1. 01 Oct, 2009 5 commits
  2. 30 Sep, 2009 20 commits
    • dbates@webkit.org's avatar
      2009-09-30 Daniel Bates <dbates@webkit.org> · c1377e2a
      dbates@webkit.org authored
              Reviewed by Adam Barth.
      
              https://bugs.webkit.org/show_bug.cgi?id=29944
              
              Reduces false positives in the XSSAuditor by explicitly allowing requests
              that do not contain illegal URI characters.
              
              As a side effect of this change, the tests property-inject.html, 
              property-escape-noquotes.html, and property-escape-noquotes-tab-slash-chars.html 
              fail because these attacks do not contain any illegal URI characters and 
              thus are now allowed by the XSSAuditor, where previously they weren't. A future
              change may reinstate this functionality.
      
              Tests: http/tests/security/xssAuditor/script-tag-safe2.html
                     http/tests/security/xssAuditor/script-tag-safe3.html
      
              * page/XSSAuditor.cpp:
              (WebCore::isIllegalURICharacter): Added method.
              (WebCore::XSSAuditor::canEvaluate):
              (WebCore::XSSAuditor::canCreateInlineEventListener):
              (WebCore::XSSAuditor::findInRequest): Added parameter 
              allowRequestIfNoIllegalURICharacters.
              * page/XSSAuditor.h:
      2009-09-30  Daniel Bates  <dbates@webkit.org>
      
              Reviewed by Adam Barth.
      
              https://bugs.webkit.org/show_bug.cgi?id=29944
              
              Tests that the XSSAuditor allows requests that do not contain illegal URI 
              characters.
              
              Added a notice regarding the failure of tests property-inject.html, 
              property-escape-noquotes.html and property-escape-noquotes-tab-slash-chars.html, 
              and rebased the expected results of these tests.
      
              * http/tests/security/xssAuditor/property-escape-noquotes-expected.txt:
              * http/tests/security/xssAuditor/property-escape-noquotes-tab-slash-chars-expected.txt:
              * http/tests/security/xssAuditor/property-escape-noquotes-tab-slash-chars.html:
              * http/tests/security/xssAuditor/property-escape-noquotes.html:
              * http/tests/security/xssAuditor/property-inject-expected.txt:
              * http/tests/security/xssAuditor/property-inject.html:
              * http/tests/security/xssAuditor/resources/safe-script-noquotes.js: Added.
              * http/tests/security/xssAuditor/resources/script-tag-safe2.html: Added.
              * http/tests/security/xssAuditor/resources/script-tag-safe3.html: Added.
              * http/tests/security/xssAuditor/script-tag-safe2-expected.txt: Added.
              * http/tests/security/xssAuditor/script-tag-safe2.html: Added.
              * http/tests/security/xssAuditor/script-tag-safe3-expected.txt: Added.
              * http/tests/security/xssAuditor/script-tag-safe3.html: Added.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48961 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      c1377e2a
    • oliver@apple.com's avatar
      reproducible freeze and crash on closing form popup at bosch-home.nl · 85d08906
      oliver@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=28948
      
      Reviewed by Maciej Stachowiak.
      
      showModalDialog calls getDirect on what is actually a window shell,
      so ends up not getting a value (since no value can ever be placed
      directly on the shell), which leads to incorrect behaviour.
      
      We use a manual test rather than automatic as it was not
      possible to get a modal run loop to work inside DRT.
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48960 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      85d08906
    • eric@webkit.org's avatar
      2009-09-30 Kent Tamura <tkent@chromium.org> · 03159e8a
      eric@webkit.org authored
              Reviewed by Darin Adler.
      
              Add ValidityState.tooLong support for <input> and <textarea>.
              https://bugs.webkit.org/show_bug.cgi?id=27454
      
              * fast/forms/ValidityState-tooLong-input-expected.txt: Added.
              * fast/forms/ValidityState-tooLong-input.html: Added.
              * fast/forms/ValidityState-tooLong-textarea-expected.txt: Added.
              * fast/forms/ValidityState-tooLong-textarea.html: Added.
              * fast/forms/script-tests/ValidityState-tooLong-input.js: Added.
              * fast/forms/script-tests/ValidityState-tooLong-textarea.js: Added.
      2009-09-30  Kent Tamura  <tkent@chromium.org>
      
              Reviewed by Darin Adler.
      
              Adds ValidityState.tooLong support for <input> and <textarea>.
      
              Introduces tooLong() in HTMLFormControlElement and it always returns false.
              HTMLInputElement and HTMLTextAreaElement overrides it and checks the text
              length and maxLength.  tooLong() should work only for `dirty' values.
              So, introduces m_isDirty flag for HTMLTextAreaElement, and
              !m_data.value().isNull() works as a dirty flag for HTMLInputElement.
      
              Renames parameter names of setMaxLength().
      
              https://bugs.webkit.org/show_bug.cgi?id=27454
      
              Tests: fast/forms/ValidityState-tooLong-input.html
                     fast/forms/ValidityState-tooLong-textarea.html
      
              * html/HTMLFormControlElement.h:
              (WebCore::HTMLFormControlElement::tooLong):
              * html/HTMLInputElement.cpp:
              (WebCore::HTMLInputElement::tooLong):
              (WebCore::HTMLInputElement::setMaxLength):
              * html/HTMLInputElement.h:
              * html/HTMLTextAreaElement.cpp:
              (WebCore::HTMLTextAreaElement::HTMLTextAreaElement):
              (WebCore::HTMLTextAreaElement::reset):
              (WebCore::HTMLTextAreaElement::updateValue):
              (WebCore::HTMLTextAreaElement::setMaxLength):
              (WebCore::HTMLTextAreaElement::tooLong):
              * html/HTMLTextAreaElement.h:
              * html/ValidityState.h:
              (WebCore::ValidityState::tooLong):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48959 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      03159e8a
    • abarth@webkit.org's avatar
      2009-09-30 Adam Barth <abarth@webkit.org> · 43d36a30
      abarth@webkit.org authored
              Reviewed by Maciej Stachowiak.
      
              Factor RedirectScheduler out of FrameLoader
              https://bugs.webkit.org/show_bug.cgi?id=29948
      
              This change introduces a new sub-object of Frame, redirectScheduler.
              The redirectScheduler is responsible for scheduling redirects.
      
              This change leaves the code for the redirectScheduler in
              FrameLoader.cpp.  A future change will move the class into its own
              file.
      
              No behavior change (hopefully!).
      
              * loader/FrameLoader.cpp:
              (WebCore::RedirectScheduler::RedirectScheduler):
              (WebCore::RedirectScheduler::~RedirectScheduler):
              (WebCore::RedirectScheduler::redirectScheduledDuringLoad):
              (WebCore::RedirectScheduler::clear):
              (WebCore::FrameLoader::FrameLoader):
              (WebCore::FrameLoader::setDefersLoading):
              (WebCore::FrameLoader::stopLoading):
              (WebCore::FrameLoader::didOpenURL):
              (WebCore::FrameLoader::didExplicitOpen):
              (WebCore::FrameLoader::cancelAndClear):
              (WebCore::FrameLoader::clear):
              (WebCore::FrameLoader::checkCompleted):
              (WebCore::FrameLoader::isScheduledLocationChangePending):
              (WebCore::FrameLoader::scheduleHTTPRedirection):
              (WebCore::RedirectScheduler::scheduleRedirect):
              (WebCore::RedirectScheduler::mustLockBackForwardList):
              (WebCore::FrameLoader::scheduleLocationChange):
              (WebCore::RedirectScheduler::scheduleLocationChange):
              (WebCore::FrameLoader::scheduleFormSubmission):
              (WebCore::RedirectScheduler::scheduleFormSubmission):
              (WebCore::FrameLoader::scheduleRefresh):
              (WebCore::RedirectScheduler::scheduleRefresh):
              (WebCore::RedirectScheduler::locationChangePending):
              (WebCore::FrameLoader::scheduleHistoryNavigation):
              (WebCore::RedirectScheduler::scheduleHistoryNavigation):
              (WebCore::RedirectScheduler::timerFired):
              (WebCore::FrameLoader::provisionalLoadStarted):
              (WebCore::RedirectScheduler::schedule):
              (WebCore::RedirectScheduler::startTimer):
              (WebCore::RedirectScheduler::cancel):
              (WebCore::FrameLoader::completed):
              (WebCore::FrameLoader::open):
              * loader/FrameLoader.h:
              (WebCore::FrameLoader::committedFirstRealDocumentLoad):
              * page/Frame.cpp:
              (WebCore::Frame::Frame):
              (WebCore::Frame::redirectScheduler):
              * page/Frame.h:
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48958 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      43d36a30
    • mjs@apple.com's avatar
      Build fix, not reviewed. · e9f60fe3
      mjs@apple.com authored
      More Windows build fixes for https://bugs.webkit.org/show_bug.cgi?id=29943
      
      * platform/network/cf/ResourceHandleCFNet.cpp:
      (WebCore::willSendRequest):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48957 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      e9f60fe3
    • mjs@apple.com's avatar
      Build fix, not reviewed. · 544c8eb8
      mjs@apple.com authored
      Fix windows build for fix for https://bugs.webkit.org/show_bug.cgi?id=29943
      
      * platform/network/cf/ResourceHandleCFNet.cpp:
      (WebCore::willSendRequest):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48956 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      544c8eb8
    • dglazkov@chromium.org's avatar
      2009-09-30 Dimitri Glazkov <dglazkov@chromium.org> · 99b1ba2a
      dglazkov@chromium.org authored
              Reviewed by Darin Fisher.
      
              [V8] HTMLAudioElement, HTMLImageElement, and HTMLOptionElement are constructable, but they shouldn't be.
              Only Audio, Image, and Option should be constructable.
              https://bugs.webkit.org/show_bug.cgi?id=29940
      
              Test: fast/dom/dom-constructor.html
      
              * WebCore.gypi: Added new files to project.
              * bindings/scripts/CodeGeneratorV8.pm: Modified to generate custom constructors.
              * bindings/v8/V8DOMWrapper.cpp:
              (WebCore::V8DOMWrapper::getTemplate): Removed handling of HTMLImageElement, HTMLOptionElement
                and HTMLAudioElement construction.
              * bindings/v8/V8HTMLAudioElementConstructor.h: Added.
              * bindings/v8/V8HTMLImageElementConstructor.h: Added.
              * bindings/v8/V8HTMLOptionElementConstructor.h: Added.
              * bindings/v8/V8Index.cpp: Added new headers.
              * bindings/v8/V8Index.h: Added Audio, Image and Option decls.
              * bindings/v8/custom/V8CustomBinding.h: Ditto.
              * bindings/v8/custom/V8DOMWindowCustom.cpp:
              (WebCore::ACCESSOR_GETTER): Added custom constructors.
              * bindings/v8/custom/V8HTMLAudioElementConstructor.cpp:
              (WebCore::V8HTMLImageElementConstructor::GetTemplate): Added custom template creator.
              * bindings/v8/custom/V8HTMLOptionElementConstructor.cpp:
              (WebCore::V8HTMLOptionElementConstructor::GetTemplate): Ditto.
              * bindings/v8/custom/V8HTMLImageElementConstructor.cpp:
              (WebCore::V8HTMLImageElementConstructor::GetTemplate): Ditto.
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48955 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      99b1ba2a
    • mjs@apple.com's avatar
      2009-09-30 Maciej Stachowiak <mjs@apple.com> · 67d34954
      mjs@apple.com authored
              Reviewed by Brady Eidson.
      
              307 redirects should pass along http body and Content-Type header
              https://bugs.webkit.org/show_bug.cgi?id=29943
      
              Follow-up fix for:
              <rdar://problem/3802660> SAP: 307 (Temporary Redirect) responses should use POST, not GET
              
              Test: http/tests/loading/resources/redirect-methods-result.php
      
              * platform/network/cf/ResourceHandleCFNet.cpp:
              (WebCore::willSendRequest): Pass along http body and Content-Type header.
              * platform/network/mac/ResourceHandleMac.mm:
              (-[WebCoreResourceHandleAsDelegate connection:willSendRequest:redirectResponse:]): ditto
      2009-09-30  Maciej Stachowiak  <mjs@apple.com>
      
              Reviewed by Brady Eidson.
      
              307 redirects should pass along http body and Content-Type header
              https://bugs.webkit.org/show_bug.cgi?id=29943
      
              Follow-up fix for:
              <rdar://problem/3802660> SAP: 307 (Temporary Redirect) responses should use POST, not GET
      
              * http/tests/loading/redirect-methods.html: Updated test to show the http body and content-type header.
              * http/tests/loading/redirect-methods-expected.txt:
              * http/tests/loading/resources/redirect-methods-result.php: 
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48953 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      67d34954
    • ggaren@apple.com's avatar
      Fixed https://bugs.webkit.org/show_bug.cgi?id=29941 · 1f68bf4a
      ggaren@apple.com authored
      REGRESSION (r48882-r48888): Many memory leaks on SnowLeopard leaks bot
      
      Patch by Geoffrey Garen <ggaren@apple.com> on 2009-09-30
      Reviewed by Mark Rowe.
      
      Forgot to implement a destructor for JSDOMWindowBaseData, so it was
      leaking its RefPtr data member.
      
      * bindings/js/JSDOMWindowBase.cpp:
      (WebCore::JSDOMWindowBase::destroyJSDOMWindowBaseData):
      * bindings/js/JSDOMWindowBase.h:
      (WebCore::JSDOMWindowBase::JSDOMWindowBaseData::JSDOMWindowBaseData::JSDOMWindowBaseData):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48952 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      1f68bf4a
    • hyatt@apple.com's avatar
      Make sure the removal of user stylesheets results in all of the WebViews being updated to · 44194bce
      hyatt@apple.com authored
      reflect the changes.
      
      Reviewed by Tim Hatcher.
      
      * page/PageGroup.cpp:
      (WebCore::PageGroup::removeUserContentWithURLForWorld):
      (WebCore::PageGroup::removeUserContentForWorld):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48951 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      44194bce
    • mitz@apple.com's avatar
      REGRESSION(r47440): drop down menus at americanexpress.com disappear on mouse out · 66bc5f4e
      mitz@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=29209
      
      Reviewed by Sam Weinig.
      
      WebCore: 
      
      Test: fast/inline/relative-positioned-overflow.html
      
      * rendering/InlineFlowBox.cpp:
      (WebCore::InlineFlowBox::computeVerticalOverflow): Add self-painting
      inlines to overflow to ensure that they are included in hit-testing.
      
      LayoutTests: 
      
      * fast/inline/relative-positioned-overflow-expected.txt: Added.
      * fast/inline/relative-positioned-overflow.html: Added.
      * platform/mac/fast/repaint/transform-absolute-in-positioned-container-expected.txt:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48947 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      66bc5f4e
    • simon.fraser@apple.com's avatar
      2009-09-30 Simon Fraser <simon.fraser@apple.com> · b2870561
      simon.fraser@apple.com authored
              Reviewed by Mark Rowe.
      
              transforms/3d tests are not run in Release builds
              https://bugs.webkit.org/show_bug.cgi?id=29827
      
              Make sure we export the WebCoreHas3DRendering symbol in Release builds,
              because this symbols is used by run-webkit-tests (via 'nm') to detect whether
              WebCore was built with ENABLE_3D_RENDERING turned on.
      
              * DerivedSources.make:
              * WebCore.3DRendering.exp: Added.
              * WebCore.xcodeproj/project.pbxproj:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48945 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      b2870561
    • jorlow@chromium.org's avatar
      Build fix for QT. Didn't know WebCore.pro existed. · a0d73dec
      jorlow@chromium.org authored
      Patch by Jeremy Orlow <jorlow@chromium.org> on 2009-09-30
      * WebCore.pro:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48942 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      a0d73dec
    • hyatt@apple.com's avatar
      WebCore: Add a method for removal of user scripts and stylesheets by URL from a specific world. · 326237f6
      hyatt@apple.com authored
      Reviewed by Adam Roben.
      
      * page/PageGroup.cpp:
      (WebCore::PageGroup::removeUserContentURLForWorld):
      * page/PageGroup.h:
      
      WebKit/mac: Add the ability to remove user stylesheets and scripts by URL.
      
      Reviewed by Adam Roben.
      
      * WebView/WebView.mm:
      (+[WebView _removeUserContentFromGroup:url:worldID:]):
      * WebView/WebViewPrivate.h:
      
      WebKit/win: Add the ability to remove user stylesheets and scripts by URL.
      
      Reviewed by Adam Roben.
      
      * Interfaces/IWebViewPrivate.idl:
      * WebView.cpp:
      (WebView::removeUserContentWithURLFromGroup):
      * WebView.h:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48941 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      326237f6
    • eric@webkit.org's avatar
      2009-09-30 Chris Hawk <hawk@chromium.org> · 3116d5d6
      eric@webkit.org authored
              Reviewed by Dimitri Glazkov.
      
              Fix for conditionals in the WebCore gyp file, which contained two separate
              'conditions' values for the webcore target. The first entry was ignored,
              resulting in some missine defines.
              https://bugs.webkit.org/show_bug.cgi?id=29907
      
              * WebCore.gyp/WebCore.gyp:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48940 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      3116d5d6
    • jorlow@chromium.org's avatar
      2009-09-21 Jeremy Orlow <jorlow@chromium.org> · 914f2dd1
      jorlow@chromium.org authored
              Reviewed by Adam Barth.
      
              DOM Storage needs to be more careful about where "ThreadSafe" objects are destroyed.
              https://bugs.webkit.org/show_bug.cgi?id=29265
      
              DOM Storage needs to be more careful about where "ThreadSafe" objects are
              destroyed.  With the current code, there actually isn't a race condition, but
              it sure would be easy for someone to introduce one.  A bunch of
              ThreadSafeShared objects have RefPtrs to objects that are NOT ThreadSafeShared
              objects.  If it were possible any of these objects' destructors to be fired off
              the main thread, then the you'd have a race condition.  The code should be more
              clear and self-documenting about how things related to each other.
      
              Since the lifetime of a LocalStorageTask is bounded by the LocalStorageThread
              which is bounded by the StorageSyncManager, StorageAreaImpl, and
              StorageAreaSync, there's no reason for LocalStorageTask to store anything other
              than pointers.  By breaking this dependency, we can eliminate the risk.
      
              Note that we _could_ have LocalStorageThread's task queue just store
              LocalStorageTask*'s rather than RefPtr<LocalStorageTask>s but then we'd need to
              manually take care of deleting.  It'd probably also be possible to change
              LocalStorageThread around so that it needn't hold onto a reference of itself
              and have a more deterministic shutdown, but my initial attempts to do so
              failed, and I decided it wasn't worth changing.  The queue is killed before
              hand, so the thread is 100% impotent before the main thread continues anyway.
      
              The constructors and destructors of StorageSyncManager, StorageAreaImpl, and
              StorageAreaSync now have ASSERTs to verify they're running on the main thread. 
              I'm fairly positive that it'd be impossible to hit these asserts and the fact
              that these classes are no longer ThreadSafeShared should make it clear how
              they're meant to be used, but I think it's worth it to be extra sure.  Of
              course, ideally, we'd have such an assert every time a ref is incremented or
              decremented.
      
              Behavior should be unchanged and this is just an internal code cleanup, so no
              new tests.
      
              * storage/LocalStorageTask.cpp:
              (WebCore::LocalStorageTask::LocalStorageTask):
              (WebCore::LocalStorageTask::performTask):
              * storage/LocalStorageTask.h:
              (WebCore::LocalStorageTask::createImport):
              (WebCore::LocalStorageTask::createSync):
              (WebCore::LocalStorageTask::createTerminate):
              * storage/LocalStorageThread.cpp:
              (WebCore::LocalStorageThread::scheduleImport):
              (WebCore::LocalStorageThread::scheduleSync):
              * storage/LocalStorageThread.h:
              * storage/StorageArea.h:
              * storage/StorageAreaImpl.cpp:
              (WebCore::StorageAreaImpl::~StorageAreaImpl):
              (WebCore::StorageAreaImpl::StorageAreaImpl):
              * storage/StorageAreaSync.cpp:
              (WebCore::StorageAreaSync::StorageAreaSync):
              (WebCore::StorageAreaSync::~StorageAreaSync):
              * storage/StorageSyncManager.cpp:
              (WebCore::StorageSyncManager::StorageSyncManager):
              (WebCore::StorageSyncManager::~StorageSyncManager):
              (WebCore::StorageSyncManager::scheduleImport):
              (WebCore::StorageSyncManager::scheduleSync):
              * storage/StorageSyncManager.h:
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48939 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      914f2dd1
    • jorlow@chromium.org's avatar
      2009-09-28 Jeremy Orlow <jorlow@chromium.org> · 78f679fb
      jorlow@chromium.org authored
              Reviewed by Darin Fisher.
      
              Chromium needs to be able to override the way storage events are delivered
              https://bugs.webkit.org/show_bug.cgi?id=29655
      
              Chromium needs to be able to override the way storage events are delivered.
              This replaced https://bugs.webkit.org/show_bug.cgi?id=29257 because it'll be
              faster (no vtables and extra allocation) and somewhat cleaner (no dependency
              injection).  This is necessary because Chromium needs to transport events across
              a process barrier and then dispatch them without use of a Frame*.
      
              Behavior should not change with this, so no updates to tests.
      
              * GNUmakefile.am:
              * WebCore.gypi:
              * WebCore.vcproj/WebCore.vcproj:
              * WebCore.xcodeproj/project.pbxproj:
              * WebCoreSources.bkl:
              * storage/StorageAreaImpl.cpp:
              (WebCore::StorageAreaImpl::setItem):
              (WebCore::StorageAreaImpl::removeItem):
              (WebCore::StorageAreaImpl::clear):
              * storage/StorageAreaImpl.h:
              * storage/StorageEventDispatcher.cpp: Copied from WebCore/storage/StorageAreaImpl.cpp.
              (WebCore::StorageEventDispatcher::dispatch):
              * storage/StorageEventDispatcher.h: Added.  (Well, technically in the other half of this patch.)
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48937 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      78f679fb
    • jianli@chromium.org's avatar
      Need to check NULL frame in EventHandler::updateDragAndDrop. · 00364e3d
      jianli@chromium.org authored
      https://bugs.webkit.org/show_bug.cgi?id=29929
      
      Reviewed by Darin Adler.
      
      WebCore:
      
      Test: http/tests/misc/drag-over-iframe-invalid-source-crash.html
      
      * page/EventHandler.cpp:
      (WebCore::EventHandler::updateDragAndDrop):
      
      LayoutTests:
      
      Add a new test for the bug.
      
      * http/tests/misc/drag-over-iframe-invalid-source-crash-expected.txt: Added.
      * http/tests/misc/drag-over-iframe-invalid-source-crash.html: Added.
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48934 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      00364e3d
    • simon.fraser@apple.com's avatar
      2009-09-29 Simon Fraser <simon.fraser@apple.com> · 195d0d67
      simon.fraser@apple.com authored
              Reviewed by Dan Bernstein.
      
              ASSERTION FAILED: !repaintContainer || repaintContainer == this
              https://bugs.webkit.org/show_bug.cgi?id=29755
      
              Generalize the fix for this bug to account for cases where there may be multiple
              containing blocks between the repaint container, and the container of the element
              being repainted.
      
              Test: compositing/repaint/opacity-between-absolute2.html
      
              * rendering/RenderBox.cpp:
              (WebCore::RenderBox::mapLocalToContainer):
              Call offsetFromAncestorContainer() to get the correct offset.
      
              (WebCore::RenderBox::computeRectForRepaint): Ditto
              * rendering/RenderInline.cpp:
              (WebCore::RenderInline::computeRectForRepaint): Ditto.
      
              * rendering/RenderObject.h:
              * rendering/RenderObject.cpp:
              (WebCore::RenderObject::offsetFromAncestorContainer):
              New method that computes an offset from some object in the ancestor container() chain.
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48932 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      195d0d67
    • eric@webkit.org's avatar
      2009-09-30 Andras Becsi <becsi.andras@stud.u-szeged.hu> · a6b728be
      eric@webkit.org authored
              Reviewed by Simon Hausmann.
      
              [Qt] Fix TextCodecQt::decode method after r48752 to return a non-null string if the length of the input is 0.
              This fixes https://bugs.webkit.org/show_bug.cgi?id=29736.
      
              * platform/text/qt/TextCodecQt.cpp:
              (WebCore::TextCodecQt::decode):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48929 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      a6b728be
  3. 29 Sep, 2009 15 commits
    • hyatt@apple.com's avatar
      Fix a couple of bugs with patterns. Move the setting of the document URL to before the style · 220f4e65
      hyatt@apple.com authored
      selector gets constructed so that pattern match testing gets the correct URL.
      
      Reviewed by Jon Honeycutt.
      
      * loader/FrameLoader.cpp:
      (WebCore::FrameLoader::begin):
      * page/UserContentURLPattern.cpp:
      (WebCore::UserContentURLPattern::parse):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48919 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      220f4e65
    • ap@apple.com's avatar
      Rubber-stamped by Brady Eidson. · 744d93ab
      ap@apple.com authored
              Assertion failure in http/tests/xmlhttprequest/failed-auth.html.
      
              I couldn't find out why this only started to happen now, but it was incorrect to check
              persistence of a credential returned by CredentialStorage::get() without checking that it
              was non-null. When there is no credential for the protection space in storage, get()
              returns a new object, and Credentil constructor doesn't initialize m_persistence.
      
              * platform/network/mac/ResourceHandleMac.mm:
              (-[WebCoreSynchronousLoader connection:didReceiveAuthenticationChallenge:]): Moved the
              assertion after credential null check.
              (WebCore::ResourceHandle::didReceiveAuthenticationChallenge): Added the same persistence
              assertion, matching sync code (and CF one, as well).
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48918 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      744d93ab
    • yong.li@torchmobile.com's avatar
      2009-09-29 Yong Li <yong.li@torchmobile.com> · 9c89fdba
      yong.li@torchmobile.com authored
              Reviewed by Darin Adler.
      
              Add an ASSERT for UTF8Encoding().isValid()
              https://bugs.webkit.org/show_bug.cgi?id=29908
      
              * platform/text/TextEncoding.cpp:
              (WebCore::UTF8Encoding):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48913 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      9c89fdba
    • hyatt@apple.com's avatar
      https://bugs.webkit.org/show_bug.cgi?id=29892 · 5d1c0e78
      hyatt@apple.com authored
      Add support for whitelist patterns to control conditional injection of user scripts and
      user stylesheets.
      
      Reviewed by Jon Honeycutt.
      
      No new tests. Not testable until WebKit portion is added in followup patch.
      
      * GNUmakefile.am:
      * WebCore.gypi:
      * WebCore.pro:
      * WebCore.vcproj/WebCore.vcproj:
      * WebCore.xcodeproj/project.pbxproj:
      * dom/Document.cpp:
      (WebCore::Document::pageGroupUserSheets):
      * page/Frame.cpp:
      (WebCore::Frame::injectUserScriptsForWorld):
      * page/UserContentURLPattern.cpp: Added.
      (WebCore::UserContentURLPattern::matchesPatterns):
      (WebCore::UserContentURLPattern::parse):
      (WebCore::UserContentURLPattern::matches):
      (WebCore::UserContentURLPattern::matchesHost):
      (WebCore::MatchTester::MatchTester):
      (WebCore::MatchTester::testStringFinished):
      (WebCore::MatchTester::patternStringFinished):
      (WebCore::MatchTester::eatWildcard):
      (WebCore::MatchTester::eatSameChars):
      (WebCore::MatchTester::test):
      (WebCore::UserContentURLPattern::matchesPath):
      * page/UserContentURLPattern.h: Added.
      (WebCore::UserContentURLPattern::UserContentURLPattern):
      (WebCore::UserContentURLPattern::scheme):
      (WebCore::UserContentURLPattern::host):
      (WebCore::UserContentURLPattern::path):
      (WebCore::UserContentURLPattern::matchSubdomains):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48912 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      5d1c0e78
    • eric@webkit.org's avatar
      2009-09-29 Enrica Casucci <enrica@apple.com> · 5fbc25ce
      eric@webkit.org authored
              Reviewed by Adele Peterson.
      
              Test case for <rdar://problem/7085453>.
      
              * editing/selection/blockquote-crash-expected.txt: Added.
              * editing/selection/blockquote-crash.html: Added.
      2009-09-29  Enrica Casucci  <enrica@apple.com>
      
              Reviewed by Adele Peterson.
      
              Reproducible crash pressing return inside quoted content
              at WebCore::BreakBlockquoteCommand::doApply.
              <rdar://problem/7085453>
              In some case, like the one provided in the test case, m_downStreamEnd
              refers to a node that gets deleted when executing the DeleteSelectionCommand.
              We shouldn't use m_downStreamEnd to recalculate the new m_endPosition when
              pruning is needed, because it may be point to a node that has been deleted, but
              rather rely on removeNode in CompositeEditCommand to update m_endPosition correctly.
      
              Test: editing/selection/blockquote-crash.html
      
              * editing/BreakBlockquoteCommand.cpp:
              (WebCore::BreakBlockquoteCommand::doApply): Added check for invalid position
              to avoid dereferencing a null node pointer.
              * editing/DeleteSelectionCommand.cpp:
              (WebCore::DeleteSelectionCommand::mergeParagraphs): Don't reset m_endPosition
              using the value in m_downStreamEnd when it is necessary to prune the start block.
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48910 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      5fbc25ce
    • ap@apple.com's avatar
      Reviewed by Brady Eidson. · 57df29c7
      ap@apple.com authored
              Basic authentication credentials are not sent automatically to top resources
              https://bugs.webkit.org/show_bug.cgi?id=29901
      
              No new tests - I don't want to pollute root directory of http tests to check for this rather
              minor issue.
      
              * platform/network/CredentialStorage.cpp:
              (WebCore::CredentialStorage::set): Changed to always preserve leading slash.
              (WebCore::CredentialStorage::getDefaultAuthenticationCredential): Made breaking out of the
              loop more explicit.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48909 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      57df29c7
    • pfeldman@chromium.org's avatar
      2009-09-29 Pavel Feldman <pfeldman@chromium.org> · e7245dec
      pfeldman@chromium.org authored
              Reviewed by Oliver Hunt.
      
              Web Inspector REGRESSION(r47820-r47822): Profiles aren't
              added to the inspector unless the inspector is already open
              when the profile completes.
      
              https://bugs.webkit.org/show_bug.cgi?id=29897
      
              * inspector/front-end/ProfilesPanel.js:
              (WebInspector.ProfilesPanel.prototype._populateProfiles):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48907 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      e7245dec
    • kenneth@webkit.org's avatar
      Rubberstamped by David Hyatt. · c7161bce
      kenneth@webkit.org authored
      Patch by Kenneth Rohde Christiansen <kenneth@webkit.org> on 2009-09-29
      Fix to logic of earlier commit 48902.
      
      When merging two if's before committing, I forgot to invert the
      bool check.
      
      * platform/network/qt/QNetworkReplyHandler.cpp:
      (WebCore::ignoreHttpError):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48906 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      c7161bce
    • senorblanco@chromium.org's avatar
      Unreviewed, build fix. · 6ad942ac
      senorblanco@chromium.org authored
      Fixing Chromium build, following r48884.
      
      [https://bugs.webkit.org/show_bug.cgi?id=29894]
      
      * bindings/v8/V8AbstractEventListener.cpp:
      (WebCore::V8AbstractEventListener::handleEvent):
      * bindings/v8/V8AbstractEventListener.h:
      * bindings/v8/V8WorkerContextEventListener.cpp:
      (WebCore::V8WorkerContextEventListener::handleEvent):
      * bindings/v8/V8WorkerContextEventListener.h:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48904 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      6ad942ac
    • eric@webkit.org's avatar
      2009-09-29 Kent Tamura <tkent@chromium.org> · d71be72a
      eric@webkit.org authored
              Reviewed by Darin Adler.
      
              Update for .maxLength behavior change.
              https://bugs.webkit.org/show_bug.cgi?id=29796
      
              * fast/forms/input-maxlength-expected.txt:
              * fast/forms/input-maxlength.html:
              * fast/forms/script-tests/textarea-maxlength.js:
              * fast/forms/textarea-maxlength-expected.txt:
      2009-09-29  Kent Tamura  <tkent@chromium.org>
      
              Reviewed by Darin Adler.
      
              Follows HTML5's maxLength change in September 2009.
              - Change HTMLTextAreaElement.maxLength type to signed.
              - HTMLTextAreaElement.maxLength returns -1 if maxlength= attribute is missing.
              - HTMLTextAreaElement.maxLength and HTMLInputElement.maxLength
                throw INDEX_SIZE_ERR for setting negative values.
              https://bugs.webkit.org/show_bug.cgi?id=29796
      
              * html/HTMLInputElement.cpp:
              (WebCore::HTMLInputElement::setMaxLength):
              * html/HTMLInputElement.h:
              * html/HTMLInputElement.idl:
              * html/HTMLTextAreaElement.cpp:
              (WebCore::HTMLTextAreaElement::handleBeforeTextInsertedEvent):
              (WebCore::HTMLTextAreaElement::maxLength):
              (WebCore::HTMLTextAreaElement::setMaxLength):
              * html/HTMLTextAreaElement.h:
              * html/HTMLTextAreaElement.idl:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48903 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      d71be72a
    • kenneth@webkit.org's avatar
      Don't rely on QNetworkReply::NetworkError codes, but · ffa55b2e
      kenneth@webkit.org authored
      on HTTP error codes instead.
      
      Patch by Kenneth Rohde Christiansen <kenneth@webkit.org> on 2009-09-29
      Reviewed by Simon Hausmann.
      
      * platform/network/qt/QNetworkReplyHandler.cpp:
      (WebCore::ignoreHttpError):
      (WebCore::QNetworkReplyHandler::finish):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48902 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      ffa55b2e
    • kenneth@webkit.org's avatar
      Use const references when using Qt's foreach. · 64ef3e7f
      kenneth@webkit.org authored
      Patch by Kenneth Rohde Christiansen <kenneth@webkit.org> on 2009-09-29
      Reviewed by Simon Hausmann.
      
      * platform/network/qt/QNetworkReplyHandler.cpp:
      (WebCore::QNetworkReplyHandler::sendResponseIfNeeded):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48901 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      64ef3e7f
    • kenneth@webkit.org's avatar
      Fix handling of QNetworkReply errors. · 6762a927
      kenneth@webkit.org authored
      Patch by Kenneth Rohde Christiansen <kenneth@webkit.org> on 2009-09-29
      Reviewed by Simon Hausmann.
      
      In the QNetworkReplyHandler::finish() a response was sent even when
      the reply contained an error. This resulted in a sendResponseIfNeeded()
      calling didReceiveResponse on the client, leading to the destruction
      of the m_resourceHandle, discontinuing further processing in finish(),
      and thus not calling didFail on the client.
      
      Instead it continued as everything went fine, and
      FrameLoaderClientQt::dispatchDecidePolicyForMIMEType() changed the
      policy to PolicyDownload due to not being able to show the non existing
      MIMEType. As the download also obviously fails, it ended up with a
      policy change error.
      
      * platform/network/qt/QNetworkReplyHandler.cpp:
      (WebCore::QNetworkReplyHandler::finish):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48900 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      6762a927
    • dglazkov@chromium.org's avatar
      2009-09-29 Dimitri Glazkov <dglazkov@chromium.org> · 39016be0
      dglazkov@chromium.org authored
              No review, rolling out r48894, because review discussion was not complete.
              http://trac.webkit.org/changeset/48894
      
              * platform/sql/SQLiteTransaction.cpp:
              (WebCore::SQLiteTransaction::begin):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48897 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      39016be0
    • krit@webkit.org's avatar
      2009-09-29 Dirk Schulze <krit@webkit.org> · 42b5c8a6
      krit@webkit.org authored
              Reviewed by Nikolas Zimmermann.
      
              SVG Filter feComposite implementation is missing
              [https://bugs.webkit.org/show_bug.cgi?id=28362]
      
              feComposite implementation for SVG.
      
              Test: svg/filters/feComposite.svg
      
              * platform/graphics/filters/FEComposite.cpp:
              (WebCore::arithmetic):
              (WebCore::FEComposite::apply):
      
              Tests the feComposite implementation for SVG.
      
              * platform/mac/svg/filters/feComposite-expected.checksum: Added.
              * platform/mac/svg/filters/feComposite-expected.png: Added.
              * platform/mac/svg/filters/feComposite-expected.txt: Added.
              * svg/filters/feComposite.svg: Added.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48896 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      42b5c8a6