Skip to content
Find file Blame History Permalink
  • commit-queue@webkit.org's avatar
    Opening two popup menus by dispatchEvent() makes problems. · f3ed1003
    commit-queue@webkit.org authored 
    https://bugs.webkit.org/show_bug.cgi?id=73304

Patch by Jing Zhao <jingzhao@chromium.org> on 2011-12-14
Reviewed by Kent Tamura.

Source/WebCore:

By using element.dispatchEvent(), a user written script can open two
popup menus, which causes various problems in different platforms.

Add a hasOpenedPopup() method in ChromeClient and a wrapper in Chrome.
In RenderMenuList::showPopup(), check if there is an opened popup menu
before opening a new popup menu.

Test: fast/forms/select-popup-crash.html

* loader/EmptyClients.h: Overrides hasOpenedPopup().
(WebCore::EmptyChromeClient::hasOpenedPopup): Returns false as a default case.
* page/Chrome.cpp:
(WebCore::Chrome::hasOpenedPopup): Calls ChromeClient::hasOpenedPopup().
* page/Chrome.h: Declares hasOpenedPopup().
* page/ChromeClient.h: Declares hasOpenedPopup() as a pure virtual function.
* rendering/RenderMenuList.cpp:
(WebCore::RenderMenuList::showPopup): Calls Chrome::hasOpenedPopup() before opening a new popup menu.

Source/WebKit/chromium:

By using element.dispatchEvent(), a user written script can open two
popup menus, which causes the assertion in WebViewImpl::popupOpened()
fail.

ChromeClientImpl::hasOpenedPopup() is called by Chrome::hasOpenedPopup()
in RenderMenuList::showPopup(), to check if there is an opened popup
menu before opening a new popup menu.

* src/ChromeClientImpl.cpp:
(WebKit::ChromeClientImpl::hasOpenedPopup): Checks the popup in WebViewImpl.
* src/ChromeClientImpl.h: Overrides hasOpenedPopup().

Source/WebKit/efl:

* WebCoreSupport/ChromeClientEfl.cpp:
(WebCore::ChromeClientEfl::hasOpenedPopup): Not implemented.
* WebCoreSupport/ChromeClientEfl.h: Overrides hasOpenedPopup().

Source/WebKit/gtk:

* WebCoreSupport/ChromeClientGtk.cpp:
(WebKit::ChromeClient::hasOpenedPopup): Not implemented.
* WebCoreSupport/ChromeClientGtk.h: Overrides hasOpenedPopup().

Source/WebKit/mac:

* WebCoreSupport/WebChromeClient.h: Overrides hasOpenedPopup().
* WebCoreSupport/WebChromeClient.mm:
(WebChromeClient::hasOpenedPopup): Not implemented.

Source/WebKit/qt:

* WebCoreSupport/ChromeClientQt.cpp:
(WebCore::ChromeClientQt::hasOpenedPopup): Not implemented.
* WebCoreSupport/ChromeClientQt.h: Overrides hasOpenedPopup().

Source/WebKit/win:

* WebCoreSupport/WebChromeClient.cpp:
(WebChromeClient::hasOpenedPopup): Not implemented.
* WebCoreSupport/WebChromeClient.h: Overrides hasOpenedPopup().

Source/WebKit2:

* WebProcess/WebCoreSupport/WebChromeClient.cpp:
(WebKit::WebChromeClient::hasOpenedPopup): Not implemented.
* WebProcess/WebCoreSupport/WebChromeClient.h: Overrides hasOpenedPopup().

LayoutTests:

* fast/forms/select/menulist-popup-crash-expected.txt: Added.
* fast/forms/select/menulist-popup-crash.html: Added.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@102874 268f45cc-cd09-0410-ab3c-d52691b4dbfc
    f3ed1003