOptions.h"
- #include "Timer.h"
--#include <wtf/HashMap.h>
--#include <wtf/HashSet.h>
--#include <wtf/OwnPtr.h>
--#include <wtf/PassRefPtr.h>
--#include <wtf/RefCounted.h>
--#include <wtf/RefPtr.h>
--#include <wtf/Vector.h>
-
- namespace WebCore {
-
-@@ -60,26 +53,15 @@
- public:
- static PassRefPtr<Geolocation> create(Frame* frame) { return adoptRef(new Geolocation(frame)); }
-
-- virtual ~Geolocation();
-+ ~Geolocation();
-
- void disconnectFrame();
-
-- Geoposition* lastPosition();
--
- void getCurrentPosition(PassRefPtr<PositionCallback>, PassRefPtr<PositionErrorCallback>, PassRefPtr<PositionOptions>);
- int watchPosition(PassRefPtr<PositionCallback>, PassRefPtr<PositionErrorCallback>, PassRefPtr<PositionOptions>);
- void clearWatch(int watchId);
-
-- void suspend();
-- void resume();
--
- void setIsAllowed(bool);
-- bool isAllowed() const { return m_allowGeolocation == Yes; }
-- bool isDenied() const { return m_allowGeolocation == No; }
--
-- void setShouldClearCache(bool shouldClearCache) { m_shouldClearCache = shouldClearCache; }
-- bool shouldClearCache() const { return m_shouldClearCache; }
-- Frame* frame() const { return m_frame; }
-
- #if ENABLE(CLIENT_BASED_GEOLOCATION)
- void setPosition(GeolocationPosition*);
-@@ -89,6 +71,11 @@
- #endif
-
- private:
-+ Geoposition* lastPosition();
-+
-+ bool isAllowed() const { return m_allowGeolocation == Yes; }
-+ bool isDenied() const { return m_allowGeolocation == No; }
-+
- Geolocation(Frame*);
-
- class GeoNotifier : public RefCounted<GeoNotifier> {
-Index: webkit-1.2.1/WebCore/page/Geolocation.idl
-===================================================================
---- webkit-1.2.1.orig/WebCore/page/Geolocation.idl 2010-06-28 17:11:05.000000000 -0400
-+++ webkit-1.2.1/WebCore/page/Geolocation.idl 2010-06-28 17:11:07.000000000 -0400
-@@ -26,8 +26,6 @@
- module core {
-
- interface [OmitConstructor] Geolocation {
-- readonly attribute Geoposition lastPosition;
--
- [Custom] void getCurrentPosition(in PositionCallback successCallback, in PositionErrorCallback errorCallback, in PositionOptions options);
-
- [Custom] long watchPosition(in PositionCallback successCallback, in PositionErrorCallback errorCallback, in PositionOptions options);
diff --git a/debian/patches/cve-2010-1392.patch b/debian/patches/cve-2010-1392.patch
deleted file mode 100644
index 9f2b94d..0000000
--- a/debian/patches/cve-2010-1392.patch
+++ /dev/null
@@ -1,16 +0,0 @@
-description: fix cve-2010-1392
-author: Michael Gilbert <michael.s.gilbert at gmail.com>
-origin: http://trac.webkit.org/changeset/56297
-Index: webkit-1.2.1/WebCore/rendering/RenderBlock.cpp
-===================================================================
---- webkit-1.2.1.orig/WebCore/rendering/RenderBlock.cpp 2010-05-13 16:31:30.000000000 -0400
-+++ webkit-1.2.1/WebCore/rendering/RenderBlock.cpp 2010-06-28 20:56:40.000000000 -0400
-@@ -4639,7 +4639,7 @@
-
- // Drill into inlines looking for our first text child.
- RenderObject* currChild = firstLetterBlock->firstChild();
-- while (currChild && currChild->needsLayout() && (!currChild->isReplaced() || currChild->isFloatingOrPositioned()) && !currChild->isText()) {
-+ while (currChild && currChild->needsLayout() && ((!currChild->isReplaced() && !currChild->isRenderButton() && !currChild->isMenuList()) || currChild->isFloatingOrPositioned()) && !currChild->isText()) {
- if (currChild->isFloatingOrPositioned()) {
- if (currChild->style()->styleType() == FIRST_LETTER)
- break;
diff --git a/debian/patches/cve-2010-1405.patch b/debian/patches/cve-2010-1405.patch
deleted file mode 100644
index 9d8ffe4..0000000
--- a/debian/patches/cve-2010-1405.patch
+++ /dev/null
@@ -1,78 +0,0 @@
-description: fix cve-2010-1405
-author: Michael Gilbert <michael.s.gilbert at gmail.com>
-origin: http://trac.webkit.org/changeset/56186
-Index: webkit-1.2.1/WebCore/rendering/RenderBlock.cpp
-===================================================================
---- webkit-1.2.1.orig/WebCore/rendering/RenderBlock.cpp 2010-06-28 20:56:40.000000000 -0400
-+++ webkit-1.2.1/WebCore/rendering/RenderBlock.cpp 2010-06-28 21:04:08.000000000 -0400
-@@ -2358,8 +2358,14 @@
- DeprecatedPtrListIterator<FloatingObject> it(*m_floatingObjects);
- while (it.current()) {
- if (it.current()->m_renderer == o) {
-- if (childrenInline())
-- markLinesDirtyInVerticalRange(0, it.current()->m_bottom);
-+ if (childrenInline()) {
-+ int bottom = it.current()->m_bottom;
-+ // Special-case zero- and less-than-zero-height floats: those don't touch
-+ // the line that they're on, but it still needs to be dirtied. This is
-+ // accomplished by pretending they have a height of 1.
-+ bottom = max(bottom, it.current()->m_top + 1);
-+ markLinesDirtyInVerticalRange(0, bottom);
-+ }
- m_floatingObjects->removeRef(it.current());
- }
- ++it;
-@@ -3010,8 +3016,8 @@
- addIntrudingFloats(block, xoffset, offset);
-
- if (childrenInline()) {
-- int changeTop = INT_MAX;
-- int changeBottom = INT_MIN;
-+ int changeTop = numeric_limits<int>::max();
-+ int changeBottom = numeric_limits<int>::min();
- if (m_floatingObjects) {
- for (FloatingObject* f = m_floatingObjects->first(); f; f = m_floatingObjects->next()) {
- FloatingObject* oldFloatingObject = floatMap.get(f->m_renderer);
-Index: webkit-1.2.1/WebCore/rendering/RenderBlockLineLayout.cpp
-===================================================================
---- webkit-1.2.1.orig/WebCore/rendering/RenderBlockLineLayout.cpp 2010-05-13 16:31:30.000000000 -0400
-+++ webkit-1.2.1/WebCore/rendering/RenderBlockLineLayout.cpp 2010-06-28 21:04:08.000000000 -0400
-@@ -646,7 +646,6 @@
- bool endLineMatched = false;
- bool checkForEndLineMatch = endLine;
- bool checkForFloatsFromLastLine = false;
-- int lastHeight = height();
-
- bool isLineEmpty = true;
-
-@@ -771,8 +770,7 @@
- } else
- m_floatingObjects->first();
- for (FloatingObject* f = m_floatingObjects->current(); f; f = m_floatingObjects->next()) {
-- if (f->m_bottom > lastHeight)
-- lastRootBox()->floats().append(f->m_renderer);
-+ lastRootBox()->floats().append(f->m_renderer);
- ASSERT(f->m_renderer == floats[floatIndex].object);
- // If a float's geometry has changed, give up on syncing with clean lines.
- if (floats[floatIndex].rect != IntRect(f->m_left, f->m_top, f->m_width, f->m_bottom - f->m_top))
-@@ -782,7 +780,6 @@
- lastFloat = m_floatingObjects->last();
- }
-
-- lastHeight = height();
- lineMidpointState.reset();
- resolver.setPosition(end);
- }
-@@ -842,10 +839,8 @@
- m_floatingObjects->next();
- } else
- m_floatingObjects->first();
-- for (FloatingObject* f = m_floatingObjects->current(); f; f = m_floatingObjects->next()) {
-- if (f->m_bottom > lastHeight)
-- lastRootBox()->floats().append(f->m_renderer);
-- }
-+ for (FloatingObject* f = m_floatingObjects->current(); f; f = m_floatingObjects->next())
-+ lastRootBox()->floats().append(f->m_renderer);
- lastFloat = m_floatingObjects->last();
- }
- size_t floatCount = floats.size();
diff --git a/debian/patches/cve-2010-1407.patch b/debian/patches/cve-2010-1407.patch
deleted file mode 100644
index 8750109..0000000
--- a/debian/patches/cve-2010-1407.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-description: fix cve-2010-1407
-author: Michael Gilbert <michael.s.gilbert at gmail.com>
-origin: http://trac.webkit.org/changeset/56365
-Index: webkit-1.2.1/WebCore/loader/HistoryController.cpp
-===================================================================
---- webkit-1.2.1.orig/WebCore/loader/HistoryController.cpp 2010-05-13 16:31:30.000000000 -0400
-+++ webkit-1.2.1/WebCore/loader/HistoryController.cpp 2010-06-28 21:08:29.000000000 -0400
-@@ -656,15 +656,17 @@
-
- void HistoryController::replaceState(PassRefPtr<SerializedScriptValue> stateObject, const String& title, const String& urlString)
- {
-- Page* page = m_frame->page();
-- ASSERT(page);
-- HistoryItem* current = page->backForwardList()->currentItem();
-- ASSERT(current);
-+ // FIXME: We should always have m_currentItem here!!
-+ // https://bugs.webkit.org/show_bug.cgi?id=36464
-+ if (!m_currentItem) {
-+ ASSERT_NOT_REACHED();
-+ return;
-+ }
-
- if (!urlString.isEmpty())
-- current->setURLString(urlString);
-- current->setTitle(title);
-- current->setStateObject(stateObject);
-+ m_currentItem->setURLString(urlString);
-+ m_currentItem->setTitle(title);
-+ m_currentItem->setStateObject(stateObject);
- }
-
- } // namespace WebCore
diff --git a/debian/patches/cve-2010-1416.patch b/debian/patches/cve-2010-1416.patch
deleted file mode 100644
index 8736cfd..0000000
--- a/debian/patches/cve-2010-1416.patch
+++ /dev/null
@@ -1,16 +0,0 @@
-description: fix cve-2010-1416
-author: Michael Gilbert <michael.s.gilbert at gmail.com>
-origin: http://trac.webkit.org/changeset/56810
-Index: webkit-1.2.1/WebCore/html/canvas/CanvasRenderingContext2D.cpp
-===================================================================
---- webkit-1.2.1.orig/WebCore/html/canvas/CanvasRenderingContext2D.cpp 2010-05-13 16:31:30.000000000 -0400
-+++ webkit-1.2.1/WebCore/html/canvas/CanvasRenderingContext2D.cpp 2010-06-28 21:12:50.000000000 -0400
-@@ -1211,7 +1211,7 @@
- if (!cachedImage || !image->cachedImage()->image())
- return CanvasPattern::create(Image::nullImage(), repeatX, repeatY, true);
-
-- bool originClean = !canvas()->document()->securityOrigin()->taintsCanvas(KURL(KURL(), cachedImage->url()));
-+ bool originClean = !canvas()->document()->securityOrigin()->taintsCanvas(KURL(KURL(), cachedImage->url())) && cachedImage->image()->hasSingleSecurityOrigin();
- return CanvasPattern::create(cachedImage->image(), repeatX, repeatY, originClean);
- }
-
diff --git a/debian/patches/cve-2010-1417+1665.patch b/debian/patches/cve-2010-1417+1665.patch
deleted file mode 100644
index 29f5d90..0000000
--- a/debian/patches/cve-2010-1417+1665.patch
+++ /dev/null
@@ -1,16 +0,0 @@
-description: fix cve-2010-1417 (and cve-2010-1665 which is a duplicate)
-author: Michael Gilbert <michael.s.gilbert at gmail.com>
-origin: http://trac.webkit.org/changeset/58201
-Index: webkit-1.2.1/WebCore/rendering/RenderInline.cpp
-===================================================================
---- webkit-1.2.1.orig/WebCore/rendering/RenderInline.cpp 2010-05-13 16:31:30.000000000 -0400
-+++ webkit-1.2.1/WebCore/rendering/RenderInline.cpp 2010-06-28 21:16:28.000000000 -0400
-@@ -274,7 +274,7 @@
- // has to move into the inline continuation. Call updateBeforeAfterContent to ensure that the inline's :after
- // content gets properly destroyed.
- if (document()->usesBeforeAfterRules())
-- inlineCurr->children()->updateBeforeAfterContent(this, AFTER);
-+ inlineCurr->children()->updateBeforeAfterContent(inlineCurr, AFTER);
-
- // Now we need to take all of the children starting from the first child
- // *after* currChild and append them all to the clone.
diff --git a/debian/patches/cve-2010-1418-part1.patch b/debian/patches/cve-2010-1418-part1.patch
deleted file mode 100644
index 1080836..0000000
--- a/debian/patches/cve-2010-1418-part1.patch
+++ /dev/null
@@ -1,69 +0,0 @@
-description: fix cve-2010-1418 part 1
-author: Michael Gilbert <michael.s.gilbert at gmail.com>
-origin: http://trac.webkit.org/changeset/56651
-Index: webkit-1.2.1/WebCore/dom/Attr.idl
-===================================================================
---- webkit-1.2.1.orig/WebCore/dom/Attr.idl 2010-05-13 16:31:30.000000000 -0400
-+++ webkit-1.2.1/WebCore/dom/Attr.idl 2010-06-28 21:26:29.000000000 -0400
-@@ -28,10 +28,17 @@
- // DOM Level 1
-
- readonly attribute [ConvertNullStringTo=Null] DOMString name;
-+
- readonly attribute boolean specified;
-+
- attribute [ConvertNullStringTo=Null, ConvertNullToNullString, CustomSetter] DOMString value
- setter raises(DOMException);
-
-+#if defined(LANGUAGE_JAVASCRIPT) && LANGUAGE_JAVASCRIPT // Used for JavaScript iFrame src check.
-+ attribute [ConvertNullStringTo=Null, ConvertNullToNullString, Custom] DOMString nodeValue
-+ setter raises(DOMException);
-+#endif
-+
- // DOM Level 2
-
- readonly attribute Element ownerElement;
-@@ -40,6 +47,11 @@
-
- readonly attribute boolean isId;
-
-+#if defined(LANGUAGE_JAVASCRIPT) && LANGUAGE_JAVASCRIPT // Used for JavaScript iFrame src check.
-+ attribute [ConvertNullStringTo=Null, ConvertNullToNullString, Custom] DOMString textContent
-+ setter raises(DOMException);
-+#endif
-+
- // extensions
- readonly attribute CSSStyleDeclaration style;
- };
-Index: webkit-1.2.1/WebCore/bindings/js/JSAttrCustom.cpp
-===================================================================
---- webkit-1.2.1.orig/WebCore/bindings/js/JSAttrCustom.cpp 2010-05-13 16:31:30.000000000 -0400
-+++ webkit-1.2.1/WebCore/bindings/js/JSAttrCustom.cpp 2010-06-28 21:26:29.000000000 -0400
-@@ -59,6 +59,27 @@
- setDOMException(exec, ec);
- }
-
-+JSC::JSValue JSAttr::nodeValue(JSC::ExecState* exec) const
-+{
-+ Attr* imp = this->impl();
-+ return jsStringOrNull(exec, imp->value());
-+}
-+
-+void JSAttr::setNodeValue(JSC::ExecState* exec, JSC::JSValue value)
-+{
-+ setValue(exec, value);
-+}
-+
-+JSC::JSValue JSAttr::textContent(JSC::ExecState* exec) const
-+{
-+ return nodeValue(exec);
-+}
-+
-+void JSAttr::setTextContent(JSC::ExecState* exec, JSC::JSValue value)
-+{
-+ setValue(exec, value);
-+}
-+
- void JSAttr::markChildren(MarkStack& markStack)
- {
- Base::markChildren(markStack);
diff --git a/debian/patches/cve-2010-1418-part2.patch b/debian/patches/cve-2010-1418-part2.patch
deleted file mode 100644
index 73db6c8..0000000
--- a/debian/patches/cve-2010-1418-part2.patch
+++ /dev/null
@@ -1,368 +0,0 @@
-description: fix cve-2010-1418 part 2
-author: Michael Gilbert <michael.s.gilbert at gmail.com>
-origin: http://trac.webkit.org/changeset/57627
-Index: webkit-1.2.1/WebCore/dom/NamedNodeMap.idl
-===================================================================
---- webkit-1.2.1.orig/WebCore/dom/NamedNodeMap.idl 2010-05-13 16:31:30.000000000 -0400
-+++ webkit-1.2.1/WebCore/dom/NamedNodeMap.idl 2010-06-28 21:26:40.000000000 -0400
-@@ -28,7 +28,7 @@
-
- Node getNamedItem(in DOMString name);
-
-- Node setNamedItem(in Node node)
-+ [Custom] Node setNamedItem(in Node node)
- raises(DOMException);
-
- Node removeNamedItem(in DOMString name)
-@@ -46,7 +46,7 @@
- // FIXME: the implementation does take an exceptioncode parameter.
- /*raises(DOMException)*/;
-
-- Node setNamedItemNS(in Node node)
-+ [Custom] Node setNamedItemNS(in Node node)
- raises(DOMException);
-
- [OldStyleObjC] Node removeNamedItemNS(in [ConvertNullToNullString] DOMString namespaceURI,
-Index: webkit-1.2.1/WebCore/dom/Attr.idl
-===================================================================
---- webkit-1.2.1.orig/WebCore/dom/Attr.idl 2010-06-28 21:26:29.000000000 -0400
-+++ webkit-1.2.1/WebCore/dom/Attr.idl 2010-06-28 21:26:40.000000000 -0400
-@@ -34,11 +34,6 @@
- attribute [ConvertNullStringTo=Null, ConvertNullToNullString, CustomSetter] DOMString value
- setter raises(DOMException);
-
--#if defined(LANGUAGE_JAVASCRIPT) && LANGUAGE_JAVASCRIPT // Used for JavaScript iFrame src check.
-- attribute [ConvertNullStringTo=Null, ConvertNullToNullString, Custom] DOMString nodeValue
-- setter raises(DOMException);
--#endif
--
- // DOM Level 2
-
- readonly attribute Element ownerElement;
-@@ -47,11 +42,6 @@
-
- readonly attribute boolean isId;
-
--#if defined(LANGUAGE_JAVASCRIPT) && LANGUAGE_JAVASCRIPT // Used for JavaScript iFrame src check.
-- attribute [ConvertNullStringTo=Null, ConvertNullToNullString, Custom] DOMString textContent
-- setter raises(DOMException);
--#endif
--
- // extensions
- readonly attribute CSSStyleDeclaration style;
- };
-Index: webkit-1.2.1/WebCore/dom/Node.idl
-===================================================================
---- webkit-1.2.1.orig/WebCore/dom/Node.idl 2010-05-13 16:31:30.000000000 -0400
-+++ webkit-1.2.1/WebCore/dom/Node.idl 2010-06-28 21:26:40.000000000 -0400
-@@ -51,7 +51,7 @@
- readonly attribute [ConvertNullStringTo=Null] DOMString nodeName;
-
- // FIXME: the spec says this can also raise on retrieval.
-- attribute [ConvertNullStringTo=Null, ConvertNullToNullString] DOMString nodeValue
-+ attribute [CustomSetter, ConvertNullStringTo=Null, ConvertNullToNullString] DOMString nodeValue
- setter raises(DOMException);
-
- readonly attribute unsigned short nodeType;
-@@ -96,7 +96,7 @@
- readonly attribute [ConvertNullStringTo=Null] DOMString baseURI;
-
- // FIXME: the spec says this can also raise on retrieval.
-- attribute [ConvertNullStringTo=Null, ConvertNullToNullString] DOMString textContent
-+ attribute [CustomSetter, ConvertNullStringTo=Null, ConvertNullToNullString] DOMString textContent
- setter raises(DOMException);
-
- boolean isSameNode(in Node other);
-Index: webkit-1.2.1/WebCore/bindings/js/JSElementCustom.cpp
-===================================================================
---- webkit-1.2.1.orig/WebCore/bindings/js/JSElementCustom.cpp 2010-05-13 16:31:30.000000000 -0400
-+++ webkit-1.2.1/WebCore/bindings/js/JSElementCustom.cpp 2010-06-28 21:26:40.000000000 -0400
-@@ -36,6 +36,7 @@
- #include "HTMLFrameElementBase.h"
- #include "HTMLNames.h"
- #include "JSAttr.h"
-+#include "JSDOMBinding.h"
- #include "JSHTMLElementWrapperFactory.h"
- #include "JSNodeList.h"
- #include "NodeList.h"
-@@ -63,16 +64,6 @@
- markDOMObjectWrapper(markStack, globalData, static_cast<StyledElement*>(element)->inlineStyleDecl());
- }
-
--static inline bool allowSettingSrcToJavascriptURL(ExecState* exec, Element* element, const String& name, const String& value)
--{
-- if ((element->hasTagName(iframeTag) || element->hasTagName(frameTag)) && equalIgnoringCase(name, "src") && protocolIsJavaScript(deprecatedParseURL(value))) {
-- Document* contentDocument = static_cast<HTMLFrameElementBase*>(element)->contentDocument();
-- if (contentDocument && !checkNodeSecurity(exec, contentDocument))
-- return false;
-- }
-- return true;
--}
--
- JSValue JSElement::setAttribute(ExecState* exec, const ArgList& args)
- {
- ExceptionCode ec = 0;
-Index: webkit-1.2.1/WebCore/bindings/js/JSDOMBinding.h
-===================================================================
---- webkit-1.2.1.orig/WebCore/bindings/js/JSDOMBinding.h 2010-05-13 16:31:30.000000000 -0400
-+++ webkit-1.2.1/WebCore/bindings/js/JSDOMBinding.h 2010-06-28 21:26:40.000000000 -0400
-@@ -301,6 +301,8 @@
- bool allowsAccessFromFrame(JSC::ExecState*, Frame*);
- bool allowsAccessFromFrame(JSC::ExecState*, Frame*, String& message);
- bool shouldAllowNavigation(JSC::ExecState*, Frame*);
-+ bool allowSettingSrcToJavascriptURL(JSC::ExecState*, Element*, const String&, const String&);
-+
- void printErrorMessageForFrame(Frame*, const String& message);
- JSC::JSValue objectToStringFunctionGetter(JSC::ExecState*, JSC::JSValue, const JSC::Identifier& propertyName);
-
-Index: webkit-1.2.1/WebCore/bindings/js/JSAttrCustom.cpp
-===================================================================
---- webkit-1.2.1.orig/WebCore/bindings/js/JSAttrCustom.cpp 2010-06-28 21:26:29.000000000 -0400
-+++ webkit-1.2.1/WebCore/bindings/js/JSAttrCustom.cpp 2010-06-28 21:26:40.000000000 -0400
-@@ -33,6 +33,7 @@
- #include "Document.h"
- #include "HTMLFrameElementBase.h"
- #include "HTMLNames.h"
-+#include "JSDOMBinding.h"
-
- using namespace JSC;
-
-@@ -46,40 +47,14 @@
- String attrValue = valueToStringWithNullCheck(exec, value);
-
- Element* ownerElement = imp->ownerElement();
-- if (ownerElement && (ownerElement->hasTagName(iframeTag) || ownerElement->hasTagName(frameTag))) {
-- if (equalIgnoringCase(imp->name(), "src") && protocolIsJavaScript(deprecatedParseURL(attrValue))) {
-- Document* contentDocument = static_cast<HTMLFrameElementBase*>(ownerElement)->contentDocument();
-- if (contentDocument && !checkNodeSecurity(exec, contentDocument))
-- return;
-- }
-- }
-+ if (ownerElement && !allowSettingSrcToJavascriptURL(exec, ownerElement, imp->name(), attrValue))
-+ return;
-
- ExceptionCode ec = 0;
- imp->setValue(attrValue, ec);
- setDOMException(exec, ec);
- }
-
--JSC::JSValue JSAttr::nodeValue(JSC::ExecState* exec) const
--{
-- Attr* imp = this->impl();
-- return jsStringOrNull(exec, imp->value());
--}
--
--void JSAttr::setNodeValue(JSC::ExecState* exec, JSC::JSValue value)
--{
-- setValue(exec, value);
--}
--
--JSC::JSValue JSAttr::textContent(JSC::ExecState* exec) const
--{
-- return nodeValue(exec);
--}
--
--void JSAttr::setTextContent(JSC::ExecState* exec, JSC::JSValue value)
--{
-- setValue(exec, value);
--}
--
- void JSAttr::markChildren(MarkStack& markStack)
- {
- Base::markChildren(markStack);
-Index: webkit-1.2.1/WebCore/bindings/js/JSDOMBinding.cpp
-===================================================================
---- webkit-1.2.1.orig/WebCore/bindings/js/JSDOMBinding.cpp 2010-05-13 16:31:30.000000000 -0400
-+++ webkit-1.2.1/WebCore/bindings/js/JSDOMBinding.cpp 2010-06-28 21:26:40.000000000 -0400
-@@ -24,6 +24,7 @@
- #include "debugger/DebuggerCallFrame.h"
-
- #include "ActiveDOMObject.h"
-+#include "CSSHelper.h"
- #include "DOMCoreException.h"
- #include "DOMObjectHashTableMap.h"
- #include "Document.h"
-@@ -33,6 +34,7 @@
- #include "Frame.h"
- #include "HTMLAudioElement.h"
- #include "HTMLCanvasElement.h"
-+#include "HTMLFrameElementBase.h"
- #include "HTMLImageElement.h"
- #include "HTMLNames.h"
- #include "HTMLScriptElement.h"
-@@ -630,6 +632,16 @@
- return lexicalFrame && lexicalFrame->loader()->shouldAllowNavigation(frame);
- }
-
-+bool allowSettingSrcToJavascriptURL(ExecState* exec, Element* element, const String& name, const String& value)
-+{
-+ if ((element->hasTagName(iframeTag) || element->hasTagName(frameTag)) && equalIgnoringCase(name, "src") && protocolIsJavaScript(deprecatedParseURL(value))) {
-+ Document* contentDocument = static_cast<HTMLFrameElementBase*>(element)->contentDocument();
-+ if (contentDocument && !checkNodeSecurity(exec, contentDocument))
-+ return false;
-+ }
-+ return true;
-+}
-+
- void printErrorMessageForFrame(Frame* frame, const String& message)
- {
- if (!frame)
-Index: webkit-1.2.1/WebCore/bindings/js/JSNodeCustom.cpp
-===================================================================
---- webkit-1.2.1.orig/WebCore/bindings/js/JSNodeCustom.cpp 2010-05-13 16:31:30.000000000 -0400
-+++ webkit-1.2.1/WebCore/bindings/js/JSNodeCustom.cpp 2010-06-28 21:26:40.000000000 -0400
-@@ -38,6 +38,7 @@
- #include "JSAttr.h"
- #include "JSCDATASection.h"
- #include "JSComment.h"
-+#include "JSDOMBinding.h"
- #include "JSDocument.h"
- #include "JSDocumentFragment.h"
- #include "JSDocumentType.h"
-@@ -66,12 +67,53 @@
-
- namespace WebCore {
-
--typedef int ExpectionCode;
-+static inline bool isAttrFrameSrc(Element *element, const String& name)
-+{
-+ return element && (element->hasTagName(HTMLNames::iframeTag) || element->hasTagName(HTMLNames::frameTag)) && equalIgnoringCase(name, "src");
-+}
-+
-+void JSNode::setNodeValue(JSC::ExecState* exec, JSC::JSValue value)
-+{
-+ Node* imp = static_cast<Node*>(impl());
-+ String nodeValue = valueToStringWithNullCheck(exec, value);
-+
-+ if (imp->nodeType() == Node::ATTRIBUTE_NODE) {
-+ Element* ownerElement = static_cast<Attr*>(impl())->ownerElement();
-+ if (ownerElement && !allowSettingSrcToJavascriptURL(exec, ownerElement, imp->nodeName(), nodeValue))
-+ return;
-+ }
-+
-+ ExceptionCode ec = 0;
-+ imp->setNodeValue(nodeValue, ec);
-+ setDOMException(exec, ec);
-+}
-+
-+void JSNode::setTextContent(JSC::ExecState* exec, JSC::JSValue value)
-+{
-+ Node* imp = static_cast<Node*>(impl());
-+ String nodeValue = valueToStringWithNullCheck(exec, value);
-+
-+ if (imp->nodeType() == Node::ATTRIBUTE_NODE) {
-+ Element* ownerElement = static_cast<Attr*>(impl())->ownerElement();
-+ if (ownerElement && !allowSettingSrcToJavascriptURL(exec, ownerElement, imp->nodeName(), nodeValue))
-+ return;
-+ }
-+
-+ ExceptionCode ec = 0;
-+ imp->setTextContent(nodeValue, ec);
-+ setDOMException(exec, ec);
-+}
-
- JSValue JSNode::insertBefore(ExecState* exec, const ArgList& args)
- {
-+ Node* imp = static_cast<Node*>(impl());
-+ if (imp->nodeType() == Node::ATTRIBUTE_NODE && isAttrFrameSrc(static_cast<Attr*>(impl())->ownerElement(), imp->nodeName())) {
-+ setDOMException(exec, NOT_SUPPORTED_ERR);
-+ return jsNull();
-+ }
-+
- ExceptionCode ec = 0;
-- bool ok = impl()->insertBefore(toNode(args.at(0)), toNode(args.at(1)), ec, true);
-+ bool ok = imp->insertBefore(toNode(args.at(0)), toNode(args.at(1)), ec, true);
- setDOMException(exec, ec);
- if (ok)
- return args.at(0);
-@@ -80,8 +122,14 @@
-
- JSValue JSNode::replaceChild(ExecState* exec, const ArgList& args)
- {
-+ Node* imp = static_cast<Node*>(impl());
-+ if (imp->nodeType() == Node::ATTRIBUTE_NODE && isAttrFrameSrc(static_cast<Attr*>(impl())->ownerElement(), imp->nodeName())) {
-+ setDOMException(exec, NOT_SUPPORTED_ERR);
-+ return jsNull();
-+ }
-+
- ExceptionCode ec = 0;
-- bool ok = impl()->replaceChild(toNode(args.at(0)), toNode(args.at(1)), ec, true);
-+ bool ok = imp->replaceChild(toNode(args.at(0)), toNode(args.at(1)), ec, true);
- setDOMException(exec, ec);
- if (ok)
- return args.at(1);
-@@ -90,8 +138,14 @@
-
- JSValue JSNode::removeChild(ExecState* exec, const ArgList& args)
- {
-+ Node* imp = static_cast<Node*>(impl());
-+ if (imp->nodeType() == Node::ATTRIBUTE_NODE && isAttrFrameSrc(static_cast<Attr*>(impl())->ownerElement(), imp->nodeName())) {
-+ setDOMException(exec, NOT_SUPPORTED_ERR);
-+ return jsNull();
-+ }
-+
- ExceptionCode ec = 0;
-- bool ok = impl()->removeChild(toNode(args.at(0)), ec);
-+ bool ok = imp->removeChild(toNode(args.at(0)), ec);
- setDOMException(exec, ec);
- if (ok)
- return args.at(0);
-@@ -100,8 +154,14 @@
-
- JSValue JSNode::appendChild(ExecState* exec, const ArgList& args)
- {
-+ Node* imp = static_cast<Node*>(impl());
-+ if (imp->nodeType() == Node::ATTRIBUTE_NODE && isAttrFrameSrc(static_cast<Attr*>(impl())->ownerElement(), imp->nodeName())) {
-+ setDOMException(exec, NOT_SUPPORTED_ERR);
-+ return jsNull();
-+ }
-+
- ExceptionCode ec = 0;
-- bool ok = impl()->appendChild(toNode(args.at(0)), ec, true);
-+ bool ok = imp->appendChild(toNode(args.at(0)), ec, true);
- setDOMException(exec, ec);
- if (ok)
- return args.at(0);
-Index: webkit-1.2.1/WebCore/bindings/js/JSNamedNodeMapCustom.cpp
-===================================================================
---- webkit-1.2.1.orig/WebCore/bindings/js/JSNamedNodeMapCustom.cpp 2010-05-13 16:31:30.000000000 -0400
-+++ webkit-1.2.1/WebCore/bindings/js/JSNamedNodeMapCustom.cpp 2010-06-28 21:26:40.000000000 -0400
-@@ -35,6 +35,38 @@
-
- namespace WebCore {
-
-+JSValue JSNamedNodeMap::setNamedItem(ExecState* exec, const ArgList& args)
-+{
-+ NamedNodeMap* imp = static_cast<NamedNodeMap*>(impl());
-+ ExceptionCode ec = 0;
-+ Node* newNode = toNode(args.at(0));
-+
-+ if (newNode && newNode->nodeType() == Node::ATTRIBUTE_NODE && imp->element()) {
-+ if (!allowSettingSrcToJavascriptURL(exec, imp->element(), newNode->nodeName(), newNode->nodeValue()))
-+ return jsNull();
-+ }
-+
-+ JSValue result = toJS(exec, globalObject(), WTF::getPtr(imp->setNamedItem(newNode, ec)));
-+ setDOMException(exec, ec);
-+ return result;
-+}
-+
-+JSValue JSNamedNodeMap::setNamedItemNS(ExecState* exec, const ArgList& args)
-+{
-+ NamedNodeMap* imp = static_cast<NamedNodeMap*>(impl());
-+ ExceptionCode ec = 0;
-+ Node* newNode = toNode(args.at(0));
-+
-+ if (newNode && newNode->nodeType() == Node::ATTRIBUTE_NODE && imp->element()) {
-+ if (!allowSettingSrcToJavascriptURL(exec, imp->element(), newNode->nodeName(), newNode->nodeValue()))
-+ return jsNull();
-+ }
-+
-+ JSValue result = toJS(exec, globalObject(), WTF::getPtr(imp->setNamedItemNS(newNode, ec)));
-+ setDOMException(exec, ec);
-+ return result;
-+}
-+
- bool JSNamedNodeMap::canGetItemsForName(ExecState*, NamedNodeMap* impl, const Identifier& propertyName)
- {
- return impl->getNamedItem(propertyName);
diff --git a/debian/patches/cve-2010-1418-part3.patch b/debian/patches/cve-2010-1418-part3.patch
deleted file mode 100644
index ed03d8f..0000000
--- a/debian/patches/cve-2010-1418-part3.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-description: fix cve-2010-1418 part 3
-author: Michael Gilbert <michael.s.gilbert at gmail.com>
-origin: http://trac.webkit.org/changeset/58844
-Index: webkit-1.2.1/WebCore/css/CSSHelper.cpp
-===================================================================
---- webkit-1.2.1.orig/WebCore/css/CSSHelper.cpp 2010-05-13 16:31:30.000000000 -0400
-+++ webkit-1.2.1/WebCore/css/CSSHelper.cpp 2010-06-28 21:27:00.000000000 -0400
-@@ -36,7 +36,7 @@
- int o = 0;
- int l = i->length();
-
-- while (o < l && (*i)[o] <= ' ') {
-+ while (0 < l && (*i)[o] <= ' ') {
- ++o;
- --l;
- }
-@@ -53,7 +53,7 @@
- l -= 5;
- }
-
-- while (o < l && (*i)[o] <= ' ') {
-+ while (0 < l && (*i)[o] <= ' ') {
- ++o;
- --l;
- }
-@@ -65,7 +65,7 @@
- l -= 2;
- }
-
-- while (o < l && (*i)[o] <= ' ') {
-+ while (0 < l && (*i)[o] <= ' ') {
- ++o;
- --l;
- }
diff --git a/debian/patches/cve-2010-1421.patch b/debian/patches/cve-2010-1421.patch
deleted file mode 100644
index 12017a6..0000000
--- a/debian/patches/cve-2010-1421.patch
+++ /dev/null
@@ -1,281 +0,0 @@
-description: fix cve-2010-1421
-author: Michael Gilbert <michael.s.gilbert at gmail.com>
-origin: http://trac.webkit.org/changeset/58703
-Index: webkit-1.2.1/WebKit/gtk/webkit/webkitwebsettings.cpp
-===================================================================
---- webkit-1.2.1.orig/WebKit/gtk/webkit/webkitwebsettings.cpp 2010-05-13 16:31:30.000000000 -0400
-+++ webkit-1.2.1/WebKit/gtk/webkit/webkitwebsettings.cpp 2010-06-28 21:36:35.000000000 -0400
-@@ -96,6 +96,7 @@
- gboolean enable_spatial_navigation;
- gchar* user_agent;
- gboolean javascript_can_open_windows_automatically;
-+ gboolean javascript_can_access_clipboard;
- gboolean enable_offline_web_application_cache;
- WebKitEditingBehavior editing_behavior;
- gboolean enable_universal_access_from_file_uris;
-@@ -145,6 +146,7 @@
- PROP_ENABLE_SPATIAL_NAVIGATION,
- PROP_USER_AGENT,
- PROP_JAVASCRIPT_CAN_OPEN_WINDOWS_AUTOMATICALLY,
-+ PROP_JAVASCRIPT_CAN_ACCESS_CLIPBOARD,
- PROP_ENABLE_OFFLINE_WEB_APPLICATION_CACHE,
- PROP_EDITING_BEHAVIOR,
- PROP_ENABLE_UNIVERSAL_ACCESS_FROM_FILE_URIS,
-@@ -623,6 +625,22 @@
- _("Whether JavaScript can open windows automatically"),
- FALSE,
- flags));
-+
-+ /**
-+ * WebKitWebSettings:javascript-can-access-clipboard
-+ *
-+ * Whether JavaScript can access Clipboard.
-+ *
-+ * Since: 1.3.0
-+ */
-+ g_object_class_install_property(gobject_class,
-+ PROP_JAVASCRIPT_CAN_ACCESS_CLIPBOARD,
-+ g_param_spec_boolean("javascript-can-access-clipboard",
-+ _("JavaScript can access Clipboard"),
-+ _("Whether JavaScript can access Clipboard"),
-+ FALSE,
-+ flags));
-+
- /**
- * WebKitWebSettings:enable-offline-web-application-cache
- *
-@@ -1023,6 +1041,9 @@
- case PROP_JAVASCRIPT_CAN_OPEN_WINDOWS_AUTOMATICALLY:
- priv->javascript_can_open_windows_automatically = g_value_get_boolean(value);
- break;
-+ case PROP_JAVASCRIPT_CAN_ACCESS_CLIPBOARD:
-+ priv->javascript_can_access_clipboard = g_value_get_boolean(value);
-+ break;
- case PROP_ENABLE_OFFLINE_WEB_APPLICATION_CACHE:
- priv->enable_offline_web_application_cache = g_value_get_boolean(value);
- break;
-@@ -1161,6 +1182,9 @@
- case PROP_JAVASCRIPT_CAN_OPEN_WINDOWS_AUTOMATICALLY:
- g_value_set_boolean(value, priv->javascript_can_open_windows_automatically);
- break;
-+ case PROP_JAVASCRIPT_CAN_ACCESS_CLIPBOARD:
-+ g_value_set_boolean(value, priv->javascript_can_access_clipboard);
-+ break;
- case PROP_ENABLE_OFFLINE_WEB_APPLICATION_CACHE:
- g_value_set_boolean(value, priv->enable_offline_web_application_cache);
- break;
-@@ -1255,6 +1279,7 @@
- "enable-spatial-navigation", priv->enable_spatial_navigation,
- "user-agent", webkit_web_settings_get_user_agent(web_settings),
- "javascript-can-open-windows-automatically", priv->javascript_can_open_windows_automatically,
-+ "javascript-can-access-clipboard", priv->javascript_can_access_clipboard,
- "enable-offline-web-application-cache", priv->enable_offline_web_application_cache,
- "editing-behavior", priv->editing_behavior,
- "enable-universal-access-from-file-uris", priv->enable_universal_access_from_file_uris,
-Index: webkit-1.2.1/WebKit/gtk/webkit/webkitwebview.cpp
-===================================================================
---- webkit-1.2.1.orig/WebKit/gtk/webkit/webkitwebview.cpp 2010-05-13 16:31:30.000000000 -0400
-+++ webkit-1.2.1/WebKit/gtk/webkit/webkitwebview.cpp 2010-06-28 21:36:35.000000000 -0400
-@@ -2677,7 +2677,8 @@
- gboolean autoLoadImages, autoShrinkImages, printBackgrounds,
- enableScripts, enablePlugins, enableDeveloperExtras, resizableTextAreas,
- enablePrivateBrowsing, enableCaretBrowsing, enableHTML5Database, enableHTML5LocalStorage,
-- enableXSSAuditor, enableSpatialNavigation, javascriptCanOpenWindows, enableOfflineWebAppCache,
-+ enableXSSAuditor, enableSpatialNavigation, javascriptCanOpenWindows,
-+ javaScriptCanAccessClipboard, enableOfflineWebAppCache,
- enableUniversalAccessFromFileURI, enableFileAccessFromFileURI,
- enableDOMPaste, tabKeyCyclesThroughElements,
- enableSiteSpecificQuirks, usePageCache, enableJavaApplet;
-@@ -2707,6 +2708,7 @@
- "enable-xss-auditor", &enableXSSAuditor,
- "enable-spatial-navigation", &enableSpatialNavigation,
- "javascript-can-open-windows-automatically", &javascriptCanOpenWindows,
-+ "javascript-can-access-clipboard", &javaScriptCanAccessClipboard,
- "enable-offline-web-application-cache", &enableOfflineWebAppCache,
- "editing-behavior", &editingBehavior,
- "enable-universal-access-from-file-uris", &enableUniversalAccessFromFileURI,
-@@ -2742,6 +2744,7 @@
- settings->setXSSAuditorEnabled(enableXSSAuditor);
- settings->setSpatialNavigationEnabled(enableSpatialNavigation);
- settings->setJavaScriptCanOpenWindowsAutomatically(javascriptCanOpenWindows);
-+ settings->setJavaScriptCanAccessClipboard(javaScriptCanAccessClipboard);
- settings->setOfflineWebApplicationCacheEnabled(enableOfflineWebAppCache);
- settings->setEditingBehavior(core(editingBehavior));
- settings->setAllowUniversalAccessFromFileURLs(enableUniversalAccessFromFileURI);
-@@ -2839,6 +2842,8 @@
- settings->setSpatialNavigationEnabled(g_value_get_boolean(&value));
- else if (name == g_intern_string("javascript-can-open-windows-automatically"))
- settings->setJavaScriptCanOpenWindowsAutomatically(g_value_get_boolean(&value));
-+ else if (name == g_intern_string("javascript-can-access-clipboard"))
-+ settings->setJavaScriptCanAccessClipboard(g_value_get_boolean(&value));
- else if (name == g_intern_string("enable-offline-web-application-cache"))
- settings->setOfflineWebApplicationCacheEnabled(g_value_get_boolean(&value));
- else if (name == g_intern_string("editing-behavior"))
-Index: webkit-1.2.1/WebCore/editing/EditorCommand.cpp
-===================================================================
---- webkit-1.2.1.orig/WebCore/editing/EditorCommand.cpp 2010-05-13 16:31:30.000000000 -0400
-+++ webkit-1.2.1/WebCore/editing/EditorCommand.cpp 2010-06-28 21:36:35.000000000 -0400
-@@ -1069,6 +1069,21 @@
- return source == CommandFromMenuOrKeyBinding;
- }
-
-+static bool supportedCopyCut(Frame* frame, EditorCommandSource source)
-+{
-+ switch (source) {
-+ case CommandFromMenuOrKeyBinding:
-+ return true;
-+ case CommandFromDOM:
-+ case CommandFromDOMWithUserInterface: {
-+ Settings* settings = frame ? frame->settings() : 0;
-+ return settings && settings->javaScriptCanAccessClipboard();
-+ }
-+ }
-+ ASSERT_NOT_REACHED();
-+ return false;
-+}
-+
- static bool supportedPaste(Frame* frame, EditorCommandSource source)
- {
- switch (source) {
-@@ -1077,7 +1092,7 @@
- case CommandFromDOM:
- case CommandFromDOMWithUserInterface: {
- Settings* settings = frame ? frame->settings() : 0;
-- return settings && settings->isDOMPasteAllowed();
-+ return settings && (settings->javaScriptCanAccessClipboard() ? settings->isDOMPasteAllowed() : 0);
- }
- }
- ASSERT_NOT_REACHED();
-@@ -1304,9 +1319,9 @@
- { "BackColor", { executeBackColor, supported, enabledInRichlyEditableText, stateNone, valueBackColor, notTextInsertion, doNotAllowExecutionWhenDisabled } },
- { "BackwardDelete", { executeDeleteBackward, supportedFromMenuOrKeyBinding, enabledInEditableText, stateNone, valueNull, notTextInsertion, doNotAllowExecutionWhenDisabled } }, // FIXME: remove BackwardDelete when Safari for Windows stops using it.
- { "Bold", { executeToggleBold, supported, enabledInRichlyEditableText, stateBold, valueNull, notTextInsertion, doNotAllowExecutionWhenDisabled } },
-- { "Copy", { executeCopy, supported, enabledCopy, stateNone, valueNull, notTextInsertion, allowExecutionWhenDisabled } },
-+ { "Copy", { executeCopy, supportedCopyCut, enabledCopy, stateNone, valueNull, notTextInsertion, allowExecutionWhenDisabled } },
- { "CreateLink", { executeCreateLink, supported, enabledInRichlyEditableText, stateNone, valueNull, notTextInsertion, doNotAllowExecutionWhenDisabled } },
-- { "Cut", { executeCut, supported, enabledCut, stateNone, valueNull, notTextInsertion, allowExecutionWhenDisabled } },
-+ { "Cut", { executeCut, supportedCopyCut, enabledCut, stateNone, valueNull, notTextInsertion, allowExecutionWhenDisabled } },
- { "Delete", { executeDelete, supported, enabledDelete, stateNone, valueNull, notTextInsertion, doNotAllowExecutionWhenDisabled } },
- { "DeleteBackward", { executeDeleteBackward, supportedFromMenuOrKeyBinding, enabledInEditableText, stateNone, valueNull, notTextInsertion, doNotAllowExecutionWhenDisabled } },
- { "DeleteBackwardByDecomposingPreviousCharacter", { executeDeleteBackwardByDecomposingPreviousCharacter, supportedFromMenuOrKeyBinding, enabledInEditableText, stateNone, valueNull, notTextInsertion, doNotAllowExecutionWhenDisabled } },
-Index: webkit-1.2.1/WebCore/page/Settings.h
-===================================================================
---- webkit-1.2.1.orig/WebCore/page/Settings.h 2010-05-13 16:31:30.000000000 -0400
-+++ webkit-1.2.1/WebCore/page/Settings.h 2010-06-28 23:17:55.000000000 -0400
-@@ -122,6 +122,9 @@
- void setJavaScriptCanOpenWindowsAutomatically(bool);
- bool javaScriptCanOpenWindowsAutomatically() const { return m_javaScriptCanOpenWindowsAutomatically; }
-
-+ void setJavaScriptCanAccessClipboard(bool);
-+ bool javaScriptCanAccessClipboard() const { return m_javaScriptCanAccessClipboard; }
-+
- void setSpatialNavigationEnabled(bool);
- bool isSpatialNavigationEnabled() const { return m_isSpatialNavigationEnabled; }
-
-@@ -330,6 +333,7 @@
- bool m_allowUniversalAccessFromFileURLs: 1;
- bool m_allowFileAccessFromFileURLs: 1;
- bool m_javaScriptCanOpenWindowsAutomatically : 1;
-+ bool m_javaScriptCanAccessClipboard : 1;
- bool m_shouldPrintBackgrounds : 1;
- bool m_textAreasAreResizable : 1;
- #if ENABLE(DASHBOARD_SUPPORT)
-Index: webkit-1.2.1/WebCore/page/Settings.cpp
-===================================================================
---- webkit-1.2.1.orig/WebCore/page/Settings.cpp 2010-05-13 16:31:30.000000000 -0400
-+++ webkit-1.2.1/WebCore/page/Settings.cpp 2010-06-28 23:17:55.000000000 -0400
-@@ -79,6 +79,7 @@
- , m_allowUniversalAccessFromFileURLs(true)
- , m_allowFileAccessFromFileURLs(true)
- , m_javaScriptCanOpenWindowsAutomatically(false)
-+ , m_javaScriptCanAccessClipboard(false)
- , m_shouldPrintBackgrounds(false)
- , m_textAreasAreResizable(false)
- #if ENABLE(DASHBOARD_SUPPORT)
-@@ -291,6 +292,11 @@
- m_javaScriptCanOpenWindowsAutomatically = javaScriptCanOpenWindowsAutomatically;
- }
-
-+void Settings::setJavaScriptCanAccessClipboard(bool javaScriptCanAccessClipboard)
-+{
-+ m_javaScriptCanAccessClipboard = javaScriptCanAccessClipboard;
-+}
-+
- void Settings::setDefaultTextEncodingName(const String& defaultTextEncodingName)
- {
- m_defaultTextEncodingName = defaultTextEncodingName;
-Index: webkit-1.2.1/WebKitTools/DumpRenderTree/gtk/DumpRenderTree.cpp
-===================================================================
---- webkit-1.2.1.orig/WebKitTools/DumpRenderTree/gtk/DumpRenderTree.cpp 2010-05-13 16:31:30.000000000 -0400
-+++ webkit-1.2.1/WebKitTools/DumpRenderTree/gtk/DumpRenderTree.cpp 2010-06-28 21:36:35.000000000 -0400
-@@ -320,6 +320,7 @@
- "enable-html5-local-storage", TRUE,
- "enable-xss-auditor", FALSE,
- "enable-spatial-navigation", FALSE,
-+ "javascript-can-access-clipboard", TRUE,
- "javascript-can-open-windows-automatically", TRUE,
- "enable-offline-web-application-cache", TRUE,
- "enable-universal-access-from-file-uris", TRUE,
-Index: webkit-1.2.1/WebKitTools/DumpRenderTree/gtk/LayoutTestControllerGtk.cpp
-===================================================================
---- webkit-1.2.1.orig/WebKitTools/DumpRenderTree/gtk/LayoutTestControllerGtk.cpp 2010-05-13 16:31:30.000000000 -0400
-+++ webkit-1.2.1/WebKitTools/DumpRenderTree/gtk/LayoutTestControllerGtk.cpp 2010-06-28 21:36:35.000000000 -0400
-@@ -337,6 +337,15 @@
- g_object_set(G_OBJECT(settings), "enable-private-browsing", flag, NULL);
- }
-
-+void LayoutTestController::setJavaScriptCanAccessClipboard(bool flag)
-+{
-+ WebKitWebView* view = webkit_web_frame_get_web_view(mainFrame);
-+ ASSERT(view);
-+
-+ WebKitWebSettings* settings = webkit_web_view_get_settings(view);
-+ g_object_set(G_OBJECT(settings), "javascript-can-access-clipboard", flag, NULL);
-+}
-+
- void LayoutTestController::setXSSAuditorEnabled(bool flag)
- {
- WebKitWebView* view = webkit_web_frame_get_web_view(mainFrame);
-Index: webkit-1.2.1/WebKitTools/DumpRenderTree/LayoutTestController.cpp
-===================================================================
---- webkit-1.2.1.orig/WebKitTools/DumpRenderTree/LayoutTestController.cpp 2010-05-13 16:31:30.000000000 -0400
-+++ webkit-1.2.1/WebKitTools/DumpRenderTree/LayoutTestController.cpp 2010-06-28 23:18:26.000000000 -0400
-@@ -902,6 +902,18 @@
- return JSValueMakeUndefined(context);
- }
-
-+static JSValueRef setJavaScriptCanAccessClipboardCallback(JSContextRef context, JSObjectRef function, JSObjectRef thisObject, size_t argumentCount, const JSValueRef arguments[], JSValueRef* exception)
-+{
-+ // Has mac & windows implementation
-+ if (argumentCount < 1)
-+ return JSValueMakeUndefined(context);
-+
-+ LayoutTestController* controller = static_cast<LayoutTestController*>(JSObjectGetPrivate(thisObject));
-+ controller->setJavaScriptCanAccessClipboard(JSValueToBoolean(context, arguments[0]));
-+
-+ return JSValueMakeUndefined(context);
-+}
-+
- static JSValueRef setXSSAuditorEnabledCallback(JSContextRef context, JSObjectRef function, JSObjectRef thisObject, size_t argumentCount, const JSValueRef arguments[], JSValueRef* exception)
- {
- // Has mac & windows implementation
-@@ -1486,6 +1498,7 @@
- { "setWillSendRequestReturnsNull", setWillSendRequestReturnsNullCallback, kJSPropertyAttributeReadOnly | kJSPropertyAttributeDontDelete },
- { "setWillSendRequestReturnsNullOnRedirect", setWillSendRequestReturnsNullOnRedirectCallback, kJSPropertyAttributeReadOnly | kJSPropertyAttributeDontDelete },
- { "setWindowIsKey", setWindowIsKeyCallback, kJSPropertyAttributeReadOnly | kJSPropertyAttributeDontDelete },
-+ { "setJavaScriptCanAccessClipboard", setJavaScriptCanAccessClipboardCallback, kJSPropertyAttributeReadOnly | kJSPropertyAttributeDontDelete },
- { "showWebInspector", showWebInspectorCallback, kJSPropertyAttributeReadOnly | kJSPropertyAttributeDontDelete },
- { "testOnscreen", testOnscreenCallback, kJSPropertyAttributeReadOnly | kJSPropertyAttributeDontDelete },
- { "testRepaint", testRepaintCallback, kJSPropertyAttributeReadOnly | kJSPropertyAttributeDontDelete },
-Index: webkit-1.2.1/WebKitTools/DumpRenderTree/LayoutTestController.h
-===================================================================
---- webkit-1.2.1.orig/WebKitTools/DumpRenderTree/LayoutTestController.h 2010-05-13 16:31:30.000000000 -0400
-+++ webkit-1.2.1/WebKitTools/DumpRenderTree/LayoutTestController.h 2010-06-28 21:36:35.000000000 -0400
-@@ -79,6 +79,7 @@
- void setDomainRelaxationForbiddenForURLScheme(bool forbidden, JSStringRef scheme);
- void setIconDatabaseEnabled(bool iconDatabaseEnabled);
- void setJavaScriptProfilingEnabled(bool profilingEnabled);
-+ void setJavaScriptCanAccessClipboard(bool flag);
- void setMainFrameIsFirstResponder(bool flag);
- void setMockGeolocationError(int code, JSStringRef message);
- void setMockGeolocationPosition(double latitude, double longitude, double accuracy);
diff --git a/debian/patches/cve-2010-1422.patch b/debian/patches/cve-2010-1422.patch
deleted file mode 100644
index b8c9faf..0000000
--- a/debian/patches/cve-2010-1422.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-description: fix cve-2010-1422
-author: Michael Gilbert <michael.s.gilbert at gmail.com>
-origin: http://trac.webkit.org/changeset/58829
-Index: webkit-1.2.1/WebCore/page/EventHandler.cpp
-===================================================================
---- webkit-1.2.1.orig/WebCore/page/EventHandler.cpp 2010-05-13 16:31:30.000000000 -0400
-+++ webkit-1.2.1/WebCore/page/EventHandler.cpp 2010-06-28 21:29:21.000000000 -0400
-@@ -2151,7 +2151,9 @@
-
- if (initialKeyEvent.type() == PlatformKeyboardEvent::RawKeyDown) {
- node->dispatchEvent(keydown, ec);
-- return keydown->defaultHandled() || keydown->defaultPrevented();
-+ // If frame changed as a result of keydown dispatch, then return true to avoid sending a subsequent keypress message to the new frame.
-+ bool changedFocusedFrame = m_frame->page() && m_frame != m_frame->page()->focusController()->focusedOrMainFrame();
-+ return keydown->defaultHandled() || keydown->defaultPrevented() || changedFocusedFrame;
- }
-
- // Run input method in advance of DOM event handling. This may result in the IM
-@@ -2171,7 +2173,9 @@
- }
-
- node->dispatchEvent(keydown, ec);
-- bool keydownResult = keydown->defaultHandled() || keydown->defaultPrevented();
-+ // If frame changed as a result of keydown dispatch, then return early to avoid sending a subsequent keypress message to the new frame.
-+ bool changedFocusedFrame = m_frame->page() && m_frame != m_frame->page()->focusController()->focusedOrMainFrame();
-+ bool keydownResult = keydown->defaultHandled() || keydown->defaultPrevented() || changedFocusedFrame;
- if (handledByInputMethod || (keydownResult && !backwardCompatibilityMode))
- return keydownResult;
-
diff --git a/debian/patches/cve-2010-1501+1767.patch b/debian/patches/cve-2010-1501+1767.patch
deleted file mode 100644
index 0866775..0000000
--- a/debian/patches/cve-2010-1501+1767.patch
+++ /dev/null
@@ -1,15 +0,0 @@
-description: fix cve-2010-1501 (duplicated as cve-2010-1767 in cve tracker)
-author: Michael Gilbert <michael.s.gilbert at gmail.com>
-origin: http://trac.webkit.org/changeset/57041
-Index: webkit-1.2.1/WebCore/loader/DocumentThreadableLoader.cpp
-===================================================================
---- webkit-1.2.1.orig/WebCore/loader/DocumentThreadableLoader.cpp 2010-05-13 16:31:30.000000000 -0400
-+++ webkit-1.2.1/WebCore/loader/DocumentThreadableLoader.cpp 2010-06-28 21:40:03.000000000 -0400
-@@ -287,6 +287,7 @@
-
- void DocumentThreadableLoader::preflightFailure()
- {
-+ m_actualRequest = 0; // Prevent didFinishLoading() from bypassing access check.
- m_client->didFail(ResourceError());
- }
-
diff --git a/debian/patches/cve-2010-1664.patch b/debian/patches/cve-2010-1664.patch
deleted file mode 100644
index e5c3ce9..0000000
--- a/debian/patches/cve-2010-1664.patch
+++ /dev/null
@@ -1,144 +0,0 @@
-description: fix cve-2010-1664
-author: Michael Gilbert <michael.s.gilbert at gmail.com>
-origin: http://trac.webkit.org/changeset/57922
-Index: webkit-1.2.1/WebCore/dom/make_names.pl
-===================================================================
---- webkit-1.2.1.orig/WebCore/dom/make_names.pl 2010-05-13 16:31:30.000000000 -0400
-+++ webkit-1.2.1/WebCore/dom/make_names.pl 2010-06-28 21:46:05.000000000 -0400
-@@ -287,8 +287,10 @@
- # Handle media elements.
- if ($tags{$tagName}{wrapperOnlyIfMediaIsAvailable}) {
- print F <<END
-- if (!MediaPlayer::isAvailable())
-+ Settings* settings = document->settings();
-+ if (!MediaPlayer::isAvailable() || (settings && !settings->isMediaEnabled()))
- return HTMLElement::create($constructorTagName, document);
-+
- END
- ;
- }
-@@ -638,7 +640,7 @@
- print F <<END
- #include <wtf/HashMap.h>
-
--#if ENABLE(DASHBOARD_SUPPORT)
-+#if ENABLE(DASHBOARD_SUPPORT) || ENABLE(VIDEO)
- #include "Document.h"
- #include "Settings.h"
- #endif
-@@ -839,7 +841,8 @@
- print F <<END
- static JSNode* create${JSInterfaceName}Wrapper(ExecState* exec, JSDOMGlobalObject* globalObject, PassRefPtr<$parameters{namespace}Element> element)
- {
-- if (!MediaPlayer::isAvailable())
-+ Settings* settings = element->document()->settings();
-+ if (!MediaPlayer::isAvailable() || (settings && !settings->isMediaEnabled()))
- return CREATE_DOM_NODE_WRAPPER(exec, globalObject, $parameters{namespace}Element, element.get());
- return CREATE_DOM_NODE_WRAPPER(exec, globalObject, ${JSInterfaceName}, element.get());
- }
-@@ -857,14 +860,29 @@
- ;
- }
- } elsif ($wrapperFactoryType eq "V8") {
-+ if ($tags{$tagName}{wrapperOnlyIfMediaIsAvailable}) {
-+ print F <<END
-+static v8::Handle<v8::Value> create${JSInterfaceName}Wrapper($parameters{namespace}Element* element)
-+{
-+ Settings* settings = element->document()->settings();
-+ if (!MediaPlayer::isAvailable() || (settings && !settings->isMediaEnabled()))
-+ return toV8(static_cast<$parameters{namespace}Element*>(element));
-+ return toV8(static_cast<${JSInterfaceName}*>(element));
-+}
-+
-+END
-+;
-+ } else {
- print F <<END
- static v8::Handle<v8::Value> create${JSInterfaceName}Wrapper($parameters{namespace}Element* element)
- {
- return toV8(static_cast<${JSInterfaceName}*>(element));
- }
-
-+
- END
- ;
-+ }
- }
-
- if ($conditional) {
-@@ -895,7 +913,16 @@
-
- printElementIncludes($F);
-
-- print F "\n#include <wtf/StdLibExtras.h>\n\n";
-+ print F <<END
-+#include <wtf/StdLibExtras.h>
-+
-+#if ENABLE(VIDEO)
-+#include "Document.h"
-+#include "Settings.h"
-+#endif
-+
-+END
-+;
-
- if ($wrapperFactoryType eq "JS") {
- print F <<END
-Index: webkit-1.2.1/WebCore/page/Settings.h
-===================================================================
---- webkit-1.2.1.orig/WebCore/page/Settings.h 2010-06-28 21:36:35.000000000 -0400
-+++ webkit-1.2.1/WebCore/page/Settings.h 2010-06-28 21:45:46.000000000 -0400
-@@ -134,6 +134,9 @@
- void setImagesEnabled(bool);
- bool areImagesEnabled() const { return m_areImagesEnabled; }
-
-+ void setMediaEnabled(bool);
-+ bool isMediaEnabled() const { return m_isMediaEnabled; }
-+
- void setPluginsEnabled(bool);
- bool arePluginsEnabled() const { return m_arePluginsEnabled; }
-
-@@ -326,6 +329,7 @@
- bool m_privateBrowsingEnabled : 1;
- bool m_caretBrowsingEnabled : 1;
- bool m_areImagesEnabled : 1;
-+ bool m_isMediaEnabled : 1;
- bool m_arePluginsEnabled : 1;
- bool m_localStorageEnabled : 1;
- bool m_isJavaScriptEnabled : 1;
-Index: webkit-1.2.1/WebCore/page/Settings.cpp
-===================================================================
---- webkit-1.2.1.orig/WebCore/page/Settings.cpp 2010-06-28 21:36:35.000000000 -0400
-+++ webkit-1.2.1/WebCore/page/Settings.cpp 2010-06-28 21:45:46.000000000 -0400
-@@ -72,6 +72,7 @@
- , m_privateBrowsingEnabled(false)
- , m_caretBrowsingEnabled(false)
- , m_areImagesEnabled(true)
-+ , m_isMediaEnabled(true)
- , m_arePluginsEnabled(false)
- , m_localStorageEnabled(false)
- , m_isJavaScriptEnabled(false)
-@@ -263,6 +264,11 @@
- m_areImagesEnabled = areImagesEnabled;
- }
-
-+void Settings::setMediaEnabled(bool isMediaEnabled)
-+{
-+ m_isMediaEnabled = isMediaEnabled;
-+}
-+
- void Settings::setPluginsEnabled(bool arePluginsEnabled)
- {
- m_arePluginsEnabled = arePluginsEnabled;
-Index: webkit-1.2.1/WebCore/svg/graphics/SVGImage.cpp
-===================================================================
---- webkit-1.2.1.orig/WebCore/svg/graphics/SVGImage.cpp 2010-05-13 16:31:30.000000000 -0400
-+++ webkit-1.2.1/WebCore/svg/graphics/SVGImage.cpp 2010-06-28 21:45:46.000000000 -0400
-@@ -247,6 +247,7 @@
- // The comment said that the Cache code does not know about CachedImages
- // holding Frames and won't know to break the cycle. But
- m_page.set(new Page(m_chromeClient.get(), dummyContextMenuClient, dummyEditorClient, dummyDragClient, dummyInspectorClient, 0, 0));
-+ m_page->settings()->setMediaEnabled(false);
- m_page->settings()->setJavaScriptEnabled(false);
- m_page->settings()->setPluginsEnabled(false);
-
diff --git a/debian/patches/cve-2010-1758.patch b/debian/patches/cve-2010-1758.patch
deleted file mode 100644
index 79f7cde..0000000
--- a/debian/patches/cve-2010-1758.patch
+++ /dev/null
@@ -1,193 +0,0 @@
-escription: fix cve-2010-1758
-author: Michael Gilbert <michael.s.gilbert at gmail.com>
-origin: http://trac.webkit.org/changeset/59098
-Index: webkit-1.2.1/WebCore/dom/Document.h
-===================================================================
---- webkit-1.2.1.orig/WebCore/dom/Document.h 2010-05-13 16:31:30.000000000 -0400
-+++ webkit-1.2.1/WebCore/dom/Document.h 2010-06-28 21:48:38.000000000 -0400
-@@ -611,6 +611,9 @@
- void detachRange(Range*);
-
- void nodeChildrenChanged(ContainerNode*);
-+ // nodeChildrenWillBeRemoved is used when removing all node children at once.
-+ void nodeChildrenWillBeRemoved(ContainerNode*);
-+ // nodeWillBeRemoved is only safe when removing one node at a time.
- void nodeWillBeRemoved(Node*);
-
- void textInserted(Node*, unsigned offset, unsigned length);
-Index: webkit-1.2.1/WebCore/dom/Document.cpp
-===================================================================
---- webkit-1.2.1.orig/WebCore/dom/Document.cpp 2010-05-13 16:31:30.000000000 -0400
-+++ webkit-1.2.1/WebCore/dom/Document.cpp 2010-06-28 21:48:38.000000000 -0400
-@@ -2879,6 +2879,28 @@
- }
- }
-
-+void Document::nodeChildrenWillBeRemoved(ContainerNode* container)
-+{
-+ if (!disableRangeMutation(page())) {
-+ HashSet<Range*>::const_iterator end = m_ranges.end();
-+ for (HashSet<Range*>::const_iterator it = m_ranges.begin(); it != end; ++it)
-+ (*it)->nodeChildrenWillBeRemoved(container);
-+ }
-+
-+ HashSet<NodeIterator*>::const_iterator nodeIteratorsEnd = m_nodeIterators.end();
-+ for (HashSet<NodeIterator*>::const_iterator it = m_nodeIterators.begin(); it != nodeIteratorsEnd; ++it) {
-+ for (Node* n = container->firstChild(); n; n = n->nextSibling())
-+ (*it)->nodeWillBeRemoved(n);
-+ }
-+
-+ if (Frame* frame = this->frame()) {
-+ for (Node* n = container->firstChild(); n; n = n->nextSibling()) {
-+ frame->selection()->nodeWillBeRemoved(n);
-+ frame->dragCaretController()->nodeWillBeRemoved(n);
-+ }
-+ }
-+}
-+
- void Document::nodeWillBeRemoved(Node* n)
- {
- HashSet<NodeIterator*>::const_iterator nodeIteratorsEnd = m_nodeIterators.end();
-Index: webkit-1.2.1/WebCore/dom/ContainerNode.cpp
-===================================================================
---- webkit-1.2.1.orig/WebCore/dom/ContainerNode.cpp 2010-05-13 16:31:30.000000000 -0400
-+++ webkit-1.2.1/WebCore/dom/ContainerNode.cpp 2010-06-28 21:48:38.000000000 -0400
-@@ -292,19 +292,32 @@
- Node::willRemove();
- }
-
--static ExceptionCode willRemoveChild(Node *child)
-+static void willRemoveChild(Node* child)
- {
-- ExceptionCode ec = 0;
-+ // update auxiliary doc info (e.g. iterators) to note that node is being removed
-+ child->document()->nodeWillBeRemoved(child);
-+ child->document()->incDOMTreeVersion();
-
- // fire removed from document mutation events.
- dispatchChildRemovalEvents(child);
-- if (ec)
-- return ec;
-
- if (child->attached())
- child->willRemove();
--
-- return 0;
-+}
-+
-+static void willRemoveChildren(ContainerNode* container)
-+{
-+ container->document()->nodeChildrenWillBeRemoved(container);
-+ container->document()->incDOMTreeVersion();
-+
-+ // FIXME: Adding new children from event handlers can cause an infinite loop here.
-+ for (RefPtr<Node> child = container->firstChild(); child; child = child->nextSibling()) {
-+ // fire removed from document mutation events.
-+ dispatchChildRemovalEvents(child.get());
-+
-+ if (child->attached())
-+ child->willRemove();
-+ }
- }
-
- bool ContainerNode::removeChild(Node* oldChild, ExceptionCode& ec)
-@@ -328,10 +341,7 @@
- }
-
- RefPtr<Node> child = oldChild;
--
-- ec = willRemoveChild(child.get());
-- if (ec)
-- return false;
-+ willRemoveChild(child.get());
-
- // Mutation events might have moved this child into a different parent.
- if (child->parentNode() != this) {
-@@ -399,14 +409,12 @@
- return false;
-
- // The container node can be removed from event handlers.
-- RefPtr<Node> protect(this);
--
-+ RefPtr<ContainerNode> protect(this);
-+
- // Do any prep work needed before actually starting to detach
- // and remove... e.g. stop loading frames, fire unload events.
-- // FIXME: Adding new children from event handlers can cause an infinite loop here.
-- for (RefPtr<Node> n = m_firstChild; n; n = n->nextSibling())
-- willRemoveChild(n.get());
--
-+ willRemoveChildren(protect.get());
-+
- // exclude this node when looking for removed focusedNode since only children will be removed
- document()->removeFocusedNodeOfSubtree(this, true);
-
-@@ -936,6 +944,8 @@
-
- static void dispatchChildRemovalEvents(Node* child)
- {
-+ ASSERT(!eventDispatchForbidden());
-+
- #if ENABLE(INSPECTOR)
- if (Page* page = child->document()->page()) {
- if (InspectorController* inspectorController = page->inspectorController())
-@@ -946,11 +956,6 @@
- RefPtr<Node> c = child;
- RefPtr<Document> document = child->document();
-
-- // update auxiliary doc info (e.g. iterators) to note that node is being removed
-- document->nodeWillBeRemoved(child);
--
-- document->incDOMTreeVersion();
--
- // dispatch pre-removal mutation events
- if (c->parentNode() && document->hasListenerType(Document::DOMNODEREMOVED_LISTENER))
- c->dispatchEvent(MutationEvent::create(eventNames().DOMNodeRemovedEvent, true, c->parentNode()));
-Index: webkit-1.2.1/WebCore/dom/Range.h
-===================================================================
---- webkit-1.2.1.orig/WebCore/dom/Range.h 2010-05-13 16:31:30.000000000 -0400
-+++ webkit-1.2.1/WebCore/dom/Range.h 2010-06-28 21:48:38.000000000 -0400
-@@ -111,6 +111,7 @@
- void textQuads(Vector<FloatQuad>&, bool useSelectionHeight = false);
-
- void nodeChildrenChanged(ContainerNode*);
-+ void nodeChildrenWillBeRemoved(ContainerNode*);
- void nodeWillBeRemoved(Node*);
-
- void textInserted(Node*, unsigned offset, unsigned length);
-Index: webkit-1.2.1/WebCore/dom/Range.cpp
-===================================================================
---- webkit-1.2.1.orig/WebCore/dom/Range.cpp 2010-05-13 16:31:30.000000000 -0400
-+++ webkit-1.2.1/WebCore/dom/Range.cpp 2010-06-28 21:48:38.000000000 -0400
-@@ -1716,6 +1716,31 @@
- boundaryNodeChildrenChanged(m_end, container);
- }
-
-+static inline void boundaryNodeChildrenWillBeRemoved(RangeBoundaryPoint& boundary, ContainerNode* container)
-+{
-+ for (Node* nodeToBeRemoved = container->firstChild(); nodeToBeRemoved; nodeToBeRemoved = nodeToBeRemoved->nextSibling()) {
-+ if (boundary.childBefore() == nodeToBeRemoved) {
-+ boundary.setToStartOfNode(container);
-+ return;
-+ }
-+
-+ for (Node* n = boundary.container(); n; n = n->parentNode()) {
-+ if (n == nodeToBeRemoved) {
-+ boundary.setToStartOfNode(container);
-+ return;
-+ }
-+ }
-+ }
-+}
-+
-+void Range::nodeChildrenWillBeRemoved(ContainerNode* container)
-+{
-+ ASSERT(container);
-+ ASSERT(container->document() == m_ownerDocument);
-+ boundaryNodeChildrenWillBeRemoved(m_start, container);
-+ boundaryNodeChildrenWillBeRemoved(m_end, container);
-+}
-+
- static inline void boundaryNodeWillBeRemoved(RangeBoundaryPoint& boundary, Node* nodeToBeRemoved)
- {
- if (boundary.childBefore() == nodeToBeRemoved) {
diff --git a/debian/patches/cve-2010-1759.patch b/debian/patches/cve-2010-1759.patch
deleted file mode 100644
index 3fb5fde..0000000
--- a/debian/patches/cve-2010-1759.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-description: fix cve-2010-1759
-author: Michael Gilbert <michael.s.gilbert at gmail.com>
-origin: http://trac.webkit.org/changeset/59109
-Index: webkit-1.2.1/WebCore/dom/NamedAttrMap.cpp
-===================================================================
---- webkit-1.2.1.orig/WebCore/dom/NamedAttrMap.cpp 2010-05-13 16:31:30.000000000 -0400
-+++ webkit-1.2.1/WebCore/dom/NamedAttrMap.cpp 2010-06-28 21:51:06.000000000 -0400
-@@ -172,6 +172,11 @@
- return m_attributes[index]->createAttrIfNeeded(m_element);
- }
-
-+void NamedNodeMap::copyAttributesToVector(Vector<RefPtr<Attribute> >& copy)
-+{
-+ copy = m_attributes;
-+}
-+
- Attribute* NamedNodeMap::getAttributeItemSlowCase(const String& name, bool shouldIgnoreAttributeCase) const
- {
- unsigned len = length();
-Index: webkit-1.2.1/WebCore/dom/Element.cpp
-===================================================================
---- webkit-1.2.1.orig/WebCore/dom/Element.cpp 2010-05-13 16:31:30.000000000 -0400
-+++ webkit-1.2.1/WebCore/dom/Element.cpp 2010-06-28 21:51:06.000000000 -0400
-@@ -1430,9 +1430,15 @@
- NamedNodeMap* attrs = attributes(true);
- if (!attrs)
- return;
-- unsigned numAttrs = attrs->length();
-- for (unsigned i = 0; i < numAttrs; i++) {
-- if (Attr* attr = attrs->attributeItem(i)->attr())
-+
-+ if (attrs->isEmpty())
-+ return;
-+
-+ Vector<RefPtr<Attribute> > attributeVector;
-+ attrs->copyAttributesToVector(attributeVector);
-+ size_t numAttrs = attributeVector.size();
-+ for (size_t i = 0; i < numAttrs; ++i) {
-+ if (Attr* attr = attributeVector[i]->attr())
- attr->normalize();
- }
- }
-Index: webkit-1.2.1/WebCore/dom/NamedAttrMap.h
-===================================================================
---- webkit-1.2.1.orig/WebCore/dom/NamedAttrMap.h 2010-05-13 16:31:30.000000000 -0400
-+++ webkit-1.2.1/WebCore/dom/NamedAttrMap.h 2010-06-28 21:51:06.000000000 -0400
-@@ -72,6 +72,8 @@
- Attribute* attributeItem(unsigned index) const { return m_attributes[index].get(); }
- Attribute* getAttributeItem(const QualifiedName&) const;
-
-+ void copyAttributesToVector(Vector<RefPtr<Attribute> >&);
-+
- void shrinkToLength() { m_attributes.shrinkCapacity(length()); }
- void reserveInitialCapacity(unsigned capacity) { m_attributes.reserveInitialCapacity(capacity); }
-
diff --git a/debian/patches/cve-2010-1760.patch b/debian/patches/cve-2010-1760.patch
deleted file mode 100644
index c4ede23..0000000
--- a/debian/patches/cve-2010-1760.patch
+++ /dev/null
@@ -1,73 +0,0 @@
-description: fix cve-2010-1760
-author: Michael Gilbert <michael.s.gilbert at gmail.com>
-origin: http://trac.webkit.org/changeset/58409
-Index: webkit-1.2.1/WebCore/loader/DocumentThreadableLoader.cpp
-===================================================================
---- webkit-1.2.1.orig/WebCore/loader/DocumentThreadableLoader.cpp 2010-06-28 21:40:03.000000000 -0400
-+++ webkit-1.2.1/WebCore/loader/DocumentThreadableLoader.cpp 2010-06-28 21:54:00.000000000 -0400
-@@ -81,16 +81,19 @@
-
- ASSERT(m_options.crossOriginRequestPolicy == UseAccessControl);
-
-- if (!m_options.forcePreflight && isSimpleCrossOriginAccessRequest(request.httpMethod(), request.httpHeaderFields()))
-- makeSimpleCrossOriginAccessRequest(request);
-+ OwnPtr<ResourceRequest> crossOriginRequest(new ResourceRequest(request));
-+ crossOriginRequest->removeCredentials();
-+ crossOriginRequest->setAllowCookies(m_options.allowCredentials);
-+
-+ if (!m_options.forcePreflight && isSimpleCrossOriginAccessRequest(crossOriginRequest->httpMethod(), crossOriginRequest->httpHeaderFields()))
-+ makeSimpleCrossOriginAccessRequest(*crossOriginRequest);
- else {
-- m_actualRequest.set(new ResourceRequest(request));
-- m_actualRequest->setAllowCookies(m_options.allowCredentials);
-+ m_actualRequest.set(crossOriginRequest.release());
-
-- if (CrossOriginPreflightResultCache::shared().canSkipPreflight(document->securityOrigin()->toString(), request.url(), m_options.allowCredentials, request.httpMethod(), request.httpHeaderFields()))
-+ if (CrossOriginPreflightResultCache::shared().canSkipPreflight(document->securityOrigin()->toString(), m_actualRequest->url(), m_options.allowCredentials, m_actualRequest->httpMethod(), m_actualRequest->httpHeaderFields()))
- preflightSuccess();
- else
-- makeCrossOriginAccessRequestWithPreflight(request);
-+ makeCrossOriginAccessRequestWithPreflight(*m_actualRequest);
- }
- }
-
-@@ -106,8 +109,6 @@
-
- // Make a copy of the passed request so that we can modify some details.
- ResourceRequest crossOriginRequest(request);
-- crossOriginRequest.removeCredentials();
-- crossOriginRequest.setAllowCookies(m_options.allowCredentials);
- crossOriginRequest.setHTTPOrigin(m_document->securityOrigin()->toString());
-
- loadRequest(crossOriginRequest, DoSecurityCheck);
-@@ -293,6 +294,11 @@
-
- void DocumentThreadableLoader::loadRequest(const ResourceRequest& request, SecurityCheckPolicy securityCheck)
- {
-+ // Any credential should have been removed from the cross-site requests.
-+ const KURL& requestURL = request.url();
-+ ASSERT(m_sameOriginRequest || requestURL.user().isEmpty());
-+ ASSERT(m_sameOriginRequest || requestURL.pass().isEmpty());
-+
- if (m_async) {
- // Don't sniff content or send load callbacks for the preflight request.
- bool sendLoadCallbacks = m_options.sendLoadCallbacks && !m_actualRequest;
-@@ -316,15 +322,15 @@
-
- // No exception for file:/// resources, see <rdar://problem/4962298>.
- // Also, if we have an HTTP response, then it wasn't a network error in fact.
-- if (!error.isNull() && !request.url().isLocalFile() && response.httpStatusCode() <= 0) {
-+ if (!error.isNull() && !requestURL.isLocalFile() && response.httpStatusCode() <= 0) {
- m_client->didFail(error);
- return;
- }
-
- // FIXME: FrameLoader::loadSynchronously() does not tell us whether a redirect happened or not, so we guess by comparing the
- // request and response URLs. This isn't a perfect test though, since a server can serve a redirect to the same URL that was
-- // requested.
-- if (request.url() != response.url() && !isAllowedRedirect(response.url())) {
-+ // requested. Also comparing the request and response URLs as strings will fail if the requestURL still has its credentials.
-+ if (requestURL != response.url() && !isAllowedRedirect(response.url())) {
- m_client->didFailRedirectCheck();
- return;
- }
diff --git a/debian/patches/cve-2010-1761.patch b/debian/patches/cve-2010-1761.patch
deleted file mode 100644
index e99172e..0000000
--- a/debian/patches/cve-2010-1761.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-description: fix cve-2010-1761
-author: Michael Gilbert <michael.s.gilbert at gmail.com>
-origin: http://trac.webkit.org/changeset/59263
-Index: webkit-1.2.1/WebCore/page/FrameView.cpp
-===================================================================
---- webkit-1.2.1.orig/WebCore/page/FrameView.cpp 2010-05-13 16:31:30.000000000 -0400
-+++ webkit-1.2.1/WebCore/page/FrameView.cpp 2010-06-28 21:58:32.000000000 -0400
-@@ -1275,14 +1275,13 @@
- {
- ASSERT(m_frame->view() == this);
-
-- if (!m_layoutSchedulingEnabled || (m_frame->contentRenderer()
-- && m_frame->contentRenderer()->needsLayout())) {
-+ if (m_frame->contentRenderer() && m_frame->contentRenderer()->needsLayout()) {
- if (relayoutRoot)
- relayoutRoot->markContainingBlocksForLayout(false);
- return;
- }
-
-- if (layoutPending()) {
-+ if (layoutPending() || !m_layoutSchedulingEnabled) {
- if (m_layoutRoot != relayoutRoot) {
- if (isObjectAncestorContainerOf(m_layoutRoot, relayoutRoot)) {
- // Keep the current root
-@@ -1299,7 +1298,7 @@
- relayoutRoot->markContainingBlocksForLayout(false);
- }
- }
-- } else {
-+ } else if (m_layoutSchedulingEnabled) {
- int delay = m_frame->document()->minimumLayoutDelay();
- m_layoutRoot = relayoutRoot;
- m_delayedLayout = delay != 0;
diff --git a/debian/patches/cve-2010-1762.patch b/debian/patches/cve-2010-1762.patch
deleted file mode 100644
index e44e98f..0000000
--- a/debian/patches/cve-2010-1762.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-description: fix cve-2010-1762
-author: Michael Gilbert <michael.s.gilbert at gmail.com>
-origin: http://trac.webkit.org/changeset/59241
-Index: webkit-1.2.1/WebCore/editing/markup.cpp
-===================================================================
---- webkit-1.2.1.orig/WebCore/editing/markup.cpp 2010-05-13 16:31:30.000000000 -0400
-+++ webkit-1.2.1/WebCore/editing/markup.cpp 2010-06-28 22:02:20.000000000 -0400
-@@ -404,10 +404,12 @@
- if (Node* parent = node->parentNode()) {
- if (parent->hasTagName(scriptTag)
- || parent->hasTagName(styleTag)
-- || parent->hasTagName(textareaTag)
- || parent->hasTagName(xmpTag)) {
- appendUCharRange(result, ucharRange(node, range));
- break;
-+ } else if (parent->hasTagName(textareaTag)) {
-+ appendEscapedContent(result, ucharRange(node, range), documentIsHTML);
-+ break;
- }
- }
- if (!annotate) {
diff --git a/debian/patches/cve-2010-1770.patch b/debian/patches/cve-2010-1770.patch
deleted file mode 100644
index 4a41544..0000000
--- a/debian/patches/cve-2010-1770.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-description: fix cve-2010-1770
-author: Michael Gilbert <michael.s.gilbert at gmail.com>
-origin: http://trac.webkit.org/changeset/59795
-Index: webkit-1.2.1/WebCore/rendering/RenderText.cpp
-===================================================================
---- webkit-1.2.1.orig/WebCore/rendering/RenderText.cpp 2010-05-13 16:31:30.000000000 -0400
-+++ webkit-1.2.1/WebCore/rendering/RenderText.cpp 2010-06-28 22:04:55.000000000 -0400
-@@ -203,7 +203,7 @@
- PassRefPtr<StringImpl> RenderText::originalText() const
- {
- Node* e = node();
-- return e ? static_cast<Text*>(e)->dataImpl() : 0;
-+ return (e && e->isTextNode()) ? static_cast<Text*>(e)->dataImpl() : 0;
- }
-
- void RenderText::absoluteRects(Vector<IntRect>& rects, int tx, int ty)
-Index: webkit-1.2.1/WebCore/rendering/RenderTextFragment.cpp
-===================================================================
---- webkit-1.2.1.orig/WebCore/rendering/RenderTextFragment.cpp 2010-05-13 16:31:30.000000000 -0400
-+++ webkit-1.2.1/WebCore/rendering/RenderTextFragment.cpp 2010-06-28 22:04:55.000000000 -0400
-@@ -47,7 +47,7 @@
- PassRefPtr<StringImpl> RenderTextFragment::originalText() const
- {
- Node* e = node();
-- RefPtr<StringImpl> result = (e ? static_cast<Text*>(e)->dataImpl() : contentString());
-+ RefPtr<StringImpl> result = ((e && e->isTextNode()) ? static_cast<Text*>(e)->dataImpl() : contentString());
- if (result && (start() > 0 || start() < result->length()))
- result = result->substring(start(), end());
- return result.release();
-@@ -80,7 +80,7 @@
- {
- if (start()) {
- Node* e = node();
-- StringImpl* original = (e ? static_cast<Text*>(e)->dataImpl() : contentString());
-+ StringImpl* original = ((e && e->isTextNode()) ? static_cast<Text*>(e)->dataImpl() : contentString());
- if (original)
- return (*original)[start() - 1];
- }
diff --git a/debian/patches/cve-2010-1771.patch b/debian/patches/cve-2010-1771.patch
deleted file mode 100644
index cceb86b..0000000
--- a/debian/patches/cve-2010-1771.patch
+++ /dev/null
@@ -1,161 +0,0 @@
-description: fix cve-2010-1771
-author: Michael Gilbert <michael.s.gilbert at gmail.com>
-origin: http://trac.webkit.org/changeset/59876
-Index: webkit-1.2.1/WebCore/dom/Element.cpp
-===================================================================
---- webkit-1.2.1.orig/WebCore/dom/Element.cpp 2010-06-28 21:51:06.000000000 -0400
-+++ webkit-1.2.1/WebCore/dom/Element.cpp 2010-06-28 22:07:40.000000000 -0400
-@@ -938,7 +938,7 @@
- newStyle->setChildrenAffectedByDirectAdjacentRules();
- }
-
-- if (ch != NoChange || pseudoStyleCacheIsInvalid(currentStyle.get(), newStyle.get())) {
-+ if (ch != NoChange || pseudoStyleCacheIsInvalid(currentStyle.get(), newStyle.get()) || change == Force && renderer() && renderer()->requiresForcedStyleRecalcPropagation()) {
- setRenderStyle(newStyle);
- } else if (needsStyleRecalc() && (styleChangeType() != SyntheticStyleChange) && (document()->usesSiblingRules() || document()->usesDescendantRules())) {
- // Although no change occurred, we use the new style so that the cousin style sharing code won't get
-Index: webkit-1.2.1/WebCore/rendering/RenderMenuList.h
-===================================================================
---- webkit-1.2.1.orig/WebCore/rendering/RenderMenuList.h 2010-05-13 16:31:30.000000000 -0400
-+++ webkit-1.2.1/WebCore/rendering/RenderMenuList.h 2010-06-28 22:07:40.000000000 -0400
-@@ -72,6 +72,8 @@
-
- virtual void styleDidChange(StyleDifference, const RenderStyle* oldStyle);
-
-+ virtual bool requiresForcedStyleRecalcPropagation() const { return true; }
-+
- // PopupMenuClient methods
- virtual String itemText(unsigned listIndex) const;
- virtual String itemToolTip(unsigned listIndex) const;
-Index: webkit-1.2.1/WebCore/rendering/RenderProgress.h
-===================================================================
---- webkit-1.2.1.orig/WebCore/rendering/RenderProgress.h 2010-05-13 16:31:30.000000000 -0400
-+++ webkit-1.2.1/WebCore/rendering/RenderProgress.h 2010-06-28 22:07:40.000000000 -0400
-@@ -50,6 +50,8 @@
- // This will catch anyone doing an unnecessary cast.
- void toRenderProgress(const RenderProgress*);
-
-+ virtual bool requiresForcedStyleRecalcPropagation() const { return true; }
-+
- } // namespace WebCore
-
- #endif
-Index: webkit-1.2.1/WebCore/rendering/RenderButton.h
-===================================================================
---- webkit-1.2.1.orig/WebCore/rendering/RenderButton.h 2010-05-13 16:31:30.000000000 -0400
-+++ webkit-1.2.1/WebCore/rendering/RenderButton.h 2010-06-28 22:07:40.000000000 -0400
-@@ -57,12 +57,14 @@
-
- virtual bool canHaveChildren() const;
-
--protected:
-+private:
- virtual void styleWillChange(StyleDifference, const RenderStyle* newStyle);
- virtual void styleDidChange(StyleDifference, const RenderStyle* oldStyle);
-
- virtual bool hasLineIfEmpty() const { return true; }
-
-+ virtual bool requiresForcedStyleRecalcPropagation() const { return true; }
-+
- void timerFired(Timer<RenderButton>*);
-
- RenderTextFragment* m_buttonText;
-Index: webkit-1.2.1/WebCore/rendering/RenderObject.h
-===================================================================
---- webkit-1.2.1.orig/WebCore/rendering/RenderObject.h 2010-05-13 16:31:30.000000000 -0400
-+++ webkit-1.2.1/WebCore/rendering/RenderObject.h 2010-06-28 22:07:40.000000000 -0400
-@@ -322,6 +322,8 @@
- bool cellWidthChanged() const { return m_cellWidthChanged; }
- void setCellWidthChanged(bool b = true) { m_cellWidthChanged = b; }
-
-+ virtual bool requiresForcedStyleRecalcPropagation() const { return false; }
-+
- #if ENABLE(MATHML)
- virtual bool isRenderMathMLBlock() const { return false; }
- #endif // ENABLE(MATHML)
-@@ -412,7 +414,6 @@
- void drawArcForBoxSide(GraphicsContext*, int x, int y, float thickness, IntSize radius, int angleStart,
- int angleSpan, BoxSide, Color, EBorderStyle, bool firstCorner);
-
--public:
- // The pseudo element style can be cached or uncached. Use the cached method if the pseudo element doesn't respect
- // any pseudo classes (and therefore has no concept of changing state).
- RenderStyle* getCachedPseudoStyle(PseudoId, RenderStyle* parentStyle = 0) const;
-Index: webkit-1.2.1/WebCore/rendering/RenderSlider.h
-===================================================================
---- webkit-1.2.1.orig/WebCore/rendering/RenderSlider.h 2010-05-13 16:31:30.000000000 -0400
-+++ webkit-1.2.1/WebCore/rendering/RenderSlider.h 2010-06-28 22:07:40.000000000 -0400
-@@ -58,6 +58,8 @@
-
- virtual void styleDidChange(StyleDifference, const RenderStyle* oldStyle);
-
-+ virtual bool requiresForcedStyleRecalcPropagation() const { return true; }
-+
- PassRefPtr<RenderStyle> createThumbStyle(const RenderStyle* parentStyle);
-
- int trackSize();
-Index: webkit-1.2.1/WebCore/rendering/RenderListItem.h
-===================================================================
---- webkit-1.2.1.orig/WebCore/rendering/RenderListItem.h 2010-05-13 16:31:30.000000000 -0400
-+++ webkit-1.2.1/WebCore/rendering/RenderListItem.h 2010-06-28 22:07:40.000000000 -0400
-@@ -63,6 +63,8 @@
-
- virtual void styleDidChange(StyleDifference, const RenderStyle* oldStyle);
-
-+ virtual bool requiresForcedStyleRecalcPropagation() const { return true; }
-+
- void updateMarkerLocation();
- inline int calcValue() const;
- void updateValueNow() const;
-Index: webkit-1.2.1/WebCore/rendering/RenderMedia.h
-===================================================================
---- webkit-1.2.1.orig/WebCore/rendering/RenderMedia.h 2010-05-13 16:31:30.000000000 -0400
-+++ webkit-1.2.1/WebCore/rendering/RenderMedia.h 2010-06-28 22:07:40.000000000 -0400
-@@ -118,6 +118,8 @@
-
- virtual void styleDidChange(StyleDifference, const RenderStyle* oldStyle);
-
-+ virtual bool requiresForcedStyleRecalcPropagation() const { return true; }
-+
- RefPtr<HTMLElement> m_controlsShadowRoot;
- RefPtr<MediaControlElement> m_panel;
- RefPtr<MediaControlMuteButtonElement> m_muteButton;
-Index: webkit-1.2.1/WebCore/rendering/RenderDataGrid.h
-===================================================================
---- webkit-1.2.1.orig/WebCore/rendering/RenderDataGrid.h 2010-05-13 16:31:30.000000000 -0400
-+++ webkit-1.2.1/WebCore/rendering/RenderDataGrid.h 2010-06-28 22:07:40.000000000 -0400
-@@ -53,6 +53,8 @@
- private:
- virtual void styleDidChange(StyleDifference, const RenderStyle* oldStyle);
-
-+ virtual bool requiresForcedStyleRecalcPropagation() const { return true; }
-+
- RenderStyle* columnStyle(DataGridColumn*);
- RenderStyle* headerStyle(DataGridColumn*);
- void recalcStyleForColumns();
-Index: webkit-1.2.1/WebCore/rendering/RenderTextControl.h
-===================================================================
---- webkit-1.2.1.orig/WebCore/rendering/RenderTextControl.h 2010-05-13 16:31:30.000000000 -0400
-+++ webkit-1.2.1/WebCore/rendering/RenderTextControl.h 2010-06-28 22:07:40.000000000 -0400
-@@ -107,6 +107,8 @@
-
- virtual bool canBeProgramaticallyScrolled(bool) const { return true; }
-
-+ virtual bool requiresForcedStyleRecalcPropagation() const { return true; }
-+
- String finishText(Vector<UChar>&) const;
-
- bool m_wasChangedSinceLastChangeEvent;
-Index: webkit-1.2.1/WebCore/rendering/RenderFileUploadControl.h
-===================================================================
---- webkit-1.2.1.orig/WebCore/rendering/RenderFileUploadControl.h 2010-05-13 16:31:30.000000000 -0400
-+++ webkit-1.2.1/WebCore/rendering/RenderFileUploadControl.h 2010-06-28 22:07:40.000000000 -0400
-@@ -56,6 +56,8 @@
-
- virtual void styleDidChange(StyleDifference, const RenderStyle* oldStyle);
-
-+ virtual bool requiresForcedStyleRecalcPropagation() const { return true; }
-+
- // FileChooserClient methods.
- void valueChanged();
- void repaint() { RenderBlock::repaint(); }
diff --git a/debian/patches/cve-2010-1772.patch b/debian/patches/cve-2010-1772.patch
deleted file mode 100644
index 7935e4a..0000000
--- a/debian/patches/cve-2010-1772.patch
+++ /dev/null
@@ -1,15 +0,0 @@
-description: fix cve-2010-1772
-author: Michael Gilbert <michael.s.gilbert at gmail.com>
-origin: http://trac.webkit.org/changeset/59859
-Index: webkit-1.2.1/WebCore/page/Geolocation.cpp
-===================================================================
---- webkit-1.2.1.orig/WebCore/page/Geolocation.cpp 2010-06-28 17:11:40.000000000 -0400
-+++ webkit-1.2.1/WebCore/page/Geolocation.cpp 2010-06-28 22:11:46.000000000 -0400
-@@ -219,6 +219,7 @@
-
- void Geolocation::disconnectFrame()
- {
-+ stopTimers();
- stopUpdating();
- if (m_frame) {
- if (m_frame->document())
diff --git a/debian/patches/cve-2010-1773.patch b/debian/patches/cve-2010-1773.patch
deleted file mode 100644
index 2a936de..0000000
--- a/debian/patches/cve-2010-1773.patch
+++ /dev/null
@@ -1,20 +0,0 @@
-description: fix cve-2010-1773
-author: Michael Gilbert <michael.s.gilbert at gmail.com>
-origin: http://trac.webkit.org/changeset/59950
-Index: webkit-1.2.1/WebCore/rendering/RenderListMarker.cpp
-===================================================================
---- webkit-1.2.1.orig/WebCore/rendering/RenderListMarker.cpp 2010-05-13 16:31:30.000000000 -0400
-+++ webkit-1.2.1/WebCore/rendering/RenderListMarker.cpp 2010-06-28 22:16:48.000000000 -0400
-@@ -101,8 +101,10 @@
- int length = 1;
-
- if (type == AlphabeticSequence) {
-- while ((numberShadow /= sequenceSize) > 0)
-- letters[lettersSize - ++length] = sequence[numberShadow % sequenceSize - 1];
-+ while ((numberShadow /= sequenceSize) > 0) {
-+ --numberShadow;
-+ letters[lettersSize - ++length] = sequence[numberShadow % sequenceSize];
-+ }
- } else {
- while ((numberShadow /= sequenceSize) > 0)
- letters[lettersSize - ++length] = sequence[numberShadow % sequenceSize];
diff --git a/debian/patches/cve-2010-1774.patch b/debian/patches/cve-2010-1774.patch
deleted file mode 100644
index 7a5a2f4..0000000
--- a/debian/patches/cve-2010-1774.patch
+++ /dev/null
@@ -1,17 +0,0 @@
-description: fix cve-2010-1774
-author: Michael Gilbert <michael.s.gilbert at gmail.com>
-origin: http://trac.webkit.org/changeset/59495
-Index: webkit-1.2.1/WebCore/rendering/FixedTableLayout.cpp
-===================================================================
---- webkit-1.2.1.orig/WebCore/rendering/FixedTableLayout.cpp 2010-05-13 16:31:30.000000000 -0400
-+++ webkit-1.2.1/WebCore/rendering/FixedTableLayout.cpp 2010-06-28 22:18:45.000000000 -0400
-@@ -166,8 +166,7 @@
-
- int usedSpan = 0;
- int i = 0;
-- while (usedSpan < span) {
-- ASSERT(cCol + i < nEffCols);
-+ while (usedSpan < span && cCol + i < nEffCols) {
- int eSpan = m_table->spanOfEffCol(cCol + i);
- // Only set if no col element has already set it.
- if (m_width[cCol + i].isAuto() && w.type() != Auto) {
diff --git a/debian/patches/series b/debian/patches/series
index 471c51e..3478fff 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,26 +1,2 @@
02-pool-fixup-and-sparc-support.patch
-# security patches
-cve-2010-1386.patch
-cve-2010-1392.patch
-cve-2010-1405.patch
-cve-2010-1407.patch
-cve-2010-1416.patch
-cve-2010-1417+1665.patch
-cve-2010-1418-part1.patch
-cve-2010-1418-part2.patch
-cve-2010-1418-part3.patch
-cve-2010-1422.patch
-cve-2010-1421.patch
-cve-2010-1501+1767.patch
-cve-2010-1664.patch
-cve-2010-1758.patch
-cve-2010-1759.patch
-cve-2010-1760.patch
-cve-2010-1761.patch
-cve-2010-1762.patch
-cve-2010-1770.patch
-cve-2010-1771.patch
-cve-2010-1772.patch
-cve-2010-1773.patch
-cve-2010-1774.patch
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list