1. 01 Oct, 2009 12 commits
  2. 30 Sep, 2009 28 commits
    • dbates@webkit.org's avatar
      2009-09-30 Daniel Bates <dbates@webkit.org> · c1377e2a
      dbates@webkit.org authored
              Reviewed by Adam Barth.
      
              https://bugs.webkit.org/show_bug.cgi?id=29944
              
              Reduces false positives in the XSSAuditor by explicitly allowing requests
              that do not contain illegal URI characters.
              
              As a side effect of this change, the tests property-inject.html, 
              property-escape-noquotes.html, and property-escape-noquotes-tab-slash-chars.html 
              fail because these attacks do not contain any illegal URI characters and 
              thus are now allowed by the XSSAuditor, where previously they weren't. A future
              change may reinstate this functionality.
      
              Tests: http/tests/security/xssAuditor/script-tag-safe2.html
                     http/tests/security/xssAuditor/script-tag-safe3.html
      
              * page/XSSAuditor.cpp:
              (WebCore::isIllegalURICharacter): Added method.
              (WebCore::XSSAuditor::canEvaluate):
              (WebCore::XSSAuditor::canCreateInlineEventListener):
              (WebCore::XSSAuditor::findInRequest): Added parameter 
              allowRequestIfNoIllegalURICharacters.
              * page/XSSAuditor.h:
      2009-09-30  Daniel Bates  <dbates@webkit.org>
      
              Reviewed by Adam Barth.
      
              https://bugs.webkit.org/show_bug.cgi?id=29944
              
              Tests that the XSSAuditor allows requests that do not contain illegal URI 
              characters.
              
              Added a notice regarding the failure of tests property-inject.html, 
              property-escape-noquotes.html and property-escape-noquotes-tab-slash-chars.html, 
              and rebased the expected results of these tests.
      
              * http/tests/security/xssAuditor/property-escape-noquotes-expected.txt:
              * http/tests/security/xssAuditor/property-escape-noquotes-tab-slash-chars-expected.txt:
              * http/tests/security/xssAuditor/property-escape-noquotes-tab-slash-chars.html:
              * http/tests/security/xssAuditor/property-escape-noquotes.html:
              * http/tests/security/xssAuditor/property-inject-expected.txt:
              * http/tests/security/xssAuditor/property-inject.html:
              * http/tests/security/xssAuditor/resources/safe-script-noquotes.js: Added.
              * http/tests/security/xssAuditor/resources/script-tag-safe2.html: Added.
              * http/tests/security/xssAuditor/resources/script-tag-safe3.html: Added.
              * http/tests/security/xssAuditor/script-tag-safe2-expected.txt: Added.
              * http/tests/security/xssAuditor/script-tag-safe2.html: Added.
              * http/tests/security/xssAuditor/script-tag-safe3-expected.txt: Added.
              * http/tests/security/xssAuditor/script-tag-safe3.html: Added.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48961 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      c1377e2a
    • oliver@apple.com's avatar
      reproducible freeze and crash on closing form popup at bosch-home.nl · 85d08906
      oliver@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=28948
      
      Reviewed by Maciej Stachowiak.
      
      showModalDialog calls getDirect on what is actually a window shell,
      so ends up not getting a value (since no value can ever be placed
      directly on the shell), which leads to incorrect behaviour.
      
      We use a manual test rather than automatic as it was not
      possible to get a modal run loop to work inside DRT.
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48960 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      85d08906
    • eric@webkit.org's avatar
      2009-09-30 Kent Tamura <tkent@chromium.org> · 03159e8a
      eric@webkit.org authored
              Reviewed by Darin Adler.
      
              Add ValidityState.tooLong support for <input> and <textarea>.
              https://bugs.webkit.org/show_bug.cgi?id=27454
      
              * fast/forms/ValidityState-tooLong-input-expected.txt: Added.
              * fast/forms/ValidityState-tooLong-input.html: Added.
              * fast/forms/ValidityState-tooLong-textarea-expected.txt: Added.
              * fast/forms/ValidityState-tooLong-textarea.html: Added.
              * fast/forms/script-tests/ValidityState-tooLong-input.js: Added.
              * fast/forms/script-tests/ValidityState-tooLong-textarea.js: Added.
      2009-09-30  Kent Tamura  <tkent@chromium.org>
      
              Reviewed by Darin Adler.
      
              Adds ValidityState.tooLong support for <input> and <textarea>.
      
              Introduces tooLong() in HTMLFormControlElement and it always returns false.
              HTMLInputElement and HTMLTextAreaElement overrides it and checks the text
              length and maxLength.  tooLong() should work only for `dirty' values.
              So, introduces m_isDirty flag for HTMLTextAreaElement, and
              !m_data.value().isNull() works as a dirty flag for HTMLInputElement.
      
              Renames parameter names of setMaxLength().
      
              https://bugs.webkit.org/show_bug.cgi?id=27454
      
              Tests: fast/forms/ValidityState-tooLong-input.html
                     fast/forms/ValidityState-tooLong-textarea.html
      
              * html/HTMLFormControlElement.h:
              (WebCore::HTMLFormControlElement::tooLong):
              * html/HTMLInputElement.cpp:
              (WebCore::HTMLInputElement::tooLong):
              (WebCore::HTMLInputElement::setMaxLength):
              * html/HTMLInputElement.h:
              * html/HTMLTextAreaElement.cpp:
              (WebCore::HTMLTextAreaElement::HTMLTextAreaElement):
              (WebCore::HTMLTextAreaElement::reset):
              (WebCore::HTMLTextAreaElement::updateValue):
              (WebCore::HTMLTextAreaElement::setMaxLength):
              (WebCore::HTMLTextAreaElement::tooLong):
              * html/HTMLTextAreaElement.h:
              * html/ValidityState.h:
              (WebCore::ValidityState::tooLong):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48959 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      03159e8a
    • abarth@webkit.org's avatar
      2009-09-30 Adam Barth <abarth@webkit.org> · 43d36a30
      abarth@webkit.org authored
              Reviewed by Maciej Stachowiak.
      
              Factor RedirectScheduler out of FrameLoader
              https://bugs.webkit.org/show_bug.cgi?id=29948
      
              This change introduces a new sub-object of Frame, redirectScheduler.
              The redirectScheduler is responsible for scheduling redirects.
      
              This change leaves the code for the redirectScheduler in
              FrameLoader.cpp.  A future change will move the class into its own
              file.
      
              No behavior change (hopefully!).
      
              * loader/FrameLoader.cpp:
              (WebCore::RedirectScheduler::RedirectScheduler):
              (WebCore::RedirectScheduler::~RedirectScheduler):
              (WebCore::RedirectScheduler::redirectScheduledDuringLoad):
              (WebCore::RedirectScheduler::clear):
              (WebCore::FrameLoader::FrameLoader):
              (WebCore::FrameLoader::setDefersLoading):
              (WebCore::FrameLoader::stopLoading):
              (WebCore::FrameLoader::didOpenURL):
              (WebCore::FrameLoader::didExplicitOpen):
              (WebCore::FrameLoader::cancelAndClear):
              (WebCore::FrameLoader::clear):
              (WebCore::FrameLoader::checkCompleted):
              (WebCore::FrameLoader::isScheduledLocationChangePending):
              (WebCore::FrameLoader::scheduleHTTPRedirection):
              (WebCore::RedirectScheduler::scheduleRedirect):
              (WebCore::RedirectScheduler::mustLockBackForwardList):
              (WebCore::FrameLoader::scheduleLocationChange):
              (WebCore::RedirectScheduler::scheduleLocationChange):
              (WebCore::FrameLoader::scheduleFormSubmission):
              (WebCore::RedirectScheduler::scheduleFormSubmission):
              (WebCore::FrameLoader::scheduleRefresh):
              (WebCore::RedirectScheduler::scheduleRefresh):
              (WebCore::RedirectScheduler::locationChangePending):
              (WebCore::FrameLoader::scheduleHistoryNavigation):
              (WebCore::RedirectScheduler::scheduleHistoryNavigation):
              (WebCore::RedirectScheduler::timerFired):
              (WebCore::FrameLoader::provisionalLoadStarted):
              (WebCore::RedirectScheduler::schedule):
              (WebCore::RedirectScheduler::startTimer):
              (WebCore::RedirectScheduler::cancel):
              (WebCore::FrameLoader::completed):
              (WebCore::FrameLoader::open):
              * loader/FrameLoader.h:
              (WebCore::FrameLoader::committedFirstRealDocumentLoad):
              * page/Frame.cpp:
              (WebCore::Frame::Frame):
              (WebCore::Frame::redirectScheduler):
              * page/Frame.h:
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48958 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      43d36a30
    • mjs@apple.com's avatar
      Build fix, not reviewed. · e9f60fe3
      mjs@apple.com authored
      More Windows build fixes for https://bugs.webkit.org/show_bug.cgi?id=29943
      
      * platform/network/cf/ResourceHandleCFNet.cpp:
      (WebCore::willSendRequest):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48957 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      e9f60fe3
    • mjs@apple.com's avatar
      Build fix, not reviewed. · 544c8eb8
      mjs@apple.com authored
      Fix windows build for fix for https://bugs.webkit.org/show_bug.cgi?id=29943
      
      * platform/network/cf/ResourceHandleCFNet.cpp:
      (WebCore::willSendRequest):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48956 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      544c8eb8
    • dglazkov@chromium.org's avatar
      2009-09-30 Dimitri Glazkov <dglazkov@chromium.org> · 99b1ba2a
      dglazkov@chromium.org authored
              Reviewed by Darin Fisher.
      
              [V8] HTMLAudioElement, HTMLImageElement, and HTMLOptionElement are constructable, but they shouldn't be.
              Only Audio, Image, and Option should be constructable.
              https://bugs.webkit.org/show_bug.cgi?id=29940
      
              Test: fast/dom/dom-constructor.html
      
              * WebCore.gypi: Added new files to project.
              * bindings/scripts/CodeGeneratorV8.pm: Modified to generate custom constructors.
              * bindings/v8/V8DOMWrapper.cpp:
              (WebCore::V8DOMWrapper::getTemplate): Removed handling of HTMLImageElement, HTMLOptionElement
                and HTMLAudioElement construction.
              * bindings/v8/V8HTMLAudioElementConstructor.h: Added.
              * bindings/v8/V8HTMLImageElementConstructor.h: Added.
              * bindings/v8/V8HTMLOptionElementConstructor.h: Added.
              * bindings/v8/V8Index.cpp: Added new headers.
              * bindings/v8/V8Index.h: Added Audio, Image and Option decls.
              * bindings/v8/custom/V8CustomBinding.h: Ditto.
              * bindings/v8/custom/V8DOMWindowCustom.cpp:
              (WebCore::ACCESSOR_GETTER): Added custom constructors.
              * bindings/v8/custom/V8HTMLAudioElementConstructor.cpp:
              (WebCore::V8HTMLImageElementConstructor::GetTemplate): Added custom template creator.
              * bindings/v8/custom/V8HTMLOptionElementConstructor.cpp:
              (WebCore::V8HTMLOptionElementConstructor::GetTemplate): Ditto.
              * bindings/v8/custom/V8HTMLImageElementConstructor.cpp:
              (WebCore::V8HTMLImageElementConstructor::GetTemplate): Ditto.
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48955 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      99b1ba2a
    • eric@webkit.org's avatar
      2009-09-30 Gabor Loki <loki@inf.u-szeged.hu> · bbac8ee9
      eric@webkit.org authored
              Reviewed by George Staikos.
      
              Defines two pseudo-platforms for ARM and Thumb-2 instruction set.
              https://bugs.webkit.org/show_bug.cgi?id=29122
      
              Introduces WTF_PLATFORM_ARM_TRADITIONAL and WTF_PLATFORM_ARM_THUMB2
              macros on ARM platforms. The PLATFORM(ARM_THUMB2) should be used
              when Thumb-2 instruction set is the required target. The
              PLATFORM(ARM_TRADITIONAL) is for generic ARM instruction set. In
              case where the code is common the PLATFORM(ARM) have to be used.
      
              Modified by George Wright  <gwright@rim.com> to correctly work
              with the RVCT-defined __TARGET_ARCH_ARM and __TARGET_ARCH_THUMB
              compiler macros, as well as adding readability changes.
      
              * wtf/Platform.h:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48954 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      bbac8ee9
    • mjs@apple.com's avatar
      2009-09-30 Maciej Stachowiak <mjs@apple.com> · 67d34954
      mjs@apple.com authored
              Reviewed by Brady Eidson.
      
              307 redirects should pass along http body and Content-Type header
              https://bugs.webkit.org/show_bug.cgi?id=29943
      
              Follow-up fix for:
              <rdar://problem/3802660> SAP: 307 (Temporary Redirect) responses should use POST, not GET
              
              Test: http/tests/loading/resources/redirect-methods-result.php
      
              * platform/network/cf/ResourceHandleCFNet.cpp:
              (WebCore::willSendRequest): Pass along http body and Content-Type header.
              * platform/network/mac/ResourceHandleMac.mm:
              (-[WebCoreResourceHandleAsDelegate connection:willSendRequest:redirectResponse:]): ditto
      2009-09-30  Maciej Stachowiak  <mjs@apple.com>
      
              Reviewed by Brady Eidson.
      
              307 redirects should pass along http body and Content-Type header
              https://bugs.webkit.org/show_bug.cgi?id=29943
      
              Follow-up fix for:
              <rdar://problem/3802660> SAP: 307 (Temporary Redirect) responses should use POST, not GET
      
              * http/tests/loading/redirect-methods.html: Updated test to show the http body and content-type header.
              * http/tests/loading/redirect-methods-expected.txt:
              * http/tests/loading/resources/redirect-methods-result.php: 
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48953 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      67d34954
    • ggaren@apple.com's avatar
      Fixed https://bugs.webkit.org/show_bug.cgi?id=29941 · 1f68bf4a
      ggaren@apple.com authored
      REGRESSION (r48882-r48888): Many memory leaks on SnowLeopard leaks bot
      
      Patch by Geoffrey Garen <ggaren@apple.com> on 2009-09-30
      Reviewed by Mark Rowe.
      
      Forgot to implement a destructor for JSDOMWindowBaseData, so it was
      leaking its RefPtr data member.
      
      * bindings/js/JSDOMWindowBase.cpp:
      (WebCore::JSDOMWindowBase::destroyJSDOMWindowBaseData):
      * bindings/js/JSDOMWindowBase.h:
      (WebCore::JSDOMWindowBase::JSDOMWindowBaseData::JSDOMWindowBaseData::JSDOMWindowBaseData):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48952 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      1f68bf4a
    • hyatt@apple.com's avatar
      Make sure the removal of user stylesheets results in all of the WebViews being updated to · 44194bce
      hyatt@apple.com authored
      reflect the changes.
      
      Reviewed by Tim Hatcher.
      
      * page/PageGroup.cpp:
      (WebCore::PageGroup::removeUserContentWithURLForWorld):
      (WebCore::PageGroup::removeUserContentForWorld):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48951 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      44194bce
    • jorlow@chromium.org's avatar
      2009-09-30 Jeremy Orlow <jorlow@chromium.org> · a24eed18
      jorlow@chromium.org authored
              Reviewed by Dimitri Glazkov.
      
              Use a script-tests directory rather than a resources directory for DOM Storage
              https://bugs.webkit.org/show_bug.cgi?id=29938
      
              Use a script-tests directory rather than a resources directory for DOM Storage.
              This matches up with what's been done elsewhere in the tree.
      
              * storage/domstorage/localstorage/clear.html:
              * storage/domstorage/resources: Removed.
              * storage/domstorage/resources/clear.js: Removed.
              * storage/domstorage/script-tests: Copied from LayoutTests/storage/domstorage/resources.
              * storage/domstorage/sessionstorage/clear.html:
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48950 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      a24eed18
    • eric@webkit.org's avatar
      2009-09-30 Eric Seidel <eric@webkit.org> · e8d8d4ee
      eric@webkit.org authored
              No review, just adding Geoff to the list of reviewers.
      
              * Scripts/modules/committers.py:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48949 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      e8d8d4ee
    • oliver@apple.com's avatar
      Devirtualise array toString conversion · 55445085
      oliver@apple.com authored
      Reviewed by Geoff Garen.
      
      Tweak the implementation of Array.prototype.toString to have a fast path
      when acting on a true JSArray.
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48948 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      55445085
    • mitz@apple.com's avatar
      REGRESSION(r47440): drop down menus at americanexpress.com disappear on mouse out · 66bc5f4e
      mitz@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=29209
      
      Reviewed by Sam Weinig.
      
      WebCore: 
      
      Test: fast/inline/relative-positioned-overflow.html
      
      * rendering/InlineFlowBox.cpp:
      (WebCore::InlineFlowBox::computeVerticalOverflow): Add self-painting
      inlines to overflow to ensure that they are included in hit-testing.
      
      LayoutTests: 
      
      * fast/inline/relative-positioned-overflow-expected.txt: Added.
      * fast/inline/relative-positioned-overflow.html: Added.
      * platform/mac/fast/repaint/transform-absolute-in-positioned-container-expected.txt:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48947 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      66bc5f4e
    • weinig@apple.com's avatar
      Fix for <rdar://problem/7259706> · 1f89004f
      weinig@apple.com authored
      Need WebKit API or SPI on Mac and Windows to test whether it's safe to load a page in a new tab/window
      
      Reviewed by Dan Bernstein.
      
      WebKit/mac: 
      
      * WebView/WebFrame.mm:
      (-[WebFrame _allowsFollowingLink:]):
      * WebView/WebFramePrivate.h:
      
      WebKit/win: 
      
      * Interfaces/IWebFramePrivate.idl:
      * WebFrame.cpp:
      (WebFrame::allowsFollowingLink):
      * WebFrame.h:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48946 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      1f89004f
    • simon.fraser@apple.com's avatar
      2009-09-30 Simon Fraser <simon.fraser@apple.com> · b2870561
      simon.fraser@apple.com authored
              Reviewed by Mark Rowe.
      
              transforms/3d tests are not run in Release builds
              https://bugs.webkit.org/show_bug.cgi?id=29827
      
              Make sure we export the WebCoreHas3DRendering symbol in Release builds,
              because this symbols is used by run-webkit-tests (via 'nm') to detect whether
              WebCore was built with ENABLE_3D_RENDERING turned on.
      
              * DerivedSources.make:
              * WebCore.3DRendering.exp: Added.
              * WebCore.xcodeproj/project.pbxproj:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48945 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      b2870561
    • mitz@apple.com's avatar
      Added the WebKit Layout Tests fonts that are referenced in · 14c717df
      mitz@apple.com authored
      LayoutTests/platform/win/css2.1/resources/Mac-compatible-font-fallback.css
      
      Reviewed by Sam Weinig.
      
      * DumpRenderTree/fonts/WebKit Layout Tests 2.ttf: Added.
      * DumpRenderTree/fonts/WebKit Layout Tests.ttf: Added.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48944 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      14c717df
    • kenneth@webkit.org's avatar
      Add the failed URL to the ErrorPageExtension, as it is quite · 2a3435f5
      kenneth@webkit.org authored
      useful for creating error pages.
      
      Patch by Kenneth Rohde Christiansen <kenneth@webkit.org> on 2009-09-30
      Reviewed by David Hyatt.
      
      * Api/qwebpage.h:
      * WebCoreSupport/FrameLoaderClientQt.cpp:
      (WebCore::FrameLoaderClientQt::callErrorPageExtension):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48943 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      2a3435f5
    • jorlow@chromium.org's avatar
      Build fix for QT. Didn't know WebCore.pro existed. · a0d73dec
      jorlow@chromium.org authored
      Patch by Jeremy Orlow <jorlow@chromium.org> on 2009-09-30
      * WebCore.pro:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48942 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      a0d73dec
    • hyatt@apple.com's avatar
      WebCore: Add a method for removal of user scripts and stylesheets by URL from a specific world. · 326237f6
      hyatt@apple.com authored
      Reviewed by Adam Roben.
      
      * page/PageGroup.cpp:
      (WebCore::PageGroup::removeUserContentURLForWorld):
      * page/PageGroup.h:
      
      WebKit/mac: Add the ability to remove user stylesheets and scripts by URL.
      
      Reviewed by Adam Roben.
      
      * WebView/WebView.mm:
      (+[WebView _removeUserContentFromGroup:url:worldID:]):
      * WebView/WebViewPrivate.h:
      
      WebKit/win: Add the ability to remove user stylesheets and scripts by URL.
      
      Reviewed by Adam Roben.
      
      * Interfaces/IWebViewPrivate.idl:
      * WebView.cpp:
      (WebView::removeUserContentWithURLFromGroup):
      * WebView.h:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48941 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      326237f6
    • eric@webkit.org's avatar
      2009-09-30 Chris Hawk <hawk@chromium.org> · 3116d5d6
      eric@webkit.org authored
              Reviewed by Dimitri Glazkov.
      
              Fix for conditionals in the WebCore gyp file, which contained two separate
              'conditions' values for the webcore target. The first entry was ignored,
              resulting in some missine defines.
              https://bugs.webkit.org/show_bug.cgi?id=29907
      
              * WebCore.gyp/WebCore.gyp:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48940 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      3116d5d6
    • jorlow@chromium.org's avatar
      2009-09-21 Jeremy Orlow <jorlow@chromium.org> · 914f2dd1
      jorlow@chromium.org authored
              Reviewed by Adam Barth.
      
              DOM Storage needs to be more careful about where "ThreadSafe" objects are destroyed.
              https://bugs.webkit.org/show_bug.cgi?id=29265
      
              DOM Storage needs to be more careful about where "ThreadSafe" objects are
              destroyed.  With the current code, there actually isn't a race condition, but
              it sure would be easy for someone to introduce one.  A bunch of
              ThreadSafeShared objects have RefPtrs to objects that are NOT ThreadSafeShared
              objects.  If it were possible any of these objects' destructors to be fired off
              the main thread, then the you'd have a race condition.  The code should be more
              clear and self-documenting about how things related to each other.
      
              Since the lifetime of a LocalStorageTask is bounded by the LocalStorageThread
              which is bounded by the StorageSyncManager, StorageAreaImpl, and
              StorageAreaSync, there's no reason for LocalStorageTask to store anything other
              than pointers.  By breaking this dependency, we can eliminate the risk.
      
              Note that we _could_ have LocalStorageThread's task queue just store
              LocalStorageTask*'s rather than RefPtr<LocalStorageTask>s but then we'd need to
              manually take care of deleting.  It'd probably also be possible to change
              LocalStorageThread around so that it needn't hold onto a reference of itself
              and have a more deterministic shutdown, but my initial attempts to do so
              failed, and I decided it wasn't worth changing.  The queue is killed before
              hand, so the thread is 100% impotent before the main thread continues anyway.
      
              The constructors and destructors of StorageSyncManager, StorageAreaImpl, and
              StorageAreaSync now have ASSERTs to verify they're running on the main thread. 
              I'm fairly positive that it'd be impossible to hit these asserts and the fact
              that these classes are no longer ThreadSafeShared should make it clear how
              they're meant to be used, but I think it's worth it to be extra sure.  Of
              course, ideally, we'd have such an assert every time a ref is incremented or
              decremented.
      
              Behavior should be unchanged and this is just an internal code cleanup, so no
              new tests.
      
              * storage/LocalStorageTask.cpp:
              (WebCore::LocalStorageTask::LocalStorageTask):
              (WebCore::LocalStorageTask::performTask):
              * storage/LocalStorageTask.h:
              (WebCore::LocalStorageTask::createImport):
              (WebCore::LocalStorageTask::createSync):
              (WebCore::LocalStorageTask::createTerminate):
              * storage/LocalStorageThread.cpp:
              (WebCore::LocalStorageThread::scheduleImport):
              (WebCore::LocalStorageThread::scheduleSync):
              * storage/LocalStorageThread.h:
              * storage/StorageArea.h:
              * storage/StorageAreaImpl.cpp:
              (WebCore::StorageAreaImpl::~StorageAreaImpl):
              (WebCore::StorageAreaImpl::StorageAreaImpl):
              * storage/StorageAreaSync.cpp:
              (WebCore::StorageAreaSync::StorageAreaSync):
              (WebCore::StorageAreaSync::~StorageAreaSync):
              * storage/StorageSyncManager.cpp:
              (WebCore::StorageSyncManager::StorageSyncManager):
              (WebCore::StorageSyncManager::~StorageSyncManager):
              (WebCore::StorageSyncManager::scheduleImport):
              (WebCore::StorageSyncManager::scheduleSync):
              * storage/StorageSyncManager.h:
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48939 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      914f2dd1
    • ggaren@apple.com's avatar
      Buildfix for platforms using JSVALUE32. · 834bfad2
      ggaren@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=29915
      
      Patch by Csaba Osztrogonac <oszi@inf.u-szeged.hu> on 2009-09-30
      Reviewed by Geoffrey Garen.
      
      After http://trac.webkit.org/changeset/48905 the build broke in JSVALUE32 case.
      Also removed unreachable code.
      
      * jit/JITArithmetic.cpp:
      (JSC::JIT::emit_op_add):
       - Declaration of "OperandTypes types" moved before first use.
       - Typos fixed: dst modified to result, regT2 added.
       - Unreachable code removed.
      (JSC::JIT::emitSlow_op_add):
       - Missing declaration of "OperandTypes types" added.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48938 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      834bfad2
    • jorlow@chromium.org's avatar
      2009-09-28 Jeremy Orlow <jorlow@chromium.org> · 78f679fb
      jorlow@chromium.org authored
              Reviewed by Darin Fisher.
      
              Chromium needs to be able to override the way storage events are delivered
              https://bugs.webkit.org/show_bug.cgi?id=29655
      
              Chromium needs to be able to override the way storage events are delivered.
              This replaced https://bugs.webkit.org/show_bug.cgi?id=29257 because it'll be
              faster (no vtables and extra allocation) and somewhat cleaner (no dependency
              injection).  This is necessary because Chromium needs to transport events across
              a process barrier and then dispatch them without use of a Frame*.
      
              Behavior should not change with this, so no updates to tests.
      
              * GNUmakefile.am:
              * WebCore.gypi:
              * WebCore.vcproj/WebCore.vcproj:
              * WebCore.xcodeproj/project.pbxproj:
              * WebCoreSources.bkl:
              * storage/StorageAreaImpl.cpp:
              (WebCore::StorageAreaImpl::setItem):
              (WebCore::StorageAreaImpl::removeItem):
              (WebCore::StorageAreaImpl::clear):
              * storage/StorageAreaImpl.h:
              * storage/StorageEventDispatcher.cpp: Copied from WebCore/storage/StorageAreaImpl.cpp.
              (WebCore::StorageEventDispatcher::dispatch):
              * storage/StorageEventDispatcher.h: Added.  (Well, technically in the other half of this patch.)
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48937 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      78f679fb
    • mrowe@apple.com's avatar
      Versioning. · 48fc67b6
      mrowe@apple.com authored
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48936 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      48fc67b6
    • jianli@chromium.org's avatar
      Need to check NULL frame in EventHandler::updateDragAndDrop. · 00364e3d
      jianli@chromium.org authored
      https://bugs.webkit.org/show_bug.cgi?id=29929
      
      Reviewed by Darin Adler.
      
      WebCore:
      
      Test: http/tests/misc/drag-over-iframe-invalid-source-crash.html
      
      * page/EventHandler.cpp:
      (WebCore::EventHandler::updateDragAndDrop):
      
      LayoutTests:
      
      Add a new test for the bug.
      
      * http/tests/misc/drag-over-iframe-invalid-source-crash-expected.txt: Added.
      * http/tests/misc/drag-over-iframe-invalid-source-crash.html: Added.
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48934 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      00364e3d
    • mitz@apple.com's avatar
      fa4da37e