Skip to content

GitLab

Switch branch/tag
  1. 01 Oct, 2009 13 commits
  3. 30 Sep, 2009 27 commits
    • dbates@webkit.org's avatar
      2009-09-30 Daniel Bates <dbates@webkit.org> · c1377e2a
      dbates@webkit.org authored 
              Reviewed by Adam Barth.

        https://bugs.webkit.org/show_bug.cgi?id=29944
        
        Reduces false positives in the XSSAuditor by explicitly allowing requests
        that do not contain illegal URI characters.
        
        As a side effect of this change, the tests property-inject.html, 
        property-escape-noquotes.html, and property-escape-noquotes-tab-slash-chars.html 
        fail because these attacks do not contain any illegal URI characters and 
        thus are now allowed by the XSSAuditor, where previously they weren't. A future
        change may reinstate this functionality.

        Tests: http/tests/security/xssAuditor/script-tag-safe2.html
               http/tests/security/xssAuditor/script-tag-safe3.html

        * page/XSSAuditor.cpp:
        (WebCore::isIllegalURICharacter): Added method.
        (WebCore::XSSAuditor::canEvaluate):
        (WebCore::XSSAuditor::canCreateInlineEventListener):
        (WebCore::XSSAuditor::findInRequest): Added parameter 
        allowRequestIfNoIllegalURICharacters.
        * page/XSSAuditor.h:
2009-09-30  Daniel Bates  <dbates@webkit.org>

        Reviewed by Adam Barth.

        https://bugs.webkit.org/show_bug.cgi?id=29944
        
        Tests that the XSSAuditor allows requests that do not contain illegal URI 
        characters.
        
        Added a notice regarding the failure of tests property-inject.html, 
        property-escape-noquotes.html and property-escape-noquotes-tab-slash-chars.html, 
        and rebased the expected results of these tests.

        * http/tests/security/xssAuditor/property-escape-noquotes-expected.txt:
        * http/tests/security/xssAuditor/property-escape-noquotes-tab-slash-chars-expected.txt:
        * http/tests/security/xssAuditor/property-escape-noquotes-tab-slash-chars.html:
        * http/tests/security/xssAuditor/property-escape-noquotes.html:
        * http/tests/security/xssAuditor/property-inject-expected.txt:
        * http/tests/security/xssAuditor/property-inject.html:
        * http/tests/security/xssAuditor/resources/safe-script-noquotes.js: Added.
        * http/tests/security/xssAuditor/resources/script-tag-safe2.html: Added.
        * http/tests/security/xssAuditor/resources/script-tag-safe3.html: Added.
        * http/tests/security/xssAuditor/script-tag-safe2-expected.txt: Added.
        * http/tests/security/xssAuditor/script-tag-safe2.html: Added.
        * http/tests/security/xssAuditor/script-tag-safe3-expected.txt: Added.
        * http/tests/security/xssAuditor/script-tag-safe3.html: Added.


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48961 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      c1377e2a
    • oliver@apple.com's avatar
      reproducible freeze and crash on closing form popup at bosch-home.nl · 85d08906
      oliver@apple.com authored 
      https://bugs.webkit.org/show_bug.cgi?id=28948

Reviewed by Maciej Stachowiak.

showModalDialog calls getDirect on what is actually a window shell,
so ends up not getting a value (since no value can ever be placed
directly on the shell), which leads to incorrect behaviour.

We use a manual test rather than automatic as it was not
possible to get a modal run loop to work inside DRT.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48960 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      85d08906
    • eric@webkit.org's avatar
      2009-09-30 Kent Tamura <tkent@chromium.org> · 03159e8a
      eric@webkit.org authored 
              Reviewed by Darin Adler.

        Add ValidityState.tooLong support for <input> and <textarea>.
        https://bugs.webkit.org/show_bug.cgi?id=27454

        * fast/forms/ValidityState-tooLong-input-expected.txt: Added.
        * fast/forms/ValidityState-tooLong-input.html: Added.
        * fast/forms/ValidityState-tooLong-textarea-expected.txt: Added.
        * fast/forms/ValidityState-tooLong-textarea.html: Added.
        * fast/forms/script-tests/ValidityState-tooLong-input.js: Added.
        * fast/forms/script-tests/ValidityState-tooLong-textarea.js: Added.
2009-09-30  Kent Tamura  <tkent@chromium.org>

        Reviewed by Darin Adler.

        Adds ValidityState.tooLong support for <input> and <textarea>.

        Introduces tooLong() in HTMLFormControlElement and it always returns false.
        HTMLInputElement and HTMLTextAreaElement overrides it and checks the text
        length and maxLength.  tooLong() should work only for `dirty' values.
        So, introduces m_isDirty flag for HTMLTextAreaElement, and
        !m_data.value().isNull() works as a dirty flag for HTMLInputElement.

        Renames parameter names of setMaxLength().

        https://bugs.webkit.org/show_bug.cgi?id=27454

        Tests: fast/forms/ValidityState-tooLong-input.html
               fast/forms/ValidityState-tooLong-textarea.html

        * html/HTMLFormControlElement.h:
        (WebCore::HTMLFormControlElement::tooLong):
        * html/HTMLInputElement.cpp:
        (WebCore::HTMLInputElement::tooLong):
        (WebCore::HTMLInputElement::setMaxLength):
        * html/HTMLInputElement.h:
        * html/HTMLTextAreaElement.cpp:
        (WebCore::HTMLTextAreaElement::HTMLTextAreaElement):
        (WebCore::HTMLTextAreaElement::reset):
        (WebCore::HTMLTextAreaElement::updateValue):
        (WebCore::HTMLTextAreaElement::setMaxLength):
        (WebCore::HTMLTextAreaElement::tooLong):
        * html/HTMLTextAreaElement.h:
        * html/ValidityState.h:
        (WebCore::ValidityState::tooLong):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48959 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      03159e8a
    • abarth@webkit.org's avatar
      2009-09-30 Adam Barth <abarth@webkit.org> · 43d36a30
      abarth@webkit.org authored 
              Reviewed by Maciej Stachowiak.

        Factor RedirectScheduler out of FrameLoader
        https://bugs.webkit.org/show_bug.cgi?id=29948

        This change introduces a new sub-object of Frame, redirectScheduler.
        The redirectScheduler is responsible for scheduling redirects.

        This change leaves the code for the redirectScheduler in
        FrameLoader.cpp.  A future change will move the class into its own
        file.

        No behavior change (hopefully!).

        * loader/FrameLoader.cpp:
        (WebCore::RedirectScheduler::RedirectScheduler):
        (WebCore::RedirectScheduler::~RedirectScheduler):
        (WebCore::RedirectScheduler::redirectScheduledDuringLoad):
        (WebCore::RedirectScheduler::clear):
        (WebCore::FrameLoader::FrameLoader):
        (WebCore::FrameLoader::setDefersLoading):
        (WebCore::FrameLoader::stopLoading):
        (WebCore::FrameLoader::didOpenURL):
        (WebCore::FrameLoader::didExplicitOpen):
        (WebCore::FrameLoader::cancelAndClear):
        (WebCore::FrameLoader::clear):
        (WebCore::FrameLoader::checkCompleted):
        (WebCore::FrameLoader::isScheduledLocationChangePending):
        (WebCore::FrameLoader::scheduleHTTPRedirection):
        (WebCore::RedirectScheduler::scheduleRedirect):
        (WebCore::RedirectScheduler::mustLockBackForwardList):
        (WebCore::FrameLoader::scheduleLocationChange):
        (WebCore::RedirectScheduler::scheduleLocationChange):
        (WebCore::FrameLoader::scheduleFormSubmission):
        (WebCore::RedirectScheduler::scheduleFormSubmission):
        (WebCore::FrameLoader::scheduleRefresh):
        (WebCore::RedirectScheduler::scheduleRefresh):
        (WebCore::RedirectScheduler::locationChangePending):
        (WebCore::FrameLoader::scheduleHistoryNavigation):
        (WebCore::RedirectScheduler::scheduleHistoryNavigation):
        (WebCore::RedirectScheduler::timerFired):
        (WebCore::FrameLoader::provisionalLoadStarted):
        (WebCore::RedirectScheduler::schedule):
        (WebCore::RedirectScheduler::startTimer):
        (WebCore::RedirectScheduler::cancel):
        (WebCore::FrameLoader::completed):
        (WebCore::FrameLoader::open):
        * loader/FrameLoader.h:
        (WebCore::FrameLoader::committedFirstRealDocumentLoad):
        * page/Frame.cpp:
        (WebCore::Frame::Frame):
        (WebCore::Frame::redirectScheduler):
        * page/Frame.h:


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48958 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      43d36a30
    • mjs@apple.com's avatar
      Build fix, not reviewed. · e9f60fe3
      mjs@apple.com authored 
      More Windows build fixes for https://bugs.webkit.org/show_bug.cgi?id=29943

* platform/network/cf/ResourceHandleCFNet.cpp:
(WebCore::willSendRequest):



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48957 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      e9f60fe3
    • mjs@apple.com's avatar
      Build fix, not reviewed. · 544c8eb8
      mjs@apple.com authored 
      Fix windows build for fix for https://bugs.webkit.org/show_bug.cgi?id=29943

* platform/network/cf/ResourceHandleCFNet.cpp:
(WebCore::willSendRequest):



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48956 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      544c8eb8
    • dglazkov@chromium.org's avatar
      2009-09-30 Dimitri Glazkov <dglazkov@chromium.org> · 99b1ba2a
      dglazkov@chromium.org authored 
              Reviewed by Darin Fisher.

        [V8] HTMLAudioElement, HTMLImageElement, and HTMLOptionElement are constructable, but they shouldn't be.
        Only Audio, Image, and Option should be constructable.
        https://bugs.webkit.org/show_bug.cgi?id=29940

        Test: fast/dom/dom-constructor.html

        * WebCore.gypi: Added new files to project.
        * bindings/scripts/CodeGeneratorV8.pm: Modified to generate custom constructors.
        * bindings/v8/V8DOMWrapper.cpp:
        (WebCore::V8DOMWrapper::getTemplate): Removed handling of HTMLImageElement, HTMLOptionElement
          and HTMLAudioElement construction.
        * bindings/v8/V8HTMLAudioElementConstructor.h: Added.
        * bindings/v8/V8HTMLImageElementConstructor.h: Added.
        * bindings/v8/V8HTMLOptionElementConstructor.h: Added.
        * bindings/v8/V8Index.cpp: Added new headers.
        * bindings/v8/V8Index.h: Added Audio, Image and Option decls.
        * bindings/v8/custom/V8CustomBinding.h: Ditto.
        * bindings/v8/custom/V8DOMWindowCustom.cpp:
        (WebCore::ACCESSOR_GETTER): Added custom constructors.
        * bindings/v8/custom/V8HTMLAudioElementConstructor.cpp:
        (WebCore::V8HTMLImageElementConstructor::GetTemplate): Added custom template creator.
        * bindings/v8/custom/V8HTMLOptionElementConstructor.cpp:
        (WebCore::V8HTMLOptionElementConstructor::GetTemplate): Ditto.
        * bindings/v8/custom/V8HTMLImageElementConstructor.cpp:
        (WebCore::V8HTMLImageElementConstructor::GetTemplate): Ditto.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48955 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      99b1ba2a
    • eric@webkit.org's avatar
      2009-09-30 Gabor Loki <loki@inf.u-szeged.hu> · bbac8ee9
      eric@webkit.org authored 
              Reviewed by George Staikos.

        Defines two pseudo-platforms for ARM and Thumb-2 instruction set.
        https://bugs.webkit.org/show_bug.cgi?id=29122

        Introduces WTF_PLATFORM_ARM_TRADITIONAL and WTF_PLATFORM_ARM_THUMB2
        macros on ARM platforms. The PLATFORM(ARM_THUMB2) should be used
        when Thumb-2 instruction set is the required target. The
        PLATFORM(ARM_TRADITIONAL) is for generic ARM instruction set. In
        case where the code is common the PLATFORM(ARM) have to be used.

        Modified by George Wright  <gwright@rim.com> to correctly work
        with the RVCT-defined __TARGET_ARCH_ARM and __TARGET_ARCH_THUMB
        compiler macros, as well as adding readability changes.

        * wtf/Platform.h:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48954 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      bbac8ee9
    • mjs@apple.com's avatar
      2009-09-30 Maciej Stachowiak <mjs@apple.com> · 67d34954
      mjs@apple.com authored 
              Reviewed by Brady Eidson.

        307 redirects should pass along http body and Content-Type header
        https://bugs.webkit.org/show_bug.cgi?id=29943

        Follow-up fix for:
        <rdar://problem/3802660> SAP: 307 (Temporary Redirect) responses should use POST, not GET
        
        Test: http/tests/loading/resources/redirect-methods-result.php

        * platform/network/cf/ResourceHandleCFNet.cpp:
        (WebCore::willSendRequest): Pass along http body and Content-Type header.
        * platform/network/mac/ResourceHandleMac.mm:
        (-[WebCoreResourceHandleAsDelegate connection:willSendRequest:redirectResponse:]): ditto
2009-09-30  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Brady Eidson.

        307 redirects should pass along http body and Content-Type header
        https://bugs.webkit.org/show_bug.cgi?id=29943

        Follow-up fix for:
        <rdar://problem/3802660> SAP: 307 (Temporary Redirect) responses should use POST, not GET

        * http/tests/loading/redirect-methods.html: Updated test to show the http body and content-type header.
        * http/tests/loading/redirect-methods-expected.txt:
        * http/tests/loading/resources/redirect-methods-result.php: 


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48953 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      67d34954
    • ggaren@apple.com's avatar
      Fixed https://bugs.webkit.org/show_bug.cgi?id=29941 · 1f68bf4a
      ggaren@apple.com authored 
      REGRESSION (r48882-r48888): Many memory leaks on SnowLeopard leaks bot

Patch by Geoffrey Garen <ggaren@apple.com> on 2009-09-30
Reviewed by Mark Rowe.

Forgot to implement a destructor for JSDOMWindowBaseData, so it was
leaking its RefPtr data member.

* bindings/js/JSDOMWindowBase.cpp:
(WebCore::JSDOMWindowBase::destroyJSDOMWindowBaseData):
* bindings/js/JSDOMWindowBase.h:
(WebCore::JSDOMWindowBase::JSDOMWindowBaseData::JSDOMWindowBaseData::JSDOMWindowBaseData):



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48952 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      1f68bf4a
    • hyatt@apple.com's avatar
      Make sure the removal of user stylesheets results in all of the WebViews being updated to · 44194bce
      hyatt@apple.com authored 
      reflect the changes.

Reviewed by Tim Hatcher.

* page/PageGroup.cpp:
(WebCore::PageGroup::removeUserContentWithURLForWorld):
(WebCore::PageGroup::removeUserContentForWorld):



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48951 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      44194bce
    • jorlow@chromium.org's avatar
      2009-09-30 Jeremy Orlow <jorlow@chromium.org> · a24eed18
      jorlow@chromium.org authored 
              Reviewed by Dimitri Glazkov.

        Use a script-tests directory rather than a resources directory for DOM Storage
        https://bugs.webkit.org/show_bug.cgi?id=29938

        Use a script-tests directory rather than a resources directory for DOM Storage.
        This matches up with what's been done elsewhere in the tree.

        * storage/domstorage/localstorage/clear.html:
        * storage/domstorage/resources: Removed.
        * storage/domstorage/resources/clear.js: Removed.
        * storage/domstorage/script-tests: Copied from LayoutTests/storage/domstorage/resources.
        * storage/domstorage/sessionstorage/clear.html:


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48950 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      a24eed18
    • eric@webkit.org's avatar
      2009-09-30 Eric Seidel <eric@webkit.org> · e8d8d4ee
      eric@webkit.org authored 
              No review, just adding Geoff to the list of reviewers.

        * Scripts/modules/committers.py:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48949 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      e8d8d4ee
    • oliver@apple.com's avatar
      Devirtualise array toString conversion · 55445085
      oliver@apple.com authored 
      Reviewed by Geoff Garen.

Tweak the implementation of Array.prototype.toString to have a fast path
when acting on a true JSArray.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48948 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      55445085
    • mitz@apple.com's avatar
      REGRESSION(r47440): drop down menus at americanexpress.com disappear on mouse out · 66bc5f4e
      mitz@apple.com authored 
      https://bugs.webkit.org/show_bug.cgi?id=29209

Reviewed by Sam Weinig.

WebCore: 

Test: fast/inline/relative-positioned-overflow.html

* rendering/InlineFlowBox.cpp:
(WebCore::InlineFlowBox::computeVerticalOverflow): Add self-painting
inlines to overflow to ensure that they are included in hit-testing.

LayoutTests: 

* fast/inline/relative-positioned-overflow-expected.txt: Added.
* fast/inline/relative-positioned-overflow.html: Added.
* platform/mac/fast/repaint/transform-absolute-in-positioned-container-expected.txt:



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48947 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      66bc5f4e
    • weinig@apple.com's avatar
      Fix for <rdar://problem/7259706> · 1f89004f
      weinig@apple.com authored 
      Need WebKit API or SPI on Mac and Windows to test whether it's safe to load a page in a new tab/window

Reviewed by Dan Bernstein.

WebKit/mac: 

* WebView/WebFrame.mm:
(-[WebFrame _allowsFollowingLink:]):
* WebView/WebFramePrivate.h:

WebKit/win: 

* Interfaces/IWebFramePrivate.idl:
* WebFrame.cpp:
(WebFrame::allowsFollowingLink):
* WebFrame.h:



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48946 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      1f89004f
    • simon.fraser@apple.com's avatar
      2009-09-30 Simon Fraser <simon.fraser@apple.com> · b2870561
      simon.fraser@apple.com authored 
              Reviewed by Mark Rowe.

        transforms/3d tests are not run in Release builds
        https://bugs.webkit.org/show_bug.cgi?id=29827

        Make sure we export the WebCoreHas3DRendering symbol in Release builds,
        because this symbols is used by run-webkit-tests (via 'nm') to detect whether
        WebCore was built with ENABLE_3D_RENDERING turned on.

        * DerivedSources.make:
        * WebCore.3DRendering.exp: Added.
        * WebCore.xcodeproj/project.pbxproj:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48945 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      b2870561
    • mitz@apple.com's avatar
      Added the WebKit Layout Tests fonts that are referenced in · 14c717df
      mitz@apple.com authored 
      LayoutTests/platform/win/css2.1/resources/Mac-compatible-font-fallback.css

Reviewed by Sam Weinig.

* DumpRenderTree/fonts/WebKit Layout Tests 2.ttf: Added.
* DumpRenderTree/fonts/WebKit Layout Tests.ttf: Added.



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48944 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      14c717df
    • kenneth@webkit.org's avatar
      Add the failed URL to the ErrorPageExtension, as it is quite · 2a3435f5
      kenneth@webkit.org authored 
      useful for creating error pages.

Patch by Kenneth Rohde Christiansen <kenneth@webkit.org> on 2009-09-30
Reviewed by David Hyatt.

* Api/qwebpage.h:
* WebCoreSupport/FrameLoaderClientQt.cpp:
(WebCore::FrameLoaderClientQt::callErrorPageExtension):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48943 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      2a3435f5
    • jorlow@chromium.org's avatar
      Build fix for QT. Didn't know WebCore.pro existed. · a0d73dec
      jorlow@chromium.org authored 
      Patch by Jeremy Orlow <jorlow@chromium.org> on 2009-09-30
* WebCore.pro:



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48942 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      a0d73dec
    • hyatt@apple.com's avatar
      WebCore: Add a method for removal of user scripts and stylesheets by URL from a specific world. · 326237f6
      hyatt@apple.com authored 
      Reviewed by Adam Roben.

* page/PageGroup.cpp:
(WebCore::PageGroup::removeUserContentURLForWorld):
* page/PageGroup.h:

WebKit/mac: Add the ability to remove user stylesheets and scripts by URL.

Reviewed by Adam Roben.

* WebView/WebView.mm:
(+[WebView _removeUserContentFromGroup:url:worldID:]):
* WebView/WebViewPrivate.h:

WebKit/win: Add the ability to remove user stylesheets and scripts by URL.

Reviewed by Adam Roben.

* Interfaces/IWebViewPrivate.idl:
* WebView.cpp:
(WebView::removeUserContentWithURLFromGroup):
* WebView.h:



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48941 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      326237f6
    • eric@webkit.org's avatar
      2009-09-30 Chris Hawk <hawk@chromium.org> · 3116d5d6
      eric@webkit.org authored 
              Reviewed by Dimitri Glazkov.

        Fix for conditionals in the WebCore gyp file, which contained two separate
        'conditions' values for the webcore target. The first entry was ignored,
        resulting in some missine defines.
        https://bugs.webkit.org/show_bug.cgi?id=29907

        * WebCore.gyp/WebCore.gyp:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48940 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      3116d5d6
    • jorlow@chromium.org's avatar
      2009-09-21 Jeremy Orlow <jorlow@chromium.org> · 914f2dd1
      jorlow@chromium.org authored 
              Reviewed by Adam Barth.

        DOM Storage needs to be more careful about where "ThreadSafe" objects are destroyed.
        https://bugs.webkit.org/show_bug.cgi?id=29265

        DOM Storage needs to be more careful about where "ThreadSafe" objects are
        destroyed.  With the current code, there actually isn't a race condition, but
        it sure would be easy for someone to introduce one.  A bunch of
        ThreadSafeShared objects have RefPtrs to objects that are NOT ThreadSafeShared
        objects.  If it were possible any of these objects' destructors to be fired off
        the main thread, then the you'd have a race condition.  The code should be more
        clear and self-documenting about how things related to each other.

        Since the lifetime of a LocalStorageTask is bounded by the LocalStorageThread
        which is bounded by the StorageSyncManager, StorageAreaImpl, and
        StorageAreaSync, there's no reason for LocalStorageTask to store anything other
        than pointers.  By breaking this dependency, we can eliminate the risk.

        Note that we _could_ have LocalStorageThread's task queue just store
        LocalStorageTask*'s rather than RefPtr<LocalStorageTask>s but then we'd need to
        manually take care of deleting.  It'd probably also be possible to change
        LocalStorageThread around so that it needn't hold onto a reference of itself
        and have a more deterministic shutdown, but my initial attempts to do so
        failed, and I decided it wasn't worth changing.  The queue is killed before
        hand, so the thread is 100% impotent before the main thread continues anyway.

        The constructors and destructors of StorageSyncManager, StorageAreaImpl, and
        StorageAreaSync now have ASSERTs to verify they're running on the main thread. 
        I'm fairly positive that it'd be impossible to hit these asserts and the fact
        that these classes are no longer ThreadSafeShared should make it clear how
        they're meant to be used, but I think it's worth it to be extra sure.  Of
        course, ideally, we'd have such an assert every time a ref is incremented or
        decremented.

        Behavior should be unchanged and this is just an internal code cleanup, so no
        new tests.

        * storage/LocalStorageTask.cpp:
        (WebCore::LocalStorageTask::LocalStorageTask):
        (WebCore::LocalStorageTask::performTask):
        * storage/LocalStorageTask.h:
        (WebCore::LocalStorageTask::createImport):
        (WebCore::LocalStorageTask::createSync):
        (WebCore::LocalStorageTask::createTerminate):
        * storage/LocalStorageThread.cpp:
        (WebCore::LocalStorageThread::scheduleImport):
        (WebCore::LocalStorageThread::scheduleSync):
        * storage/LocalStorageThread.h:
        * storage/StorageArea.h:
        * storage/StorageAreaImpl.cpp:
        (WebCore::StorageAreaImpl::~StorageAreaImpl):
        (WebCore::StorageAreaImpl::StorageAreaImpl):
        * storage/StorageAreaSync.cpp:
        (WebCore::StorageAreaSync::StorageAreaSync):
        (WebCore::StorageAreaSync::~StorageAreaSync):
        * storage/StorageSyncManager.cpp:
        (WebCore::StorageSyncManager::StorageSyncManager):
        (WebCore::StorageSyncManager::~StorageSyncManager):
        (WebCore::StorageSyncManager::scheduleImport):
        (WebCore::StorageSyncManager::scheduleSync):
        * storage/StorageSyncManager.h:


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48939 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      914f2dd1
    • ggaren@apple.com's avatar
      Buildfix for platforms using JSVALUE32. · 834bfad2
      ggaren@apple.com authored 
      https://bugs.webkit.org/show_bug.cgi?id=29915

Patch by Csaba Osztrogonac <oszi@inf.u-szeged.hu> on 2009-09-30
Reviewed by Geoffrey Garen.

After http://trac.webkit.org/changeset/48905 the build broke in JSVALUE32 case.
Also removed unreachable code.

* jit/JITArithmetic.cpp:
(JSC::JIT::emit_op_add):
 - Declaration of "OperandTypes types" moved before first use.
 - Typos fixed: dst modified to result, regT2 added.
 - Unreachable code removed.
(JSC::JIT::emitSlow_op_add):
 - Missing declaration of "OperandTypes types" added.



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48938 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      834bfad2
    • jorlow@chromium.org's avatar
      2009-09-28 Jeremy Orlow <jorlow@chromium.org> · 78f679fb
      jorlow@chromium.org authored 
              Reviewed by Darin Fisher.

        Chromium needs to be able to override the way storage events are delivered
        https://bugs.webkit.org/show_bug.cgi?id=29655

        Chromium needs to be able to override the way storage events are delivered.
        This replaced https://bugs.webkit.org/show_bug.cgi?id=29257 because it'll be
        faster (no vtables and extra allocation) and somewhat cleaner (no dependency
        injection).  This is necessary because Chromium needs to transport events across
        a process barrier and then dispatch them without use of a Frame*.

        Behavior should not change with this, so no updates to tests.

        * GNUmakefile.am:
        * WebCore.gypi:
        * WebCore.vcproj/WebCore.vcproj:
        * WebCore.xcodeproj/project.pbxproj:
        * WebCoreSources.bkl:
        * storage/StorageAreaImpl.cpp:
        (WebCore::StorageAreaImpl::setItem):
        (WebCore::StorageAreaImpl::removeItem):
        (WebCore::StorageAreaImpl::clear):
        * storage/StorageAreaImpl.h:
        * storage/StorageEventDispatcher.cpp: Copied from WebCore/storage/StorageAreaImpl.cpp.
        (WebCore::StorageEventDispatcher::dispatch):
        * storage/StorageEventDispatcher.h: Added.  (Well, technically in the other half of this patch.)


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48937 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      78f679fb
    • mrowe@apple.com's avatar
      Versioning. · 48fc67b6
      mrowe@apple.com authored 
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48936 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      48fc67b6
    • jianli@chromium.org's avatar
      Need to check NULL frame in EventHandler::updateDragAndDrop. · 00364e3d
      jianli@chromium.org authored 
      https://bugs.webkit.org/show_bug.cgi?id=29929

Reviewed by Darin Adler.

WebCore:

Test: http/tests/misc/drag-over-iframe-invalid-source-crash.html

* page/EventHandler.cpp:
(WebCore::EventHandler::updateDragAndDrop):

LayoutTests:

Add a new test for the bug.

* http/tests/misc/drag-over-iframe-invalid-source-crash-expected.txt: Added.
* http/tests/misc/drag-over-iframe-invalid-source-crash.html: Added.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48934 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      00364e3d