Timeline



Jul 9, 2004:

5:04 PM Changeset in webkit [6996] by vicki
  • 2 edits in branches/Safari-1-0-branch/WebKit
  • merge these two fixes from HEAD for July 2004 Security Update

2004-07-09 Chris Blumenberg <cblu@apple.com>

Allowed my change for 3715785 to compile on Jaguar.

Reviewed by kocienda.

  • WebCoreSupport.subproj/WebBridge.m: (-[WebBridge canTargetLoadInFrame:]): don't use the DOM API since it doesn't exist on Jaguar, instead call the new domain method on the bridge

2004-07-06 Chris Blumenberg <cblu@apple.com>

Fixed: <rdar://problem/3715785> multiple frame injection vulnerability reported by Secunia, affects almost all browsers

Reviewed by john, trey, kocienda.

  • WebCoreSupport.subproj/WebBridge.m: (-[WebBridge canTargetLoadInFrame:]): new method, return YES if the requesting frame is local, the target frame is an entire window or if the domain of the parent of the targeted frame equals this domain (-[WebBridge loadURL:referrer:reload:userGesture:target:triggeringEvent:form:formValues:]): call canTargetLoadInFrame: to make sure we can load the request (-[WebBridge postWithURL:referrer:target:data:contentType:triggeringEvent:form:formValues:]): ditto
4:50 PM Changeset in webkit [6995] by kdecker
  • 4 edits in trunk

Reviewed by Hyatt.

fixes the width:auto problem in
<rdar://problem/3698344> REGRESSION (143?-144): macrumors.com tabs are compressed and illegible

  • khtml/css/cssstyleselector.cpp: (khtml::CSSStyleSelector::applyProperty):
4:41 PM Changeset in webkit [6994] by vicki
  • 2 edits in branches/Safari-1-0-branch/WebCore

WebCore versioning for July 2004 Security Update, WebCore-85.6.1

4:29 PM Changeset in webkit [6993] by vicki
  • 3 edits in branches/Safari-1-0-branch/WebCore
  • merge this fix from HEAD, so that the July 2004 Security Update will compile on Jaguar

2004-07-09 Chris Blumenberg <cblu@apple.com>

Allowed my change for 3715785 to compile on Jaguar.

Reviewed by kocienda.

  • kwq/WebCoreBridge.h:
  • kwq/WebCoreBridge.mm: (-[WebCoreBridge domain]): new, allows access to the domain without using the DOM API which doesn't exist on Jaguar
4:23 PM Changeset in webkit [6992] by kocienda
  • 3 edits in trunk

Reviewed by me

Updated some layout test results.

  • layout-tests/editing/deleting/delete-image-004-expected.txt:
  • layout-tests/editing/selection/extend-by-character-006-expected.txt:
3:10 PM Changeset in webkit [6991]
  • 21 copies
    3 deletes in tags/WebKit-125~3~1

This commit was manufactured by cvs2svn to create tag
'WebKit-125~3~1'.

3:10 PM Changeset in webkit [6990] by vicki
  • 2 edits in branches/Safari-1-2-branch/WebKit

WebKit versioning for July Security Update, WebKit-125.3.1

3:06 PM Changeset in webkit [6989]
  • 61 copies
    2 deletes in tags/WebCore-125~7~1

This commit was manufactured by cvs2svn to create tag
'WebCore-125~7~1'.

3:06 PM Changeset in webkit [6988] by vicki
  • 2 edits in branches/Safari-1-2-branch/WebCore
  • WebCore versioning for July Security Update, WebCore-125.7.1
2:56 PM Changeset in webkit [6987] by vicki
  • 5 edits in branches/Safari-1-2-branch

WebCore:

  • merge this fix from HEAD so that July Security Update will compile on Jaguar

2004-07-09 Chris Blumenberg <cblu@apple.com>

Allowed my change for 3715785 to compile on Jaguar.

Reviewed by kocienda.

  • kwq/WebCoreBridge.h:
  • kwq/WebCoreBridge.mm: (-[WebCoreBridge domain]): new, allows access to the domain without using the DOM API which doesn't exist on Jaguar

WebKit:

  • merge this fix from HEAD so that the fix for the July Security Update will compile on Jaguar

2004-07-09 Chris Blumenberg <cblu@apple.com>

Allowed my change for 3715785 to compile on Jaguar.

Reviewed by kocienda.

  • WebCoreSupport.subproj/WebBridge.m: (-[WebBridge canTargetLoadInFrame:]): don't use the DOM API since it doesn't exist on Jaguar, instead call the new domain method on the bridge
2:46 PM Changeset in webkit [6986] by vicki
  • 2 edits in branches/Safari-1-2-branch/WebKit
  • merge this fix from HEAD for July Security Update, 3717262

2004-07-06 Chris Blumenberg <cblu@apple.com>

Fixed: <rdar://problem/3715785> multiple frame injection vulnerability reported by Secunia, affects almost all browsers

Reviewed by john, trey, kocienda.

  • WebCoreSupport.subproj/WebBridge.m: (-[WebBridge canTargetLoadInFrame:]): new method, return YES if the requesting frame is local, the target frame is an entire window or if the domain of the parent of the targeted frame equals this domain (-[WebBridge loadURL:referrer:reload:userGesture:target:triggeringEvent:form:formValues:]): call canTargetLoadInFrame: to make sure we can load the request (-[WebBridge postWithURL:referrer:target:data:contentType:triggeringEvent:form:formValues:]): ditto
2:24 PM Changeset in webkit [6985] by cblu
  • 5 edits in trunk

WebCore:

Allowed my change for 3715785 to compile on Jaguar.

Reviewed by kocienda.

  • kwq/WebCoreBridge.h:
  • kwq/WebCoreBridge.mm: (-[WebCoreBridge domain]): new, allows access to the domain without using the DOM API which doesn't exist on Jaguar

WebKit:

Allowed my change for 3715785 to compile on Jaguar.

Reviewed by kocienda.

  • WebCoreSupport.subproj/WebBridge.m: (-[WebBridge canTargetLoadInFrame:]): don't use the DOM API since it doesn't exist on Jaguar, instead call the new domain method on the bridge
11:31 AM Changeset in webkit [6984] by kocienda
  • 12 edits in trunk/WebCore

Reviewed by Hyatt

Some improvements to fix:

<rdar://problem/3723111> Caret not drawn when selection set to unrendered content

  • khtml/editing/htmlediting_impl.cpp: (khtml::TypingCommandImpl::issueCommandForDeleteKey): Adjust selection to delete if selected position is not rendered.
  • khtml/rendering/render_block.cpp: (khtml::RenderBlock::paintObject): Use new caretPosition() function on Selection to figure out whether to paint.
  • khtml/xml/dom_position.cpp: (DOM::Position::previousCharacterPosition): Now correctly deals with a start position that is not rendered. (DOM::Position::nextCharacterPosition): Ditto. (DOM::Position::closestRenderedPosition): New helper.
  • khtml/xml/dom_position.h: (DOM::): Moved in EAffinity from Selection header. Now used in closestRenderedPosition function.
  • khtml/xml/dom_selection.cpp: (DOM::Selection::Selection): Added new m_caretPosition member. This is the position of the caret after a caret layout. This may be different from start or end if start and end are not rendered. (DOM::Selection::init): (DOM::Selection::modifyExtendingRightForward): New helper to clean up modify() and make it more readble. (DOM::Selection::modifyMovingRightForward): Ditto. (DOM::Selection::modifyExtendingLeftBackward): Ditto. (DOM::Selection::modifyMovingLeftBackward): Ditto. (DOM::Selection::modify): Use new helpers to make this more readble. (DOM::Selection::layoutCaret): Uses new closestRenderedPosition helper to place the caret if in unrendered content. (DOM::Selection::paintCaret): Remove moveToRenderedContent. obsolete.
  • khtml/xml/dom_selection.h: (DOM::Selection::caretPosition): New accessor.
  • kwq/WebCoreBridge.mm: (-[WebCoreBridge setSelectedDOMRange:affinity:]): EAffinity no longer a member enum of Selection class.
10:40 AM Changeset in webkit [6983] by kocienda
  • 2 edits in trunk/WebKit

Reviewed by John

  • Plugins.subproj/npruntime.h: Updated license to lawyer-approved joint Apple-Mozilla BSD-style license.

Jul 8, 2004:

3:54 PM Changeset in webkit [6982] by hyatt
  • 2 edits in trunk/WebCore

Fix for the table layout test that failed because of a change in how innerText worked. We need to do
updateLayout now when using innerText, since the method has been changed to use line boxes in the render tree
that might otherwise be out of date.

Reviewed by kocienda

  • khtml/html/html_elementimpl.cpp: (HTMLElementImpl::innerText):
2:31 PM Changeset in webkit [6981] by sullivan
  • 2 edits in trunk/WebCore

Reviewed by Ken.

  • fixed <rdar://problem/3691569> REGRESSION (142): cmd-shift-clicking on a link now also extends selection (even if there wasn't one before)
  • khtml/khtml_part.cpp: (KHTMLPart::handleMousePressEventSingleClick): if there's a URL associated with the event, don't extend the selection
2:08 PM Changeset in webkit [6980] by kocienda
  • 19 edits in trunk/WebCore

Reviewed by Vicki

Added some helper functions which provide strings to display in the
Xcode debugger's variable inspector window. These functions are called
from the LabyrinthDataFormatter debugger plugin I just checked in to
the Labyrinth/Tools directory.

Note that these functions are compiled in on Development builds only.

  • WebCore-combined.exp:
  • WebCore-tests.exp: Export all the formatForDebugger symbols so the debugger program can link with them.
  • khtml/xml/dom2_rangeimpl.cpp: (DOM::RangeImpl::formatForDebugger):
  • khtml/xml/dom2_rangeimpl.h:
  • khtml/xml/dom_elementimpl.cpp: (ElementImpl::formatForDebugger):
  • khtml/xml/dom_elementimpl.h:
  • khtml/xml/dom_nodeimpl.cpp:
  • khtml/xml/dom_nodeimpl.h:
  • khtml/xml/dom_position.cpp: (DOM::Position::formatForDebugger):
  • khtml/xml/dom_position.h:
  • khtml/xml/dom_selection.cpp: (DOM::Selection::formatForDebugger):
  • khtml/xml/dom_selection.h:
  • khtml/xml/dom_textimpl.cpp: (TextImpl::formatForDebugger):
  • khtml/xml/dom_textimpl.h:
2:01 PM Changeset in webkit [6979] by sullivan
  • 2 edits in trunk/WebCore

Reviewed by Vicki.

  • fixed <rdar://problem/3721544> crash increasing font size; entrezeroetun.com (works in IE and Firefox)
  • khtml/rendering/render_block.cpp: (khtml::RenderBlock::updateFirstLetter): Check for nil originalString() before dereffing
1:49 PM Changeset in webkit [6978] by cblu
  • 2 edits in trunk/WebKit

Fixed: <rdar://problem/3720728> REGRESSION (125.8-146): Crash moving mouse over plugin at manray-photo.com

Reviewed by john.

  • Plugins.subproj/WebBaseNetscapePluginView.m: (-[WebBaseNetscapePluginView pluginScriptableObject]): don't call NPP_GetValue unless the plug-in implements it
1:28 PM Changeset in webkit [6977] by cblu
  • 2 edits in trunk/WebKit

Fixed: <rdar://problem/3706296> VIP: ifilm.com crashing reproducibly with Safari

Reviewed by kocienda.

  • Plugins.subproj/WebNetscapePluginPackage.m: (-[WebNetscapePluginPackage launchRealPlayer]): don't release a NULL appURL
1:22 PM Changeset in webkit [6976] by hyatt
  • 2 edits in trunk/WebCore

Fix for 3721453, CSS3 initial property caused crashes because the macros were not written correctly.

Reviewed by john

  • khtml/css/cssstyleselector.cpp:
12:33 PM Changeset in webkit [6975] by cblu
  • 2 edits in trunk/WebKit

Fixed: <rdar://problem/3650140> reproducible assertion failure going to plugin page with JavaScript disabled

Reviewed by john.

  • Plugins.subproj/WebBaseNetscapePluginView.m: (-[WebBaseNetscapePluginView evaluateJavaScriptPluginRequest:]): don't call NPP_NewStream and other stream methods if there is no JS result to deliver. This is what Mozilla does. (-[WebBaseNetscapePluginView loadRequest:inTarget:withNotifyData:]): Return NPERR_GENERIC_ERROR if JS is disabled. This is what Mozilla does.
11:46 AM Changeset in webkit [6974] by vicki
  • 3 edits in trunk

change the version number from '151' to '152u'

11:38 AM Changeset in webkit [6973]
  • 3 copies in tags/Safari-151

This commit was manufactured by cvs2svn to create tag 'Safari-151'.

11:38 AM Changeset in webkit [6972] by vicki
  • 6 edits in trunk

Safari-151 stamp!

Jul 7, 2004:

4:24 PM Changeset in webkit [6971] by hyatt
  • 4 edits in trunk/WebCore

Fix for 3712133, crash from first-line pseudo-style use.

Reviewed by kocienda

  • khtml/css/cssstyleselector.cpp: (khtml::CSSStyleSelector::styleForElement):
  • khtml/css/cssstyleselector.h:
  • khtml/rendering/render_object.cpp: (RenderObject::getPseudoStyle):
2:36 PM Changeset in webkit [6970] by trey
  • 2 edits in trunk/WebKit

3719051 - Safari doesn't update form inputs when a page was refreshed by javascript window.location
... and at least 5 other cases in Radar

Very similar problem to the Harvard PIN bug. We need to be sure
to not carry any state over when we are processing a client
redirect, which reuses the same WebHistoryItem.

Reviewed by John.

  • WebView.subproj/WebFrame.m: (-[WebFrame _transitionToCommitted:]): Comment (-[WebFrame _opened]): Clear form and scroll state on client redirect.
1:13 PM Changeset in webkit [6969] by kocienda
  • 5 edits in trunk/WebCore

Reviewed by Hyatt

Fix for this bug:

<rdar://problem/3716479> calling setInnerHTML during a webViewDidChange delegate call causes a crash

The fix involves some rearrangement of code in TypingCommand and TypingCommandImpl.
Formerly, new TypingCommands would apply themselves (which was a no-op) and then
do their action in some code a way different than other commands. This type of command
application is different than for all other commands since TypingCommands can be coalesced.
The crash occurred as a result of the "no-op" TypingCommand having the unconsidered
consequence of causing editing delegate notifications to be sent before the command
has actually run. This change takes a small step towards making TypingCommandImpl function like
other commands, where the command work is done in doApply. This makes the notification
happen in the right order.

  • khtml/editing/htmlediting.cpp: (khtml::TypingCommand::TypingCommand): (khtml::TypingCommand::insertText): (khtml::TypingCommand::insertNewline): (khtml::TypingCommand::deleteKeyPressed):
  • khtml/editing/htmlediting.h: (khtml::TypingCommand::):
  • khtml/editing/htmlediting_impl.cpp: (khtml::TypingCommandImpl::TypingCommandImpl): (khtml::TypingCommandImpl::doApply):
  • khtml/editing/htmlediting_impl.h:

Jul 6, 2004:

4:11 PM Changeset in webkit [6968] by cblu
  • 2 edits in trunk/WebKit

Fixed: <rdar://problem/3715785> multiple frame injection vulnerability reported by Secunia, affects almost all browsers

Reviewed by john, trey, kocienda.

  • WebCoreSupport.subproj/WebBridge.m: (-[WebBridge canTargetLoadInFrame:]): new method, return YES if the requesting frame is local, the target frame is an entire window or if the domain of the parent of the targeted frame equals this domain (-[WebBridge loadURL:referrer:reload:userGesture:target:triggeringEvent:form:formValues:]): call canTargetLoadInFrame: to make sure we can load the request (-[WebBridge postWithURL:referrer:target:data:contentType:triggeringEvent:form:formValues:]): ditto
3:18 PM Changeset in webkit [6967] by kocienda
  • 2 edits in trunk/WebCore

Reviewed by me

  • khtml/html/html_tableimpl.cpp: (HTMLTableElementImpl::addChild): Added a better comment in the code I just checked in a few minutes ago.
3:07 PM Changeset in webkit [6966] by kocienda
  • 3 edits in trunk/WebCore

Reviewed by Hyatt

Fix for this bug:

<rdar://problem/3672377> assertion failure in AppendNodeCommandImpl::doApply
due to non-0 exception code trying to insert a DIV markup string

The solution was to revert to the code that was rolled out, and removing
the child checks from NodeImpl::checkAddChild. However, this time, I added
code very similar to this check into the code that runs while HTML is
being parsed to build up tables. This code relies on child-add failure
to ensure the proper construction of well-formed tables (as gross as that
sounds), so the check needs to be retained there. No other code seems to
be so affected. Layout tests are unchanged by this patch.

  • khtml/html/html_tableimpl.cpp: (HTMLTableElementImpl::addChild):
  • khtml/xml/dom_nodeimpl.cpp: (NodeImpl::checkAddChild):
10:58 AM Changeset in webkit [6965] by kocienda
  • 5 edits in trunk/WebCore

Reviewed by John

Simple change. I switched the arguments of the appendNode helper function
and the AppendNodeCommand and AppendNodeCommandImpl classes. The node to
insert now comes before the parent node in the argument list. I did this
to make this function match the convention of others in the HTML editing code.
This was the only one that was "different" in the way that it ordered arguments.
As a result, I was always looking to see that I was passing things in the right
order.

  • khtml/editing/htmlediting.cpp: (khtml::AppendNodeCommand::AppendNodeCommand): (khtml::AppendNodeCommand::appendChild): (khtml::AppendNodeCommand::parentNode):
  • khtml/editing/htmlediting.h:
  • khtml/editing/htmlediting_impl.cpp: (khtml::CompositeEditCommandImpl::insertNodeAfter): (khtml::CompositeEditCommandImpl::insertNodeAt): (khtml::CompositeEditCommandImpl::appendNode): (khtml::AppendNodeCommandImpl::AppendNodeCommandImpl): (khtml::AppendNodeCommandImpl::~AppendNodeCommandImpl): (khtml::AppendNodeCommandImpl::doApply): (khtml::AppendNodeCommandImpl::doUnapply): (khtml::ApplyStyleCommandImpl::surroundNodeRangeWithElement): (khtml::DeleteSelectionCommandImpl::doApply): (khtml::InputNewlineCommandImpl::insertNodeAfterPosition): (khtml::InputNewlineCommandImpl::insertNodeBeforePosition): (khtml::InputTextCommandImpl::prepareForTextInsertion):
  • khtml/editing/htmlediting_impl.h: (khtml::AppendNodeCommandImpl::parentNode):
10:04 AM Changeset in webkit [6964] by kocienda
  • 3 edits in trunk/WebCore

Reviewed by Trey

Fixed several problems with traversal classes. For one, NodeIterators treat
FILTER_REJECT and FILTER_SKIP the same, since it treats the DOM tree as a
flat collection of nodes free of hierarchy. The code before this change did
not do this correctly. It sure pays to go back and read the specs. :)

Also, the code to traverse from node to node when filters were applied was
not working correctly. My first attemmpt to implement this was just plain
buggy, as I discovered when I tried to write tests for my WWDC talk. I have
settled on an implementation which is much simpler and worked for all the
tests I threw at it.

  • khtml/xml/dom2_traversalimpl.cpp: (DOM::NodeIteratorImpl::findNextNode): (DOM::NodeIteratorImpl::nextNode): (DOM::NodeIteratorImpl::findPreviousNode): (DOM::NodeIteratorImpl::previousNode): (DOM::TreeWalkerImpl::parentNode): (DOM::TreeWalkerImpl::firstChild): (DOM::TreeWalkerImpl::lastChild): (DOM::TreeWalkerImpl::previousSibling): (DOM::TreeWalkerImpl::nextSibling): (DOM::TreeWalkerImpl::previousNode): (DOM::TreeWalkerImpl::nextNode): (DOM::TreeWalkerImpl::ancestorRejected):
  • khtml/xml/dom2_traversalimpl.h:
9:45 AM Changeset in webkit [6963] by sullivan
  • 2 edits in trunk/WebKit

Reviewed by Trey.

  • fixed <rdar://problem/3717147> folder icon used for error page in back/forward menu when iTunes is not installed
  • WebView.subproj/WebFrame.m: (-[WebFrame _transitionToCommitted:]): When displaying the error page for an unreachable URL, leave the requested URL in the WebHistoryItem; don't clobber it with a bogus one that represents the error page. This not only avoids the wrong-icon problem, but should also help in cases where an unreachable URL becomes reachable later on.
9:23 AM Changeset in webkit [6962] by vicki
  • 2 edits in trunk

Reviewed by kocienda.

  • added backColorCommand, foreColorCommand, fontNameCommand, and fontSizeCommand
  • layout-tests/editing/editing.js:
9:13 AM Changeset in webkit [6961] by trey
  • 8 edits in trunk

WebCore:

3716053 - www.theage.com.au has extra back/forward items due to ads

This turned out to be easily fixed by generalizing the fix to 3438441. We prevent
addition to the b/f list not just during an onload event, but during any non-user
gesture, which includes top level script executing.

Reviewed by Richard.

  • kwq/KWQKHTMLPart.mm: (KWQKHTMLPart::openURL): Only real change - prevent adding to b/f list if not a user gesture. (KWQKHTMLPart::openURLRequest): Rename "onLoadEvent" to "userGesture", swap sense (KWQKHTMLPart::submitForm): Ditto (KWQKHTMLPart::urlSelected): Ditto
  • kwq/KWQKHTMLPartBrowserExtension.mm: (KHTMLPartBrowserExtension::createNewWindow): Ditto
  • kwq/WebCoreBridge.h:

WebKit:

3716053 - www.theage.com.au has extra back/forward items due to ads

The real change was in WebKit. Here was are just renaming a method and folding
all the WebFrameLoadTypeOnLoadEvent uses to be WebFrameLoadTypeInternal, since there
was never any difference anyway.

Reviewed by Richard

  • WebCoreSupport.subproj/WebBridge.m: (-[WebBridge loadURL:referrer:reload:userGesture:target:triggeringEvent:form:formValues:]): rename part of the method.
  • WebView.subproj/WebFrame.m: Nuke WebFrameLoadTypeOnLoadEvent. (-[WebFrame _transitionToCommitted:]): (-[WebFrame _checkLoadCompleteForThisFrame]): (-[WebFrame _loadItem:withLoadType:]): (-[WebFrame _itemForRestoringDocState]):
  • WebView.subproj/WebFramePrivate.h:
8:46 AM Changeset in webkit [6960] by kocienda
  • 2 edits in trunk/WebKit

Reviewed by Trey

Only register the editing delegate for those notifications for which it implements the callbacks.

  • WebView.subproj/WebView.m: (-[WebView registerForEditingDelegateNotification:selector:]): (-[WebView setEditingDelegate:]):
8:40 AM Changeset in webkit [6959] by trey
  • 2 edits in trunk/WebKit

3294652 - Failed drag of links doesn't slide back

The only reason for this is that because of some hacks, we lie to
AK about the drag image offset, which means we slide back to
slightly the wrong place. But it's very minor, so we should
just fix it.

Reviewed by Ken.

  • WebView.subproj/WebHTMLView.m: (-[WebHTMLView _startDraggingImage:at:operation:event:sourceIsDHTML:DHTMLWroteData:]): Ask for slideback.
Note: See TracTimeline for information about the timeline view.