-
tkent@chromium.org authored
Reviewed by Kent Tamura. Dangling form associated elements should not be registered on the document https://bugs.webkit.org/show_bug.cgi?id=53223 Adds insertedIntoDocument() and remvoedFromDocument() to FormAssociatedElement class to register the element on the document if and only if it actually inserted into (removed from) the document. Test: fast/forms/dangling-form-element-crash.html * html/FormAssociatedElement.cpp: (WebCore::FormAssociatedElement::insertedIntoDocument): Added. (WebCore::FormAssociatedElement::removedFromDocument): Ditto. (WebCore::FormAssociatedElement::insertedIntoTree): Don't register the element to a document. (WebCore::FormAssociatedElement::removedFromTree): Don't unregister the element from a document. * html/FormAssociatedElement.h: * html/HTMLFormControlElement.cpp: (WebCore::HTMLFormControlElement::insertedIntoDocument): Added. (WebCore::HTMLFormControlElement::removedFromDocument): Ditto. * html/HTMLFormControlElement.h: * html/HTMLObjectElement.cpp: (WebCore::HTMLObjectElement::insertedIntoDocument): Calls FormAssociatedElement::insertedIntoDocument(). (WebCore::HTMLObjectElement::removedFromDocument): Calls FormAssociatedElement::removedFromDocument(). 2011-01-30 Kenichi Ishibashi <bashi@google.com> Reviewed by Kent Tamura. Dangling form associated elements should not be registered on the document https://bugs.webkit.org/show_bug.cgi?id=53223 Adds a test that ensures dangling form associated elements are not registered on the document. * fast/forms/dangling-form-element-crash-expected.txt: Added. * fast/forms/dangling-form-element-crash.html: Added. git-svn-id: http://svn.webkit.org/repository/webkit/trunk@77114 268f45cc-cd09-0410-ab3c-d52691b4dbfc
fc192901