Commit 477551a4 authored by darin's avatar darin

WebCore:

        Reviewed by Don.

	- fixed 3103287 -- body of page not rendered (page uses JavaScript trick to be both a frameset and a frame)

	Our self-reference protection prevented this page from working.
	To fix the bug, I did three things:

   	    1) fixed the hole in the WebCore self-reference protection, so we could remove the WebKit one
               (the hole was that it didn't ignore #xxx suffixes)
 	    2) moved the self-reference protection into a single function so it wasn't copied and pasted all over
	    3) allowed one level of self-reference; still enough to prevent infinite recursion

	Then I tested with the site from bug 3103287 and the one from bug 3083732 to make sure that was still OK.

        * khtml/html/html_baseimpl.h: Added isURLAllowed().
        * khtml/html/html_baseimpl.cpp:
        (HTMLFrameElementImpl::isURLAllowed): Added. Does the self-reference check and the "local only" check.
	This logic was repeated in three different places before. Note that since we don't use the "local only"
        feature, it's not too risky to slightly change how it works.
        (HTMLFrameElementImpl::updateForNewURL): Use isURLAllowed.
        (HTMLFrameElementImpl::attach): Ditto.
        (HTMLIFrameElementImpl::attach): Ditto.

WebKit:

        Reviewed by Don.

	- fixed 3103287 -- body of page not rendered (page uses JavaScript trick to be both a frameset and a frame)

	Our self-reference checks prevented this page from working.
	I just removed the WebKit one, since it was really just working around a problem with the WebCore
	one that I fixed (didn't ignore #xxx suffixes).

        * WebCoreSupport.subproj/WebBridge.m:
        (-[WebBridge createChildFrameNamed:withURL:renderPart:allowsScrolling:marginWidth:marginHeight:]):
	Remove self-reference check.


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@3209 268f45cc-cd09-0410-ab3c-d52691b4dbfc
parent c5764f8d
2002-12-29 Darin Adler <darin@apple.com>
Reviewed by Don.
- fixed 3103287 -- body of page not rendered (page uses JavaScript trick to be both a frameset and a frame)
Our self-reference protection prevented this page from working.
To fix the bug, I did three things:
1) fixed the hole in the WebCore self-reference protection, so we could remove the WebKit one
(the hole was that it didn't ignore #xxx suffixes)
2) moved the self-reference protection into a single function so it wasn't copied and pasted all over
3) allowed one level of self-reference; still enough to prevent infinite recursion
Then I tested with the site from bug 3103287 and the one from bug 3083732 to make sure that was still OK.
* khtml/html/html_baseimpl.h: Added isURLAllowed().
* khtml/html/html_baseimpl.cpp:
(HTMLFrameElementImpl::isURLAllowed): Added. Does the self-reference check and the "local only" check.
This logic was repeated in three different places before. Note that since we don't use the "local only"
feature, it's not too risky to slightly change how it works.
(HTMLFrameElementImpl::updateForNewURL): Use isURLAllowed.
(HTMLFrameElementImpl::attach): Ditto.
(HTMLIFrameElementImpl::attach): Ditto.
2002-12-29 Darin Adler <darin@apple.com>
Reviewed by Don.
......
2002-12-29 Darin Adler <darin@apple.com>
Reviewed by Don.
- fixed 3103287 -- body of page not rendered (page uses JavaScript trick to be both a frameset and a frame)
Our self-reference protection prevented this page from working.
To fix the bug, I did three things:
1) fixed the hole in the WebCore self-reference protection, so we could remove the WebKit one
(the hole was that it didn't ignore #xxx suffixes)
2) moved the self-reference protection into a single function so it wasn't copied and pasted all over
3) allowed one level of self-reference; still enough to prevent infinite recursion
Then I tested with the site from bug 3103287 and the one from bug 3083732 to make sure that was still OK.
* khtml/html/html_baseimpl.h: Added isURLAllowed().
* khtml/html/html_baseimpl.cpp:
(HTMLFrameElementImpl::isURLAllowed): Added. Does the self-reference check and the "local only" check.
This logic was repeated in three different places before. Note that since we don't use the "local only"
feature, it's not too risky to slightly change how it works.
(HTMLFrameElementImpl::updateForNewURL): Use isURLAllowed.
(HTMLFrameElementImpl::attach): Ditto.
(HTMLIFrameElementImpl::attach): Ditto.
2002-12-29 Darin Adler <darin@apple.com>
Reviewed by Don.
......
......@@ -226,43 +226,61 @@ NodeImpl::Id HTMLFrameElementImpl::id() const
return ID_FRAME;
}
bool HTMLFrameElementImpl::isURLAllowed(const DOMString &URLString) const
{
KHTMLView *w = getDocument()->view();
KURL newURL(getDocument()->completeURL(URLString.string()));
newURL.setRef(QString::null);
// Prohibit non-file URLs if we are asked to.
if (w->part()->onlyLocalReferences() && newURL.protocol().lower() != "file") {
return false;
}
// We allow one level of self-reference because some sites depend on that.
// But we don't allow more than one.
bool foundSelfReference = false;
for (KHTMLPart *part = w->part(); part; part = part->parentPart()) {
KURL partURL = part->url();
partURL.setRef(QString::null);
if (partURL == newURL) {
if (foundSelfReference) {
return false;
}
foundSelfReference = true;
}
}
return true;
}
// FIXME: Why is this different from setLocation?
void HTMLFrameElementImpl::updateForNewURL()
{
if (attached()) {
// Handle the common case where we decided not to make a frame the first time.
// Detach and the let attach() decide again whether to make the frame for this URL.
if (!m_render) {
detach();
attach();
return;
}
if (!attached()) {
return;
}
// Handle the common case where we decided not to make a frame the first time.
// Detach and the let attach() decide again whether to make the frame for this URL.
if (!m_render) {
detach();
attach();
return;
}
// The following is repeated logic from attach(). We should share the code instead.
KHTMLView* w = getDocument()->view();
// avoid endless recursion
KURL u;
if (!url.isEmpty()) u = getDocument()->completeURL( url.string() );
bool selfreference = false;
for (KHTMLPart* part = w->part(); part; part = part->parentPart())
if (part->url() == u) {
selfreference = true;
break;
}
if (selfreference)
return;
// load the frame contents
if ( !url.isEmpty() && !(w->part()->onlyLocalReferences() && u.protocol() != "file")) {
KHTMLPart *part = w->part()->findFrame( name.string() );
if (part) {
part->openURL(u);
} else {
w->part()->requestFrame(static_cast<RenderFrame*>(m_render), url.string(), name.string());
}
}
if (!isURLAllowed(url)) {
return;
}
// load the frame contents
KHTMLView *w = getDocument()->view();
KHTMLPart *part = w->part()->findFrame( name.string() );
if (part) {
part->openURL(getDocument()->completeURL(url.string()));
} else {
w->part()->requestFrame(static_cast<RenderFrame*>(m_render), url.string(), name.string());
}
}
......@@ -349,17 +367,7 @@ void HTMLFrameElementImpl::attach()
// ignore display: none for this element!
KHTMLView* w = getDocument()->view();
// avoid endless recursion
KURL u;
if (!url.isEmpty()) u = getDocument()->completeURL( url.string() );
bool selfreference = false;
for (KHTMLPart* part = w->part(); part; part = part->parentPart())
if (part->url() == u) {
selfreference = true;
break;
}
if (!selfreference && parentNode()->renderer()) {
if (isURLAllowed(url) && parentNode()->renderer()) {
m_render = new (getDocument()->renderArena()) RenderFrame(this);
m_render->setStyle(getDocument()->styleSelector()->styleForElement(this));
parentNode()->renderer()->addChild(m_render, nextRenderer());
......@@ -375,8 +383,7 @@ void HTMLFrameElementImpl::attach()
name = DOMString(w->part()->requestFrameName());
// load the frame contents
if ( !url.isEmpty() && !(w->part()->onlyLocalReferences() && u.protocol() != "file"))
w->part()->requestFrame( static_cast<RenderFrame*>(m_render), url.string(), name.string() );
w->part()->requestFrame( static_cast<RenderFrame*>(m_render), url.string(), name.string() );
}
// FIXME: Why is this different from updateForNewURL?
......@@ -655,24 +662,9 @@ void HTMLIFrameElementImpl::attach()
assert(!m_render);
assert(parentNode());
// FIXME: This self-reference check is the same as the code in the base class attach.
// We should refactor so we can share the code.
KHTMLView* w = getDocument()->view();
// avoid endless recursion
KURL u;
if (!url.isEmpty()) u = getDocument()->completeURL( url.string() );
bool selfreference = false;
for (KHTMLPart* part = w->part(); part; part = part->parentPart())
if (part->url() == u) {
selfreference = true;
break;
}
RenderStyle* _style = getDocument()->styleSelector()->styleForElement(this);
_style->ref();
if (!selfreference && !(w->part()->onlyLocalReferences() && u.protocol() != "file") &&
parentNode()->renderer() && _style->display() != NONE) {
if (isURLAllowed(url) && parentNode()->renderer() && _style->display() != NONE) {
m_render = new (getDocument()->renderArena()) RenderPartObject(this);
m_render->setStyle(_style);
parentNode()->renderer()->addChild(m_render, nextRenderer());
......
......@@ -101,6 +101,8 @@ public:
#endif
protected:
bool isURLAllowed(const DOMString &) const;
DOMString url;
DOMString name;
......
2002-12-29 Darin Adler <darin@apple.com>
Reviewed by Don.
- fixed 3103287 -- body of page not rendered (page uses JavaScript trick to be both a frameset and a frame)
Our self-reference checks prevented this page from working.
I just removed the WebKit one, since it was really just working around a problem with the WebCore
one that I fixed (didn't ignore #xxx suffixes).
* WebCoreSupport.subproj/WebBridge.m:
(-[WebBridge createChildFrameNamed:withURL:renderPart:allowsScrolling:marginWidth:marginHeight:]):
Remove self-reference check.
2002-12-29 Darin Adler <darin@apple.com>
Reviewed by Don.
......
......@@ -302,11 +302,7 @@ - (WebCoreBridge *)createChildFrameNamed:(NSString *)frameName withURL:(NSString
[[newFrame webView] _setMarginWidth:width];
[[newFrame webView] _setMarginHeight:height];
// We must avoid loading the document itself as a subframe, like
// other browsers do, otherwise bugs like Radar 3083732 occur.
if (![[[[NSURL _web_URLWithString:URL] _web_URLByRemovingFragment] absoluteURL] isEqual:[[[frame dataSource] URL] absoluteURL]]) {
[frame _loadURL:[NSURL _web_URLWithString:URL] intoChild:newFrame];
}
[frame _loadURL:[NSURL _web_URLWithString:URL] intoChild:newFrame];
return [newFrame _bridge];
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment