Changeset 21862 in webkit


Ignore:
Timestamp:
May 29, 2007 1:33:04 PM (17 years ago)
Author:
weinig
Message:

LayoutTests:

Reviewed by Maciej.

  • fast/frames/removal-before-attach-crash-expected.txt: Added.
  • fast/frames/removal-before-attach-crash.html: Added.

WebCore:

Reviewed by Maciej.

Test: fast/frames/removal-before-attach-crash.html

Delayed the queueing of the post-attach callback until attach().

  • html/HTMLFrameElementBase.cpp: (WebCore::HTMLFrameElementBase::HTMLFrameElementBase): (WebCore::HTMLFrameElementBase::parseMappedAttribute): Replaced call to the HTMLElement implementation with a call to the HTMLFrameOwnerElement implementation, as the latter is the parent class. (WebCore::HTMLFrameElementBase::insertedIntoDocument): Instead of queueing the post-attach callback here, just set a flag telling us to do so at the beginning of attach(). (WebCore::HTMLFrameElementBase::removedFromDocument): Reset the above flag. (WebCore::HTMLFrameElementBase::attach): If this is the first attach() after being inserted into the document, queue a post-attach callback to load the frame. (WebCore::HTMLFrameElementBase::willRemove): Changed to call up to the correct parent class. (WebCore::HTMLFrameElementBase::setFocus): Ditto.
  • html/HTMLFrameElementBase.h:
  • html/HTMLPlugInElement.cpp: (WebCore::HTMLPlugInElement::mapToEntry): Replaced call to the HTMLElement implementation with a call to the HTMLFrameOwnerElement implementation, as the latter is the parent class. (WebCore::HTMLPlugInElement::parseMappedAttribute): Ditto. (WebCore::HTMLPlugInElement::checkDTD): Ditto. (WebCore::HTMLPlugInElement::detach): Ditto.
Location:
trunk
Files:
2 added
5 edited

Legend:

Unmodified
Added
Removed
  • trunk/LayoutTests/ChangeLog

    r21861 r21862  
     12007-05-29  Mitz Pettel  <mitz@webkit.org>
     2
     3        Reviewed by Maciej.
     4
     5        - test for http://bugs.webkit.org/show_bug.cgi?id=13792
     6          REGRESSION: WebKit doesn't show this javascript screenshot page (and crashes after click on its "hidden link")
     7
     8        * fast/frames/removal-before-attach-crash-expected.txt: Added.
     9        * fast/frames/removal-before-attach-crash.html: Added.
     10
    1112007-05-29  Darin Adler  <darin@apple.com>
    212
  • trunk/WebCore/ChangeLog

    r21861 r21862  
     12007-05-29  Mitz Pettel  <mitz@webkit.org>
     2
     3        Reviewed by Maciej.
     4
     5        - fix crash in http://bugs.webkit.org/show_bug.cgi?id=13792
     6          REGRESSION: WebKit doesn't show this javascript screenshot page (and crashes after click on its "hidden link")
     7
     8        Test: fast/frames/removal-before-attach-crash.html
     9
     10        Delayed the queueing of the post-attach callback until attach().
     11
     12        * html/HTMLFrameElementBase.cpp:
     13        (WebCore::HTMLFrameElementBase::HTMLFrameElementBase):
     14        (WebCore::HTMLFrameElementBase::parseMappedAttribute): Replaced call to the
     15        HTMLElement implementation with a call to the HTMLFrameOwnerElement
     16        implementation, as the latter is the parent class.
     17        (WebCore::HTMLFrameElementBase::insertedIntoDocument): Instead of queueing
     18        the post-attach callback here, just set a flag telling us to do so
     19        at the beginning of attach().
     20        (WebCore::HTMLFrameElementBase::removedFromDocument): Reset the above flag.
     21        (WebCore::HTMLFrameElementBase::attach): If this is the first attach() after
     22        being inserted into the document, queue a post-attach callback to load the
     23        frame.
     24        (WebCore::HTMLFrameElementBase::willRemove): Changed to call up to the correct
     25        parent class.
     26        (WebCore::HTMLFrameElementBase::setFocus): Ditto.
     27        * html/HTMLFrameElementBase.h:
     28        * html/HTMLPlugInElement.cpp:
     29        (WebCore::HTMLPlugInElement::mapToEntry): Replaced call to the HTMLElement
     30        implementation with a call to the HTMLFrameOwnerElement implementation,
     31        as the latter is the parent class.
     32        (WebCore::HTMLPlugInElement::parseMappedAttribute): Ditto.
     33        (WebCore::HTMLPlugInElement::checkDTD): Ditto.
     34        (WebCore::HTMLPlugInElement::detach): Ditto.
     35
    1362007-05-29  Darin Adler  <darin@apple.com>
    237
  • trunk/WebCore/html/HTMLFrameElementBase.cpp

    r21749 r21862  
    5353    , m_noResize(false)
    5454    , m_viewSource(false)
     55    , m_shouldOpenURLAfterAttach(false)
    5556{
    5657}
     
    115116    else if (attr->name() == idAttr) {
    116117        // Important to call through to base for the id attribute so the hasID bit gets set.
    117         HTMLElement::parseMappedAttribute(attr);
     118        HTMLFrameOwnerElement::parseMappedAttribute(attr);
    118119        m_name = attr->value();
    119120    } else if (attr->name() == nameAttr) {
     
    150151        setHTMLEventListener(unloadEvent, attr);
    151152    } else
    152         HTMLElement::parseMappedAttribute(attr);
     153        HTMLFrameOwnerElement::parseMappedAttribute(attr);
    153154}
    154155
     
    160161void HTMLFrameElementBase::insertedIntoDocument()
    161162{
    162     HTMLElement::insertedIntoDocument();
     163    HTMLFrameOwnerElement::insertedIntoDocument();
    163164   
    164165    m_name = getAttribute(nameAttr);
     
    172173    // Othewise, a synchronous load that executed JavaScript would see incorrect
    173174    // (0) values for the frame's renderer-dependent properties, like width.
    174     queuePostAttachCallback(&HTMLFrameElementBase::openURLCallback, this);
     175    m_shouldOpenURLAfterAttach = true;
     176}
     177
     178void HTMLFrameElementBase::removedFromDocument()
     179{
     180    m_shouldOpenURLAfterAttach = false;
     181
     182    HTMLFrameOwnerElement::removedFromDocument();
    175183}
    176184
    177185void HTMLFrameElementBase::attach()
    178186{
    179     HTMLElement::attach();
     187    if (m_shouldOpenURLAfterAttach) {
     188        m_shouldOpenURLAfterAttach = false;
     189        queuePostAttachCallback(&HTMLFrameElementBase::openURLCallback, this);
     190    }
     191
     192    HTMLFrameOwnerElement::attach();
    180193   
    181194    if (RenderPart* renderPart = static_cast<RenderPart*>(renderer()))
     
    191204    }
    192205
    193     HTMLElement::willRemove();
     206    HTMLFrameOwnerElement::willRemove();
    194207}
    195208
     
    218231void HTMLFrameElementBase::setFocus(bool received)
    219232{
    220     HTMLElement::setFocus(received);
     233    HTMLFrameOwnerElement::setFocus(received);
    221234    if (Page* page = document()->page())
    222235        page->focusController()->setFocusedFrame(received ? contentFrame() : 0);
  • trunk/WebCore/html/HTMLFrameElementBase.h

    r21624 r21862  
    3737
    3838    virtual void insertedIntoDocument();
     39    virtual void removedFromDocument();
    3940    virtual void willRemove();
    4041
     
    101102    bool m_noResize;
    102103    bool m_viewSource;
     104
     105    bool m_shouldOpenURLAfterAttach;
    103106};
    104107
  • trunk/WebCore/html/HTMLPlugInElement.cpp

    r21749 r21862  
    125125    }
    126126   
    127     return HTMLElement::mapToEntry(attrName, result);
     127    return HTMLFrameOwnerElement::mapToEntry(attrName, result);
    128128}
    129129
     
    143143        addHTMLAlignment(attr);
    144144    else
    145         HTMLElement::parseMappedAttribute(attr);
     145        HTMLFrameOwnerElement::parseMappedAttribute(attr);
    146146}   
    147147
    148148bool HTMLPlugInElement::checkDTD(const Node* newChild)
    149149{
    150     return newChild->hasTagName(paramTag) || HTMLElement::checkDTD(newChild);
     150    return newChild->hasTagName(paramTag) || HTMLFrameOwnerElement::checkDTD(newChild);
    151151}
    152152
     
    159159    }
    160160   
    161     HTMLElement::detach();
     161    HTMLFrameOwnerElement::detach();
    162162}
    163163
Note: See TracChangeset for help on using the changeset viewer.