Changeset 74995 in webkit


Ignore:
Timestamp:
Jan 4, 2011 12:46:01 PM (13 years ago)
Author:
Antti Koivisto
Message:

WebCore: Scripts should not be executed before preceding stylesheets are loaded
https://bugs.webkit.org/show_bug.cgi?id=8852

Reviewed by Dave Hyatt.

Block inline script execution on pending stylesheet loads. This matches
other browsers and HTML5.

Tests: fast/tokenizer/inline-script-stylesheet-write.html

fast/tokenizer/inline-script-stylesheet.html

  • dom/PendingScript.cpp:

(WebCore::PendingScript::releaseElementAndClear):

  • dom/PendingScript.h:

(WebCore::PendingScript::PendingScript):
(WebCore::PendingScript::operator=):
(WebCore::PendingScript::startingPosition):
(WebCore::PendingScript::setStartingPosition):

  • html/HTMLLinkElement.cpp:

(WebCore::HTMLLinkElement::process):

This fixes an unrelated bug with beforeload events that was exposed by the other
changes (fast/dom/beforeload/remove-link-in-beforeload-listener.html).

  • html/parser/HTMLScriptRunner.cpp:

(WebCore::HTMLScriptRunner::sourceFromPendingScript):
(WebCore::HTMLScriptRunner::runScript):

LayoutTests: Scripts should not be executed before preceding stylesheets are loaded
https://bugs.webkit.org/show_bug.cgi?id=8852

Reviewed by Dave Hyatt.

New tests plus a few test with slightly changed output due to different load serialization behavior.

  • fast/tokenizer/inline-script-stylesheet-expected.txt: Added.
  • fast/tokenizer/inline-script-stylesheet-write-expected.txt: Added.
  • fast/tokenizer/inline-script-stylesheet-write.html: Added.
  • fast/tokenizer/inline-script-stylesheet.html: Added.
  • http/tests/security/mixedContent/insecure-css-in-main-frame-expected.txt:
  • platform/mac/fast/repaint/renderer-destruction-by-invalidateSelection-crash-expected.txt:
Location:
trunk
Files:
4 added
8 edited

Legend:

Unmodified
Added
Removed

  • trunk/LayoutTests/ChangeLog

    r74993 r74995  
     12010-12-31  Antti Koivisto  <antti@apple.com>
     2
     3        Reviewed by Dave Hyatt.
     4
     5        Scripts should not be executed before preceding stylesheets are loaded
     6        https://bugs.webkit.org/show_bug.cgi?id=8852
     7       
     8        New tests plus a few test with slightly changed output due to different load serialization behavior.
     9
     10        * fast/tokenizer/inline-script-stylesheet-expected.txt: Added.
     11        * fast/tokenizer/inline-script-stylesheet-write-expected.txt: Added.
     12        * fast/tokenizer/inline-script-stylesheet-write.html: Added.
     13        * fast/tokenizer/inline-script-stylesheet.html: Added.
     14        * http/tests/security/mixedContent/insecure-css-in-main-frame-expected.txt:
     15        * platform/mac/fast/repaint/renderer-destruction-by-invalidateSelection-crash-expected.txt:
     16
    1172011-01-04  Csaba Osztrogonác  <ossy@webkit.org>
    218

  • trunk/LayoutTests/http/tests/security/mixedContent/insecure-css-in-main-frame-expected.txt

    r48284 r74995  
    66didDisplayInsecureContent
    77main frame - didFinishDocumentLoadForFrame
     8main frame - didHandleOnloadEventsForFrame
     9main frame - didFinishLoadForFrame
    810This test opens a window that loads an insecure style sheet. We should trigger a mixed content callback because the main frame in the window is HTTPS but is displaying insecure content.

  • trunk/LayoutTests/platform/mac/fast/repaint/renderer-destruction-by-invalidateSelection-crash-expected.txt

    r63403 r74995  
    1212        RenderText {#text} at (0,0) size 0x0
    1313      RenderBlock {DIV} at (0,41) size 784x0
    14       RenderBlock (anonymous) at (0,41) size 784x0
    15         RenderText {#text} at (0,0) size 0x0
    16         RenderText {#text} at (0,0) size 0x0
    1714layer at (13,13) size 119x13
    1815  RenderBlock {DIV} at (3,3) size 119x13

  • trunk/WebCore/ChangeLog

    r74994 r74995  
     12010-12-31  Antti Koivisto  <antti@apple.com>
     2
     3        Reviewed by Dave Hyatt.
     4
     5        Scripts should not be executed before preceding stylesheets are loaded
     6        https://bugs.webkit.org/show_bug.cgi?id=8852
     7
     8        Block inline script execution on pending stylesheet loads. This matches
     9        other browsers and HTML5.
     10
     11        Tests: fast/tokenizer/inline-script-stylesheet-write.html
     12               fast/tokenizer/inline-script-stylesheet.html
     13
     14        * dom/PendingScript.cpp:
     15        (WebCore::PendingScript::releaseElementAndClear):
     16        * dom/PendingScript.h:
     17        (WebCore::PendingScript::PendingScript):
     18        (WebCore::PendingScript::operator=):
     19        (WebCore::PendingScript::startingPosition):
     20        (WebCore::PendingScript::setStartingPosition):
     21        * html/HTMLLinkElement.cpp:
     22        (WebCore::HTMLLinkElement::process):
     23       
     24        This fixes an unrelated bug with beforeload events that was exposed by the other
     25        changes (fast/dom/beforeload/remove-link-in-beforeload-listener.html).
     26       
     27        * html/parser/HTMLScriptRunner.cpp:
     28        (WebCore::HTMLScriptRunner::sourceFromPendingScript):
     29        (WebCore::HTMLScriptRunner::runScript):
     30
    1312011-01-04  Xianzhu Wang  <wangxianzhu@google.com>
    232

  • trunk/WebCore/dom/PendingScript.cpp

    r74724 r74995  
    4242    setCachedScript(0);
    4343    m_watchingForLoad = false;
     44    m_startingPosition = TextPosition1::belowRangePosition();
    4445    return m_element.release();
    4546}

  • trunk/WebCore/dom/PendingScript.h

    r74724 r74995  
    4646    PendingScript()
    4747        : m_watchingForLoad(false)
     48        , m_startingPosition(TextPosition1::belowRangePosition())
    4849    {
    4950    }
     
    5354        , m_watchingForLoad(other.m_watchingForLoad)
    5455        , m_element(other.m_element)
     56        , m_startingPosition(other.m_startingPosition)
    5557    {
    5658        setCachedScript(other.cachedScript());
     
    6668        m_watchingForLoad = other.m_watchingForLoad;
    6769        m_element = other.m_element;
     70        m_startingPosition = other.m_startingPosition;
    6871        setCachedScript(other.cachedScript());
    6972
    7073        return *this;
    7174    }
     75
     76    TextPosition1 startingPosition() const { return m_startingPosition; }
     77    void setStartingPosition(const TextPosition1& position) { m_startingPosition = position; }
    7278
    7379    bool watchingForLoad() const { return m_watchingForLoad; }
     
    8692    bool m_watchingForLoad;
    8793    RefPtr<Element> m_element;
    88     CachedResourceHandle<CachedScript> m_cachedScript;
     94    TextPosition1 m_startingPosition; // Only used for inline script tags.
     95    CachedResourceHandle<CachedScript> m_cachedScript;
    8996};
    9097

  • trunk/WebCore/html/HTMLLinkElement.cpp

    r74476 r74995  
    238238        }
    239239
     240        RefPtr<Document> originalDocument = document();
    240241        if (!dispatchBeforeLoadEvent(m_url))
    241242            return;
    242        
     243        // A beforeload handler might have removed us from the document or changed the document.
     244        if (!inDocument() || document() != originalDocument)
     245            return;
     246
    243247        m_loading = true;
    244248

  • trunk/WebCore/html/parser/HTMLScriptRunner.cpp

    r74724 r74995  
    100100    }
    101101    errorOccurred = false;
    102     return ScriptSourceCode(script.element()->textContent(), documentURLForScriptExecution(m_document));
     102    return ScriptSourceCode(script.element()->textContent(), documentURLForScriptExecution(m_document), script.startingPosition());
    103103}
    104104
     
    304304            else
    305305                requestParsingBlockingScript(script);
     306        } else if (!m_document->haveStylesheetsLoaded() && m_scriptNestingLevel == 1) {
     307            // Block inline script execution on stylesheet load, unless we are in document.write().
     308            // The latter case can only happen if a script both triggers a stylesheet load
     309            // and writes an inline script. Since write is blocking we have to execute the
     310            // written script immediately, ignoring the pending sheets.
     311            m_parsingBlockingScript.adoptElement(script);
     312            m_parsingBlockingScript.setStartingPosition(scriptStartPosition);
    306313        } else {
    307             // FIXME: We do not block inline <script> tags on stylesheets to match the
    308             // old parser for now.  When we do, the ASSERT below should be added.
    309             // See https://bugs.webkit.org/show_bug.cgi?id=40047
    310             // ASSERT(document()->haveStylesheetsLoaded());
    311314            ASSERT(isExecutingScript());
    312315            ScriptSourceCode sourceCode(script->textContent(), documentURLForScriptExecution(m_document), scriptStartPosition);
Note: See TracChangeset for help on using the changeset viewer.