Changeset 17640 in webkit


Ignore:
Timestamp:
Nov 6, 2006 11:15:00 PM (17 years ago)
Author:
bdakin
Message:

WebCore:

Reviewed by Hyatt.

Fix for <rdar://problem/4820814> A crash occurs at
WebCore::HitTestResult::spellingToolTip() when mousing down on
iframe at www.macsurfer.com

The bug here is that the source of the iframe is only a comment,
and we were not properly constructing the frame because it was
sort-of empty but not.

  • html/HTMLDocument.cpp: (WebCore::HTMLDocument::childAllowed): newChild is NOT allowed if it is a comment node.
  • html/HTMLParser.cpp: (WebCore::HTMLParser::handleError): if n is a comment node and there is no head, we create a head, insert in the document, and add the comment node as a child. This is what Firefox does too.
  • page/FrameView.cpp: (WebCore::FrameView::handleMousePressEvent): Safe-guard for the fix. It is possible to get a mouse event without a target node, so we null check it. (Of course, in the case of this bug, it should not have been null, but it is a good thing to check for anyway.
  • rendering/HitTestResult.cpp: (WebCore::HitTestResult::spellingToolTip): Null-check m_innerNonSharedNode.

Layout Tests:

Reviewed by Hyatt.

Test for <rdar://problem/4820814> A crash occurs at
WebCore::HitTestResult::spellingToolTip() when mousing down on
iframe at www.macsurfer.com

  • fast/frames/onlyCommentInIFrame-expected.checksum: Added.
  • fast/frames/onlyCommentInIFrame-expected.png: Added.
  • fast/frames/onlyCommentInIFrame-expected.txt: Added.
  • fast/frames/onlyCommentInIFrame.html: Added.
  • fast/frames/resources/comment.html: Added.
  • fast/frames/resources/commentX.xhtml: Added.
Location:
trunk
Files:
6 added
6 edited

Legend:

Unmodified
Added
Removed
  • trunk/LayoutTests/ChangeLog

    r17639 r17640  
     12006-11-06  Beth Dakin  <bdakin@apple.com>
     2
     3        Reviewed by Hyatt.
     4
     5        Test for <rdar://problem/4820814> A crash occurs at
     6        WebCore::HitTestResult::spellingToolTip() when mousing down on
     7        iframe at www.macsurfer.com
     8
     9        * fast/frames/onlyCommentInIFrame-expected.checksum: Added.
     10        * fast/frames/onlyCommentInIFrame-expected.png: Added.
     11        * fast/frames/onlyCommentInIFrame-expected.txt: Added.
     12        * fast/frames/onlyCommentInIFrame.html: Added.
     13        * fast/frames/resources/comment.html: Added.
     14        * fast/frames/resources/commentX.xhtml: Added.
     15
    1162006-11-06  Geoffrey Garen  <ggaren@apple.com>
    217
  • trunk/WebCore/ChangeLog

    r17638 r17640  
     12006-11-06  Beth Dakin  <bdakin@apple.com>
     2
     3        Reviewed by Hyatt.
     4
     5        Fix for <rdar://problem/4820814> A crash occurs at
     6        WebCore::HitTestResult::spellingToolTip() when mousing down on
     7        iframe at www.macsurfer.com
     8
     9        The bug here is that the source of the iframe is only a comment,
     10        and we were not properly constructing the frame because it was
     11        sort-of empty but not.
     12
     13        * html/HTMLDocument.cpp:
     14        (WebCore::HTMLDocument::childAllowed): newChild is NOT allowed if
     15        it is a comment node.
     16        * html/HTMLParser.cpp:
     17        (WebCore::HTMLParser::handleError): if n is a comment node and
     18        there is no head, we create a head, insert in the document, and add
     19        the comment node as a child. This is what Firefox does too.
     20        * page/FrameView.cpp:
     21        (WebCore::FrameView::handleMousePressEvent): Safe-guard for the
     22        fix. It is possible to get a mouse event without a target node, so
     23        we null check it. (Of course, in the case of this bug, it should
     24        not have been null, but it is a good thing to check for anyway.
     25        * rendering/HitTestResult.cpp:
     26        (WebCore::HitTestResult::spellingToolTip): Null-check
     27        m_innerNonSharedNode.
     28
    1292006-11-06  Justin Garcia  <justin.garcia@apple.com>
    230
  • trunk/WebCore/html/HTMLDocument.cpp

    r17604 r17640  
    127127bool HTMLDocument::childAllowed( Node *newChild )
    128128{
    129     return newChild->hasTagName(htmlTag) || newChild->isCommentNode();
     129    return newChild->hasTagName(htmlTag);
    130130}
    131131
  • trunk/WebCore/html/HTMLParser.cpp

    r17431 r17640  
    306306        if (current->hasTagName(selectTag))
    307307            return false;
     308    } else if (n->isCommentNode() && !head) {
     309        head = new HTMLHeadElement(document);
     310        e = head;
     311        insertNode(e);
     312        if (head) {
     313            head->addChild(n);
     314            if (!n->attached() && !m_fragment)
     315                n->attach();
     316        }
     317        return true;
    308318    } else if (n->isHTMLElement()) {
    309319        HTMLElement* h = static_cast<HTMLElement*>(n);
  • trunk/WebCore/page/FrameView.cpp

    r17604 r17640  
    595595   
    596596    MouseEventWithHitTestResults mev = prepareMouseEvent(false, true, false, mouseEvent);
     597
     598    if (!mev.targetNode()) {
     599        invalidateClick();
     600        return;
     601    }
    597602
    598603    Frame* subframe = subframeForTargetNode(mev.targetNode());
  • trunk/WebCore/rendering/HitTestResult.cpp

    r17629 r17640  
    130130    // Return the tool tip string associated with this point, if any. Only markers associated with bad grammar
    131131    // currently supply strings, but maybe someday markers associated with misspelled words will also.
     132    if (!m_innerNonSharedNode)
     133        return String();
     134   
    132135    DocumentMarker* marker = m_innerNonSharedNode->document()->markerContainingPoint(m_point, DocumentMarker::Grammar);
    133     if (marker)
    134         return marker->description;
    135    
    136     return String();
     136    if (!marker)
     137        return String();
     138   
     139    return marker->description;
    137140}
    138141
Note: See TracChangeset for help on using the changeset viewer.