Commit 0f88bda0 authored by darin@apple.com's avatar darin@apple.com

WebCore:

2009-04-01  Darin Adler  <darin@apple.com>

        Reviewed by Geoff Garen.

        Bug 22378: Crash submitting a form when parsing an XHTML document
        https://bugs.webkit.org/show_bug.cgi?id=22378
        rdar://problem/6388377

        Tests: fast/loader/submit-form-while-parsing-1.xhtml
               fast/loader/submit-form-while-parsing-2.html

        * WebCore.base.exp: Updated.

        * history/HistoryItem.cpp:
        (WebCore::HistoryItem::HistoryItem): Renamed m_subItems to m_children.
        Used uncheckedAppend because we reserveInitialCapacity.
        (WebCore::HistoryItem::addChildItem): Renamed m_subItems to m_children.
        Added an assertion that this is only used to add items that don't have
        duplicate frame names.
        (WebCore::HistoryItem::setChildItem): Added. Replaces an existing item
        if any, preserving the isTargetItem flag.
        (WebCore::HistoryItem::childItemWithTarget): Renamed from childItemWithName
        for consistency with the other functions here that all call the frame name the
        "target". Also updated for rename of m_subItems to m_children.
        (WebCore::HistoryItem::findTargetItem): Renamed from recurseToFindTargetItem.
        Removed unneeded size check.
        (WebCore::HistoryItem::targetItem): Changed to always return the top item
        if no item has the isTargetItem flag set. The old version would instead return
        0 in some cases, but return the top item if it had no children.
        (WebCore::HistoryItem::children): Renamed m_subItems to m_children.
        (WebCore::HistoryItem::hasChildren): Ditto.
        (WebCore::HistoryItem::showTreeWithIndent): Ditto.

        * history/HistoryItem.h: Name changes.

        * html/HTMLFormElement.cpp:
        (WebCore::HTMLFormElement::submit): Create and pass a FormState instead of
        attaching "recorded form values" and "form about to be submitted" to the frame
        loader. Parameter work fine for this; there's no need to store state on the
        FrameLoader.

        * loader/FormState.cpp:
        (WebCore::FormState::FormState): Adopt a vector instead of copying a hash map.
        (WebCore::FormState::create): Ditto.
        * loader/FormState.h: Update to use a vector that we adopt instead of hash map
        that we copy for auto-fill text field values.

        * loader/FrameLoader.cpp:
        (WebCore::ScheduledRedirection::ScheduledRedirection): Added a new case for
        form submissions and turned the "wasDuringLoad" state into a separate boolean
        instead of using a special redirection type to track it.
        (WebCore::FrameLoader::createWindow): Updated for name and argument change of
        loadFrameRequest.
        (WebCore::FrameLoader::urlSelected): Ditto.
        (WebCore::FrameLoader::submitForm): Removed the "deferred form submission"
        machinery, replacing it with the "scheduled redirection" mechanism, shared
        with other kinds of redirection and navigation. Moved frame targeting here
        so we can schedule the redirection on the right frame. Moved the multiple
        form submission protection here. Moved the code to implement the rule that
        m_navigationDuringLoad was used for here too.
        (WebCore::FrameLoader::didOpenURL): Use the new wasDuringLoad flag instead
        of the locationChangeDuringLoad type to detect location change during a load.
        (WebCore::FrameLoader::executeScript): Removed call to now-obsolete function,
        submitFormAgain.
        (WebCore::FrameLoader::scheduleLocationChange): Moved the code to stop loading
        out of this function into scheduleRedirection, so it can be shared with the
        new scheduleFormSubmission function.
        (WebCore::FrameLoader::scheduleFormSubmission): Added. Almost the same as
        scheduleLocationChange, but with the arguments for a form submission.
        (WebCore::FrameLoader::scheduleRefresh): Updated for the change to the
        duringLoad flag.
        (WebCore::FrameLoader::isLocationChange): Added case for formSubmission
        and removed case for locationChangeDuringLoad.
        (WebCore::FrameLoader::redirectionTimerFired): Ditto. Also removed unneeded
        completeURL call and just use KURL constructor to match the other cases.
        (WebCore::FrameLoader::provisionalLoadStarted): Removed the code to set up
        the m_navigationDuringLoad, which is no longer needed. The new version of
        this is in the submitForm function and sets the lockHistory boolean.
        (WebCore::FrameLoader::scheduleRedirection): Moved the code to stop a load
        in here that used to be in scheduleLocationChange.
        (WebCore::FrameLoader::startRedirectionTimer): Added case for formSubmission
        and removed case for locationChangeDuringLoad.
        (WebCore::FrameLoader::stopRedirectionTimer): Ditto.
        (WebCore::FrameLoader::completed): Removed call to now-obsolete function,
        submitFormAgain.
        (WebCore::FrameLoader::loadFrameRequest): Renamed from
        loadFrameRequestWithFormAndValues. Replaced form element and form values
        argument with a single FormState argument. Changed frame targeting code
        to use the source frame in the case of a form submission to better match
        the actual target frame.
        (WebCore::FrameLoader::loadURL): Don't search for existing frames in the
        form submission case since we already did that in the submitForm function.
        (WebCore::FrameLoader::clientRedirected): Changed to work with the
        m_isExecutingJavaScriptFormAction data member directly instead of taking
        it as a function parameter.
        (WebCore::FrameLoader::loadPostRequest): Don't search for existing frames
        in the form submission case since we already did that in the submitForm
        function.
        (WebCore::FrameLoader::addBackForwardItemClippedAtTarget): Moved comment
        in here that was misplaced elsewhere in the file.
        (WebCore::FrameLoader::findFrameForNavigation): Changed to use the early
        return idiom.
        (WebCore::FrameLoader::recursiveGoToItem): Updated for HistoryItem changes.
        (WebCore::FrameLoader::childFramesMatchItem): Ditto.
        (WebCore::FrameLoader::updateHistoryForStandardLoad): Removed the
        m_navigationDuringLoad logic; that's now handled by setting lockHistory
        to true in the submitForm function.
        (WebCore::FrameLoader::updateHistoryForRedirectWithLockedBackForwardList):
        Use the new setChildItem function so we don't get multiple items for the
        same frame name in the history item tree in the back/forward list.

        * loader/FrameLoader.h: Renamed loadFrameRequestWithFormAndValues to
        loadFrameRequest and made it take a form state object instead of the
        form element and form values. Removed the unused functions
        loadEmptyDocumentSynchronously, provisionalDocumentLoader,
        notifyIconChnaged, and updateBaseURLForEmptyDocument. Changed the
        submitForm function to take a form state argument. Eliminated the
        clearRecordedFormValues, setFormAboutToBeSubmitted, and recordFormValue
        functions, which are replaced by the form state arguments to submitForm
        and loadFrameRequest. Removed the isJavaScriptFormAction argument from
        the clientRedirected function; instead it looks at a data member directly.
        Eliminated the submitFormAgain and overload of the submitForm function;
        these are now subsumed into the remaining submitForm function and the
        scheduleFormSubmission function. Removed unused and obsolete data
        members m_navigationDuringLoad, m_deferredFormSubmission,
        m_formAboutToBeSubmitted and m_formValuesAboutToBeSubmitted.

        * page/ContextMenuController.cpp:
        (WebCore::ContextMenuController::contextMenuItemSelected):
        Updated for name and argument change of loadFrameRequest.

        * page/Frame.cpp:
        (WebCore::Frame::~Frame): Removed call to the now-unneeded
        clearRecordedFormValues function.

WebKit/mac:

2009-04-01  Darin Adler  <darin@apple.com>

        Reviewed by Geoff Garen.

        Bug 22378: Crash submitting a form when parsing an XHTML document
        https://bugs.webkit.org/show_bug.cgi?id=22378
        rdar://problem/6388377

        * History/WebHistoryItem.mm:
        (-[WebHistoryItem targetItem]): Call targetItem directly instead of callling
        isTargetItem, hasChildren, and recurseToFindTargetItem.

        * WebCoreSupport/WebFrameLoaderClient.mm:
        (WebFrameLoaderClient::dispatchWillSubmitForm): Updated for the new
        textFieldValues function in FormState.

        * WebView/WebPDFView.mm:
        (-[WebPDFView PDFViewWillClickOnLink:withURL:]): Updated for name and
        argument change of loadFrameRequest.

WebKit/win:

2009-04-01  Darin Adler  <darin@apple.com>

        Reviewed by Geoff Garen.

        Bug 22378: Crash submitting a form when parsing an XHTML document
        https://bugs.webkit.org/show_bug.cgi?id=22378
        rdar://problem/6388377

        * WebFrame.cpp:
        (WebFrame::dispatchWillSubmitForm): Updated for the new
        textFieldValues function in FormState.

LayoutTests:

2009-04-01  Darin Adler  <darin@apple.com>

        Reviewed by Geoff Garen.

        Bug 22378: Crash submitting a form when parsing an XHTML document
        https://bugs.webkit.org/show_bug.cgi?id=22378
        rdar://problem/6388377

        * fast/loader/onunload-form-submit-crash-2-expected.txt: Updated for change to the test.
        * fast/loader/onunload-form-submit-crash-2.html: Updated test to expect the form submission
        during the onunload handler to be ineffective.
        * fast/loader/onunload-form-submit-crash-expected.txt: Updated for change to the test.
        * fast/loader/onunload-form-submit-crash.html: Updated test to expect the form submission
        during the onunload handler to be ineffective.

        * fast/loader/resources/onunload-form-submit-crash2.html: Removed.
        * fast/loader/resources/onunload-form-submit-failure.html: Copied from
        LayoutTests/fast/loader/resources/onunload-form-submit-crash2.html.
        * fast/loader/resources/onunload-form-submit-success.html: Copied from
        LayoutTests/fast/loader/resources/onunload-form-submit-crash2.html.

        * fast/loader/resources/submit-form-while-parsing-subframe.html: Added.
        * fast/loader/resources/submit-form-while-parsing-success.html: Added.
        * fast/loader/submit-form-while-parsing-1-expected.txt: Added.
        * fast/loader/submit-form-while-parsing-1.xhtml: Added.
        * fast/loader/submit-form-while-parsing-2-expected.txt: Added.
        * fast/loader/submit-form-while-parsing-2.html: Added.

        * platform/mac/http/tests/navigation/success200-frames-loadsame-expected.txt: Updated
        to expect proper results, without the duplicate history items for the same frame name
        that were present before.



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@42158 268f45cc-cd09-0410-ab3c-d52691b4dbfc
parent ff4e8953
2009-04-01 Darin Adler <darin@apple.com>
Reviewed by Geoff Garen.
Bug 22378: Crash submitting a form when parsing an XHTML document
https://bugs.webkit.org/show_bug.cgi?id=22378
rdar://problem/6388377
* fast/loader/onunload-form-submit-crash-2-expected.txt: Updated for change to the test.
* fast/loader/onunload-form-submit-crash-2.html: Updated test to expect the form submission
during the onunload handler to be ineffective.
* fast/loader/onunload-form-submit-crash-expected.txt: Updated for change to the test.
* fast/loader/onunload-form-submit-crash.html: Updated test to expect the form submission
during the onunload handler to be ineffective.
* fast/loader/resources/onunload-form-submit-crash2.html: Removed.
* fast/loader/resources/onunload-form-submit-failure.html: Copied from
LayoutTests/fast/loader/resources/onunload-form-submit-crash2.html.
* fast/loader/resources/onunload-form-submit-success.html: Copied from
LayoutTests/fast/loader/resources/onunload-form-submit-crash2.html.
* fast/loader/resources/submit-form-while-parsing-subframe.html: Added.
* fast/loader/resources/submit-form-while-parsing-success.html: Added.
* fast/loader/submit-form-while-parsing-1-expected.txt: Added.
* fast/loader/submit-form-while-parsing-1.xhtml: Added.
* fast/loader/submit-form-while-parsing-2-expected.txt: Added.
* fast/loader/submit-form-while-parsing-2.html: Added.
* platform/mac/http/tests/navigation/success200-frames-loadsame-expected.txt: Updated
to expect proper results, without the duplicate history items for the same frame name
that were present before.
2009-04-01 Tony Chang <tony@chromium.org>
Reviewed by Darin Fisher.
......
main frame - has 1 onunload handler(s)
main frame - has 1 onunload handler(s)
SUCCESS
SUCCESS. If you see this page the test has successfully loaded a new page without crashing or submitting a form from an onunload handler.
......@@ -9,9 +9,9 @@
layoutTestController.dumpAsText();
layoutTestController.waitUntilDone();
}
location.href = "about:blank";
location.href = "resources/onunload-form-submit-success.html";
} else {
document.getElementById("result").innerText = "SUCCESS";
document.getElementById("result").innerText = "FAIL";
if (window.layoutTestController)
layoutTestController.notifyDone();
}
......
main frame - has 1 onunload handler(s)
Bug: rdar://problem/4268278 Submitting a form in onUnload event handler causes crash in -[WebDataSource(WebPrivate) _commitIfReady:]
If this test passes, you'll see a PASS message below.
PASS: Safari didn't crash.
SUCCESS. If you see this page the test has successfully loaded a new page without crashing or submitting a form from an onunload handler.
......@@ -6,7 +6,7 @@
layoutTestController.waitUntilDone();
}
window.setTimeout("location.href=location.href", 0); // cheap way to force an unload
window.setTimeout("location.href='resources/onunload-form-submit-success.html'", 0);
</script>
<p>This is just a dummy page that loads the next page to see if we crash.</p>
<form name="myForm" action="resources/onunload-form-submit-crash2.html"></form>
......
<html>
<head>
<script>
function print(message) {
var paragraph = document.createElement("p");
paragraph.appendChild(document.createTextNode(message));
document.getElementById("console").appendChild(paragraph);
}
function continueTestAfterNavigation()
{
if (window.layoutTestController)
......@@ -19,6 +13,6 @@
<p>Bug: rdar://problem/4268278 Submitting a form in onUnload event handler causes crash in -[WebDataSource(WebPrivate) _commitIfReady:]</p>
<p>If this test passes, you'll see a PASS message below.</p>
<hr>
<p>PASS: Safari didn't crash.</p>
<p>FAIL: You should not reach this page any more, since a form submission in an onunload handler has no effect.</p>
</body>
<html>
\ No newline at end of file
<html>
<html>
<head>
<script>
function continueTestAfterNavigation()
{
if (window.layoutTestController)
layoutTestController.notifyDone();
}
</script>
</head>
<body onload="continueTestAfterNavigation()">
<p>SUCCESS. If you see this page the test has successfully loaded a new page without crashing or submitting a form from an onunload handler.</p>
</body>
<html>
<form name="form" method="POST" action="about:blank"></form>
<script type="text/javascript">
if (window.layoutTestController) {
layoutTestController.dumpAsText();
layoutTestController.waitUntilDone();
}
document.forms.form.submit();
setTimeout("location='resources/submit-form-while-parsing-success.html'", 0);
</script>
<body onload="layoutTestController.notifyDone()">PASSED: If we successfully got here without an assertion or crash, all is well.</body>
PASSED: If we successfully got here without an assertion or crash, all is well.
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<body>
<form name="form" method="POST" action="resources/submit-form-while-parsing-success.html"/>
<script type="text/javascript">
<![CDATA[
if (window.layoutTestController) {
layoutTestController.dumpAsText();
layoutTestController.waitUntilDone();
}
document.forms.form.submit();
]]>
</script>
</body>
</html>
PASSED: If we successfully got here without an assertion or crash, all is well.
<script>
var frameIsLoaded = false;
var testIsStarted = false;
function startTest()
{
if (window.layoutTestController) {
layoutTestController.dumpAsText();
layoutTestController.waitUntilDone();
}
testIsStarted = true;
if (frameIsLoaded)
frameLoaded();
}
function frameLoaded()
{
if (!testIsStarted) {
frameIsLoaded = true;
return;
}
if (document.getElementById('frame').contentWindow.location != "about:blank") {
document.getElementById("message").firstChild.data = "FAILED: Subframe had the wrong location";
return;
}
document.getElementById("message").firstChild.data = "PASSED: If we successfully got here without an assertion or crash, all is well.";
if (window.layoutTestController)
layoutTestController.notifyDone();
}
</script>
<body onload="startTest()">
<p id="message">TEST DID NOT RUN YET</p>
<iframe src="resources/submit-form-while-parsing-subframe.html" id="frame" onload="frameLoaded()"></iframe>
</body>
......@@ -126,7 +126,5 @@ layer at (0,0) size 800x600
http://127.0.0.1:8000/navigation/success200-frames-loadsame.html **nav target**
curr-> http://127.0.0.1:8000/navigation/resources/frameset.pl?frameURL=success200.html **nav target**
http://127.0.0.1:8000/navigation/resources/otherpage.html (in frame "footer")
http://127.0.0.1:8000/navigation/resources/otherpage.html (in frame "footer")
http://127.0.0.1:8000/navigation/resources/success200.html (in frame "main")
http://127.0.0.1:8000/navigation/resources/success200.html (in frame "main")
===============================================
2009-04-01 Darin Adler <darin@apple.com>
Reviewed by Geoff Garen.
Bug 22378: Crash submitting a form when parsing an XHTML document
https://bugs.webkit.org/show_bug.cgi?id=22378
rdar://problem/6388377
Tests: fast/loader/submit-form-while-parsing-1.xhtml
fast/loader/submit-form-while-parsing-2.html
* WebCore.base.exp: Updated.
* history/HistoryItem.cpp:
(WebCore::HistoryItem::HistoryItem): Renamed m_subItems to m_children.
Used uncheckedAppend because we reserveInitialCapacity.
(WebCore::HistoryItem::addChildItem): Renamed m_subItems to m_children.
Added an assertion that this is only used to add items that don't have
duplicate frame names.
(WebCore::HistoryItem::setChildItem): Added. Replaces an existing item
if any, preserving the isTargetItem flag.
(WebCore::HistoryItem::childItemWithTarget): Renamed from childItemWithName
for consistency with the other functions here that all call the frame name the
"target". Also updated for rename of m_subItems to m_children.
(WebCore::HistoryItem::findTargetItem): Renamed from recurseToFindTargetItem.
Removed unneeded size check.
(WebCore::HistoryItem::targetItem): Changed to always return the top item
if no item has the isTargetItem flag set. The old version would instead return
0 in some cases, but return the top item if it had no children.
(WebCore::HistoryItem::children): Renamed m_subItems to m_children.
(WebCore::HistoryItem::hasChildren): Ditto.
(WebCore::HistoryItem::showTreeWithIndent): Ditto.
* history/HistoryItem.h: Name changes.
* html/HTMLFormElement.cpp:
(WebCore::HTMLFormElement::submit): Create and pass a FormState instead of
attaching "recorded form values" and "form about to be submitted" to the frame
loader. Parameter work fine for this; there's no need to store state on the
FrameLoader.
* loader/FormState.cpp:
(WebCore::FormState::FormState): Adopt a vector instead of copying a hash map.
(WebCore::FormState::create): Ditto.
* loader/FormState.h: Update to use a vector that we adopt instead of hash map
that we copy for auto-fill text field values.
* loader/FrameLoader.cpp:
(WebCore::ScheduledRedirection::ScheduledRedirection): Added a new case for
form submissions and turned the "wasDuringLoad" state into a separate boolean
instead of using a special redirection type to track it.
(WebCore::FrameLoader::createWindow): Updated for name and argument change of
loadFrameRequest.
(WebCore::FrameLoader::urlSelected): Ditto.
(WebCore::FrameLoader::submitForm): Removed the "deferred form submission"
machinery, replacing it with the "scheduled redirection" mechanism, shared
with other kinds of redirection and navigation. Moved frame targeting here
so we can schedule the redirection on the right frame. Moved the multiple
form submission protection here. Moved the code to implement the rule that
m_navigationDuringLoad was used for here too.
(WebCore::FrameLoader::didOpenURL): Use the new wasDuringLoad flag instead
of the locationChangeDuringLoad type to detect location change during a load.
(WebCore::FrameLoader::executeScript): Removed call to now-obsolete function,
submitFormAgain.
(WebCore::FrameLoader::scheduleLocationChange): Moved the code to stop loading
out of this function into scheduleRedirection, so it can be shared with the
new scheduleFormSubmission function.
(WebCore::FrameLoader::scheduleFormSubmission): Added. Almost the same as
scheduleLocationChange, but with the arguments for a form submission.
(WebCore::FrameLoader::scheduleRefresh): Updated for the change to the
duringLoad flag.
(WebCore::FrameLoader::isLocationChange): Added case for formSubmission
and removed case for locationChangeDuringLoad.
(WebCore::FrameLoader::redirectionTimerFired): Ditto. Also removed unneeded
completeURL call and just use KURL constructor to match the other cases.
(WebCore::FrameLoader::provisionalLoadStarted): Removed the code to set up
the m_navigationDuringLoad, which is no longer needed. The new version of
this is in the submitForm function and sets the lockHistory boolean.
(WebCore::FrameLoader::scheduleRedirection): Moved the code to stop a load
in here that used to be in scheduleLocationChange.
(WebCore::FrameLoader::startRedirectionTimer): Added case for formSubmission
and removed case for locationChangeDuringLoad.
(WebCore::FrameLoader::stopRedirectionTimer): Ditto.
(WebCore::FrameLoader::completed): Removed call to now-obsolete function,
submitFormAgain.
(WebCore::FrameLoader::loadFrameRequest): Renamed from
loadFrameRequestWithFormAndValues. Replaced form element and form values
argument with a single FormState argument. Changed frame targeting code
to use the source frame in the case of a form submission to better match
the actual target frame.
(WebCore::FrameLoader::loadURL): Don't search for existing frames in the
form submission case since we already did that in the submitForm function.
(WebCore::FrameLoader::clientRedirected): Changed to work with the
m_isExecutingJavaScriptFormAction data member directly instead of taking
it as a function parameter.
(WebCore::FrameLoader::loadPostRequest): Don't search for existing frames
in the form submission case since we already did that in the submitForm
function.
(WebCore::FrameLoader::addBackForwardItemClippedAtTarget): Moved comment
in here that was misplaced elsewhere in the file.
(WebCore::FrameLoader::findFrameForNavigation): Changed to use the early
return idiom.
(WebCore::FrameLoader::recursiveGoToItem): Updated for HistoryItem changes.
(WebCore::FrameLoader::childFramesMatchItem): Ditto.
(WebCore::FrameLoader::updateHistoryForStandardLoad): Removed the
m_navigationDuringLoad logic; that's now handled by setting lockHistory
to true in the submitForm function.
(WebCore::FrameLoader::updateHistoryForRedirectWithLockedBackForwardList):
Use the new setChildItem function so we don't get multiple items for the
same frame name in the history item tree in the back/forward list.
* loader/FrameLoader.h: Renamed loadFrameRequestWithFormAndValues to
loadFrameRequest and made it take a form state object instead of the
form element and form values. Removed the unused functions
loadEmptyDocumentSynchronously, provisionalDocumentLoader,
notifyIconChnaged, and updateBaseURLForEmptyDocument. Changed the
submitForm function to take a form state argument. Eliminated the
clearRecordedFormValues, setFormAboutToBeSubmitted, and recordFormValue
functions, which are replaced by the form state arguments to submitForm
and loadFrameRequest. Removed the isJavaScriptFormAction argument from
the clientRedirected function; instead it looks at a data member directly.
Eliminated the submitFormAgain and overload of the submitForm function;
these are now subsumed into the remaining submitForm function and the
scheduleFormSubmission function. Removed unused and obsolete data
members m_navigationDuringLoad, m_deferredFormSubmission,
m_formAboutToBeSubmitted and m_formValuesAboutToBeSubmitted.
* page/ContextMenuController.cpp:
(WebCore::ContextMenuController::contextMenuItemSelected):
Updated for name and argument change of loadFrameRequest.
* page/Frame.cpp:
(WebCore::Frame::~Frame): Removed call to the now-unneeded
clearRecordedFormValues function.
2009-04-01 Dimitri Glazkov <dglazkov@chromium.org>
Unreviewed, fixing previous commit.
......@@ -152,6 +152,7 @@ __ZN7WebCore11FrameLoader14detachChildrenEv
__ZN7WebCore11FrameLoader14scrollToAnchorERKNS_4KURLE
__ZN7WebCore11FrameLoader14stopAllLoadersEv
__ZN7WebCore11FrameLoader16detachFromParentEv
__ZN7WebCore11FrameLoader16loadFrameRequestERKNS_16FrameLoadRequestEbbN3WTF10PassRefPtrINS_5EventEEENS5_INS_9FormStateEEE
__ZN7WebCore11FrameLoader17stopForUserCancelEb
__ZN7WebCore11FrameLoader18currentHistoryItemEv
__ZN7WebCore11FrameLoader18setLocalLoadPolicyENS0_15LocalLoadPolicyE
......@@ -163,7 +164,6 @@ __ZN7WebCore11FrameLoader23timeOfLastCompletedLoadEv
__ZN7WebCore11FrameLoader24registerURLSchemeAsLocalERKNS_6StringE
__ZN7WebCore11FrameLoader26reloadWithOverrideEncodingERKNS_6StringE
__ZN7WebCore11FrameLoader26saveDocumentAndScrollStateEv
__ZN7WebCore11FrameLoader33loadFrameRequestWithFormAndValuesERKNS_16FrameLoadRequestEbbN3WTF10PassRefPtrINS_5EventEEEPNS_15HTMLFormElementERKNS4_7HashMapINS_6StringESB_NS_10StringHashENS4_10HashTraitsISB_EESE_EE
__ZN7WebCore11FrameLoader36saveScrollPositionAndViewStateToItemEPNS_11HistoryItemE
__ZN7WebCore11FrameLoader4loadERKNS_15ResourceRequestERKNS_14SubstituteDataEb
__ZN7WebCore11FrameLoader4loadERKNS_15ResourceRequestERKNS_6StringEb
......@@ -172,6 +172,7 @@ __ZN7WebCore11FrameLoader6reloadEb
__ZN7WebCore11FrameLoader7addDataEPKci
__ZN7WebCore11FrameLoader7canLoadERKNS_4KURLERKNS_6StringEPKNS_8DocumentE
__ZN7WebCore11Geolocation12setIsAllowedEb
__ZN7WebCore11HistoryItem10targetItemEv
__ZN7WebCore11HistoryItem11setReferrerERKNS_6StringE
__ZN7WebCore11HistoryItem12addChildItemEN3WTF10PassRefPtrIS0_EE
__ZN7WebCore11HistoryItem12setURLStringERKNS_6StringE
......@@ -188,13 +189,11 @@ __ZN7WebCore11HistoryItem18setLastVisitedTimeEd
__ZN7WebCore11HistoryItem20setOriginalURLStringERKNS_6StringE
__ZN7WebCore11HistoryItem20setTransientPropertyERKNS_6StringEP11objc_object
__ZN7WebCore11HistoryItem22mergeAutoCompleteHintsEPS0_
__ZN7WebCore11HistoryItem23recurseToFindTargetItemEv
__ZN7WebCore11HistoryItem6setURLERKNS_4KURLE
__ZN7WebCore11HistoryItem7visitedERKNS_6StringEd
__ZN7WebCore11HistoryItem8formDataEv
__ZN7WebCore11HistoryItem8setTitleERKNS_6StringE
__ZN7WebCore11HistoryItem9setParentERKNS_6StringE
__ZN7WebCore11HistoryItem9setTargetERKNS_6StringE
__ZN7WebCore11HistoryItemC1ERKNS_4KURLERKNS_6StringES6_S6_
__ZN7WebCore11HistoryItemC1ERKNS_6StringES3_S3_d
__ZN7WebCore11HistoryItemC1ERKNS_6StringES3_d
......@@ -725,7 +724,6 @@ __ZNK7WebCore11HistoryItem12isTargetItemEv
__ZNK7WebCore11HistoryItem12redirectURLsEv
__ZNK7WebCore11HistoryItem14alternateTitleEv
__ZNK7WebCore11HistoryItem15lastVisitedTimeEv
__ZNK7WebCore11HistoryItem17childItemWithNameERKNS_6StringE
__ZNK7WebCore11HistoryItem17originalURLStringEv
__ZNK7WebCore11HistoryItem20getTransientPropertyERKNS_6StringE
__ZNK7WebCore11HistoryItem3urlEv
......
......@@ -123,10 +123,10 @@ inline HistoryItem::HistoryItem(const HistoryItem& item)
if (item.m_formData)
m_formData = item.m_formData->copy();
unsigned size = item.m_subItems.size();
m_subItems.reserveInitialCapacity(size);
unsigned size = item.m_children.size();
m_children.reserveInitialCapacity(size);
for (unsigned i = 0; i < size; ++i)
m_subItems.append(item.m_subItems[i]->copy());
m_children.uncheckedAppend(item.m_children[i]->copy());
if (item.m_redirectURLs)
m_redirectURLs.set(new Vector<String>(*item.m_redirectURLs));
......@@ -378,52 +378,61 @@ void HistoryItem::setIsTargetItem(bool flag)
void HistoryItem::addChildItem(PassRefPtr<HistoryItem> child)
{
m_subItems.append(child);
ASSERT(!childItemWithTarget(child->target()));
m_children.append(child);
}
HistoryItem* HistoryItem::childItemWithName(const String& name) const
void HistoryItem::setChildItem(PassRefPtr<HistoryItem> child)
{
unsigned size = m_subItems.size();
for (unsigned i = 0; i < size; ++i)
if (m_subItems[i]->target() == name)
return m_subItems[i].get();
ASSERT(!child->isTargetItem());
unsigned size = m_children.size();
for (unsigned i = 0; i < size; ++i) {
if (m_children[i]->target() == child->target()) {
child->setIsTargetItem(m_children[i]->isTargetItem());
m_children[i] = child;
return;
}
}
m_children.append(child);
}
HistoryItem* HistoryItem::childItemWithTarget(const String& target) const
{
unsigned size = m_children.size();
for (unsigned i = 0; i < size; ++i) {
if (m_children[i]->target() == target)
return m_children[i].get();
}
return 0;
}
// <rdar://problem/4895849> HistoryItem::recurseToFindTargetItem() should be replace with a non-recursive method
HistoryItem* HistoryItem::recurseToFindTargetItem()
// <rdar://problem/4895849> HistoryItem::findTargetItem() should be replaced with a non-recursive method.
HistoryItem* HistoryItem::findTargetItem()
{
if (m_isTargetItem)
return this;
if (!m_subItems.size())
return 0;
HistoryItem* match;
unsigned size = m_subItems.size();
unsigned size = m_children.size();
for (unsigned i = 0; i < size; ++i) {
match = m_subItems[i]->recurseToFindTargetItem();
if (match)
if (HistoryItem* match = m_children[i]->targetItem())
return match;
}
return 0;
}
HistoryItem* HistoryItem::targetItem()
{
if (!m_subItems.size())
return this;
return recurseToFindTargetItem();
HistoryItem* foundItem = findTargetItem();
return foundItem ? foundItem : this;
}
const HistoryItemVector& HistoryItem::children() const
{
return m_subItems;
return m_children;
}
bool HistoryItem::hasChildren() const
{
return m_subItems.size();
return !m_children.isEmpty();
}
String HistoryItem::formContentType() const
......@@ -505,8 +514,8 @@ int HistoryItem::showTreeWithIndent(unsigned indentLevel) const
fprintf(stderr, "%s+-%s (%p)\n", prefix.data(), m_urlString.utf8().data(), this);
int totalSubItems = 0;
for (unsigned i = 0; i < m_subItems.size(); ++i)
totalSubItems += m_subItems[i]->showTreeWithIndent(indentLevel + 1);
for (unsigned i = 0; i < m_children.size(); ++i)
totalSubItems += m_children[i]->showTreeWithIndent(indentLevel + 1);
return totalSubItems + 1;
}
......
......@@ -129,9 +129,9 @@ public:
void setLastVisitWasHTTPNonGet(bool wasNotGet) { m_lastVisitWasHTTPNonGet = wasNotGet; }
void addChildItem(PassRefPtr<HistoryItem>);
HistoryItem* childItemWithName(const String&) const;
void setChildItem(PassRefPtr<HistoryItem>);
HistoryItem* childItemWithTarget(const String&) const;
HistoryItem* targetItem();
HistoryItem* recurseToFindTargetItem();
const HistoryItemVector& children() const;
bool hasChildren() const;
......@@ -174,7 +174,7 @@ private:
HistoryItem();
HistoryItem(const String& urlString, const String& title, double lastVisited);
HistoryItem(const String& urlString, const String& title, const String& alternateTitle, double lastVisited);
HistoryItem(const KURL& url, const String& target, const String& parent, const String& title);
HistoryItem(const KURL& url, const String& frameName, const String& parent, const String& title);
HistoryItem(const HistoryItem&);
......@@ -182,6 +182,8 @@ private:
void collapseDailyVisitsToWeekly();
void recordVisitAtTime(double);
HistoryItem* findTargetItem();
String m_urlString;
String m_originalURLString;
String m_referrer;
......@@ -196,7 +198,7 @@ private:
IntPoint m_scrollPoint;
Vector<String> m_documentState;
HistoryItemVector m_subItems;
HistoryItemVector m_children;
bool m_lastVisitWasFailure;
bool m_isTargetItem;
......
......@@ -2,7 +2,7 @@
* Copyright (C) 1999 Lars Knoll (knoll@kde.org)
* (C) 1999 Antti Koivisto (koivisto@kde.org)
* (C) 2001 Dirk Mueller (mueller@kde.org)
* Copyright (C) 2004, 2005, 2006, 2007, 2008 Apple Inc. All rights reserved.
* Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009 Apple Inc. All rights reserved.
* (C) 2006 Alexey Proskuryakov (ap@nypop.com)
*
* This library is free software; you can redistribute it and/or
......@@ -34,6 +34,7 @@
#include "FileSystem.h"
#include "FormData.h"
#include "FormDataList.h"
#include "FormState.h"
#include "Frame.h"
#include "FrameLoader.h"
#include "HTMLDocument.h"
......@@ -44,11 +45,10 @@
#include "MIMETypeRegistry.h"
#include "Page.h"
#include "RenderTextControl.h"
#include <limits>
#include <wtf/CurrentTime.h>
#include <wtf/RandomNumber.h>
#include <limits>
#if PLATFORM(WX)
#include <wx/defs.h>
#include <wx/filename.h>
......@@ -58,6 +58,8 @@
#include <shlwapi.h>
#endif
using namespace std;
namespace WebCore {
using namespace HTMLNames;
......@@ -319,14 +321,14 @@ void HTMLFormElement::submit(Event* event, bool activateSubmitButton, bool lockH
HTMLFormControlElement* firstSuccessfulSubmitButton = 0;
bool needButtonActivation = activateSubmitButton; // do we need to activate a submit button?
frame->loader()->clearRecordedFormValues();
frame->loader()->setFormAboutToBeSubmitted(this);
Vector<pair<String, String> > formValues;
for (unsigned i = 0; i < formElements.size(); ++i) {
HTMLFormControlElement* control = formElements[i];
if (control->hasLocalName(inputTag)) {
HTMLInputElement* input = static_cast<HTMLInputElement*>(control);
if (input->isTextField()) {
frame->loader()->recordFormValue(input->name(), input->value());
formValues.append(pair<String, String>(input->name(), input->value()));
if (input->isSearchField())
input->addSearchResult();
}
......@@ -339,6 +341,8 @@ void HTMLFormElement::submit(Event* event, bool activateSubmitButton, bool lockH
}
}
RefPtr<FormState> formState = FormState::create(this, formValues, frame);
if (needButtonActivation && firstSuccessfulSubmitButton)
firstSuccessfulSubmitButton->setActivatedSubmit(true);
......@@ -361,14 +365,14 @@ void HTMLFormElement::submit(Event* event, bool activateSubmitButton, bool lockH
m_url = url.string();
}
frame->loader()->submitForm("POST", m_url, data.release(), m_target, m_formDataBuilder.encodingType(), String(), event, lockHistory, lockBackForwardList);
frame->loader()->submitForm("POST", m_url, data.release(), m_target, m_formDataBuilder.encodingType(), String(), lockHistory, lockBackForwardList, event, formState.release());
} else {
Vector<char> boundary = m_formDataBuilder.generateUniqueBoundaryString();
frame->loader()->submitForm("POST", m_url, createFormData(boundary.data()), m_target, m_formDataBuilder.encodingType(), boundary.data(), event, lockHistory, lockBackForwardList);
frame->loader()->submitForm("POST", m_url, createFormData(boundary.data()), m_target, m_formDataBuilder.encodingType(), boundary.data(), lockHistory, lockBackForwardList, event, formState.release());
}
} else {
m_formDataBuilder.setIsMultiPartForm(false);
frame->loader()->submitForm("GET", m_url, createFormData(CString()), m_target, String(), String(), event, lockHistory, lockBackForwardList);
frame->loader()->submitForm("GET", m_url, createFormData(CString()), m_target, String(), String(), lockHistory, lockBackForwardList, event, formState.release());
}
if (needButtonActivation && firstSuccessfulSubmitButton)
......
/*
* Copyright (C) 2006 Apple Computer, Inc. All rights reserved.
* Copyright (C) 2006, 2009 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
......@@ -34,16 +34,16 @@
namespace WebCore {
PassRefPtr<FormState> FormState::create(PassRefPtr<HTMLFormElement> form, const HashMap<String, String>& values, PassRefPtr<Frame> sourceFrame)
inline FormState::FormState(PassRefPtr<HTMLFormElement> form, StringPairVector& textFieldValuesToAdopt, PassRefPtr<Frame> sourceFrame)
: m_form(form)
, m_sourceFrame(sourceFrame)