Timeline
Jul 11, 2004:
- 11:49 PM Changeset in webkit [6997] by
-
- 2 edits in branches/Safari-1-0-branch/WebKit
- versioning for July Security Update (WebKit-85.7.1), and a bit of cleanup to the Changelog. We had already rolled a fix for Safari 1.0.3 to the branch, but do not want to include this in the Security Update.
Jul 9, 2004:
- 5:04 PM Changeset in webkit [6996] by
-
- 2 edits in branches/Safari-1-0-branch/WebKit
- merge these two fixes from HEAD for July 2004 Security Update
2004-07-09 Chris Blumenberg <cblu@apple.com>
Allowed my change for 3715785 to compile on Jaguar.
Reviewed by kocienda.
- WebCoreSupport.subproj/WebBridge.m: (-[WebBridge canTargetLoadInFrame:]): don't use the DOM API since it doesn't exist on Jaguar, instead call the new domain method on the bridge
2004-07-06 Chris Blumenberg <cblu@apple.com>
Fixed: <rdar://problem/3715785> multiple frame injection vulnerability reported by Secunia, affects almost all browsers
Reviewed by john, trey, kocienda.
- WebCoreSupport.subproj/WebBridge.m: (-[WebBridge canTargetLoadInFrame:]): new method, return YES if the requesting frame is local, the target frame is an entire window or if the domain of the parent of the targeted frame equals this domain (-[WebBridge loadURL:referrer:reload:userGesture:target:triggeringEvent:form:formValues:]): call canTargetLoadInFrame: to make sure we can load the request (-[WebBridge postWithURL:referrer:target:data:contentType:triggeringEvent:form:formValues:]): ditto
- 4:50 PM Changeset in webkit [6995] by
-
- 4 edits in trunk
Reviewed by Hyatt.
fixes the width:auto problem in
<rdar://problem/3698344> REGRESSION (143?-144): macrumors.com tabs are compressed and illegible
- khtml/css/cssstyleselector.cpp: (khtml::CSSStyleSelector::applyProperty):
- 4:41 PM Changeset in webkit [6994] by
-
- 2 edits in branches/Safari-1-0-branch/WebCore
WebCore versioning for July 2004 Security Update, WebCore-85.6.1
- 4:29 PM Changeset in webkit [6993] by
-
- 3 edits in branches/Safari-1-0-branch/WebCore
- merge this fix from HEAD, so that the July 2004 Security Update will compile on Jaguar
2004-07-09 Chris Blumenberg <cblu@apple.com>
Allowed my change for 3715785 to compile on Jaguar.
Reviewed by kocienda.
- kwq/WebCoreBridge.h:
- kwq/WebCoreBridge.mm: (-[WebCoreBridge domain]): new, allows access to the domain without using the DOM API which doesn't exist on Jaguar
- 4:23 PM Changeset in webkit [6992] by
-
- 3 edits in trunk
Reviewed by me
Updated some layout test results.
- layout-tests/editing/deleting/delete-image-004-expected.txt:
- layout-tests/editing/selection/extend-by-character-006-expected.txt:
- 3:10 PM Changeset in webkit [6991]
-
- 21 copies3 deletes in tags/WebKit-125~3~1
This commit was manufactured by cvs2svn to create tag
'WebKit-125~3~1'.
- 3:10 PM Changeset in webkit [6990] by
-
- 2 edits in branches/Safari-1-2-branch/WebKit
WebKit versioning for July Security Update, WebKit-125.3.1
- 3:06 PM Changeset in webkit [6989]
-
- 61 copies2 deletes in tags/WebCore-125~7~1
This commit was manufactured by cvs2svn to create tag
'WebCore-125~7~1'.
- 3:06 PM Changeset in webkit [6988] by
-
- 2 edits in branches/Safari-1-2-branch/WebCore
- WebCore versioning for July Security Update, WebCore-125.7.1
- 2:56 PM Changeset in webkit [6987] by
-
- 5 edits in branches/Safari-1-2-branch
WebCore:
- merge this fix from HEAD so that July Security Update will compile on Jaguar
2004-07-09 Chris Blumenberg <cblu@apple.com>
Allowed my change for 3715785 to compile on Jaguar.
Reviewed by kocienda.
- kwq/WebCoreBridge.h:
- kwq/WebCoreBridge.mm: (-[WebCoreBridge domain]): new, allows access to the domain without using the DOM API which doesn't exist on Jaguar
WebKit:
- merge this fix from HEAD so that the fix for the July Security Update will compile on Jaguar
2004-07-09 Chris Blumenberg <cblu@apple.com>
Allowed my change for 3715785 to compile on Jaguar.
Reviewed by kocienda.
- WebCoreSupport.subproj/WebBridge.m: (-[WebBridge canTargetLoadInFrame:]): don't use the DOM API since it doesn't exist on Jaguar, instead call the new domain method on the bridge
- 2:46 PM Changeset in webkit [6986] by
-
- 2 edits in branches/Safari-1-2-branch/WebKit
- merge this fix from HEAD for July Security Update, 3717262
2004-07-06 Chris Blumenberg <cblu@apple.com>
Fixed: <rdar://problem/3715785> multiple frame injection vulnerability reported by Secunia, affects almost all browsers
Reviewed by john, trey, kocienda.
- WebCoreSupport.subproj/WebBridge.m: (-[WebBridge canTargetLoadInFrame:]): new method, return YES if the requesting frame is local, the target frame is an entire window or if the domain of the parent of the targeted frame equals this domain (-[WebBridge loadURL:referrer:reload:userGesture:target:triggeringEvent:form:formValues:]): call canTargetLoadInFrame: to make sure we can load the request (-[WebBridge postWithURL:referrer:target:data:contentType:triggeringEvent:form:formValues:]): ditto
- 2:24 PM Changeset in webkit [6985] by
-
- 5 edits in trunk
WebCore:
Allowed my change for 3715785 to compile on Jaguar.
Reviewed by kocienda.
- kwq/WebCoreBridge.h:
- kwq/WebCoreBridge.mm: (-[WebCoreBridge domain]): new, allows access to the domain without using the DOM API which doesn't exist on Jaguar
WebKit:
Allowed my change for 3715785 to compile on Jaguar.
Reviewed by kocienda.
- WebCoreSupport.subproj/WebBridge.m: (-[WebBridge canTargetLoadInFrame:]): don't use the DOM API since it doesn't exist on Jaguar, instead call the new domain method on the bridge
- 11:31 AM Changeset in webkit [6984] by
-
- 12 edits in trunk/WebCore
Reviewed by Hyatt
Some improvements to fix:
<rdar://problem/3723111> Caret not drawn when selection set to unrendered content
- khtml/editing/htmlediting_impl.cpp: (khtml::TypingCommandImpl::issueCommandForDeleteKey): Adjust selection to delete if selected position is not rendered.
- khtml/rendering/render_block.cpp: (khtml::RenderBlock::paintObject): Use new caretPosition() function on Selection to figure out whether to paint.
- khtml/xml/dom_position.cpp: (DOM::Position::previousCharacterPosition): Now correctly deals with a start position that is not rendered. (DOM::Position::nextCharacterPosition): Ditto. (DOM::Position::closestRenderedPosition): New helper.
- khtml/xml/dom_position.h: (DOM::): Moved in EAffinity from Selection header. Now used in closestRenderedPosition function.
- khtml/xml/dom_selection.cpp: (DOM::Selection::Selection): Added new m_caretPosition member. This is the position of the caret after a caret layout. This may be different from start or end if start and end are not rendered. (DOM::Selection::init): (DOM::Selection::modifyExtendingRightForward): New helper to clean up modify() and make it more readble. (DOM::Selection::modifyMovingRightForward): Ditto. (DOM::Selection::modifyExtendingLeftBackward): Ditto. (DOM::Selection::modifyMovingLeftBackward): Ditto. (DOM::Selection::modify): Use new helpers to make this more readble. (DOM::Selection::layoutCaret): Uses new closestRenderedPosition helper to place the caret if in unrendered content. (DOM::Selection::paintCaret): Remove moveToRenderedContent. obsolete.
- khtml/xml/dom_selection.h: (DOM::Selection::caretPosition): New accessor.
- kwq/WebCoreBridge.mm: (-[WebCoreBridge setSelectedDOMRange:affinity:]): EAffinity no longer a member enum of Selection class.
- 10:40 AM Changeset in webkit [6983] by
-
- 2 edits in trunk/WebKit
Reviewed by John
- Plugins.subproj/npruntime.h: Updated license to lawyer-approved joint Apple-Mozilla BSD-style license.
Jul 8, 2004:
- 3:54 PM Changeset in webkit [6982] by
-
- 2 edits in trunk/WebCore
Fix for the table layout test that failed because of a change in how innerText worked. We need to do
updateLayout now when using innerText, since the method has been changed to use line boxes in the render tree
that might otherwise be out of date.
Reviewed by kocienda
- khtml/html/html_elementimpl.cpp: (HTMLElementImpl::innerText):
- 2:31 PM Changeset in webkit [6981] by
-
- 2 edits in trunk/WebCore
Reviewed by Ken.
- fixed <rdar://problem/3691569> REGRESSION (142): cmd-shift-clicking on a link now also extends selection (even if there wasn't one before)
- khtml/khtml_part.cpp: (KHTMLPart::handleMousePressEventSingleClick): if there's a URL associated with the event, don't extend the selection
- 2:08 PM Changeset in webkit [6980] by
-
- 19 edits in trunk/WebCore
Reviewed by Vicki
Added some helper functions which provide strings to display in the
Xcode debugger's variable inspector window. These functions are called
from the LabyrinthDataFormatter debugger plugin I just checked in to
the Labyrinth/Tools directory.
Note that these functions are compiled in on Development builds only.
- WebCore-combined.exp:
- WebCore-tests.exp: Export all the formatForDebugger symbols so the debugger program can link with them.
- khtml/xml/dom2_rangeimpl.cpp: (DOM::RangeImpl::formatForDebugger):
- khtml/xml/dom2_rangeimpl.h:
- khtml/xml/dom_elementimpl.cpp: (ElementImpl::formatForDebugger):
- khtml/xml/dom_elementimpl.h:
- khtml/xml/dom_nodeimpl.cpp:
- khtml/xml/dom_nodeimpl.h:
- khtml/xml/dom_position.cpp: (DOM::Position::formatForDebugger):
- khtml/xml/dom_position.h:
- khtml/xml/dom_selection.cpp: (DOM::Selection::formatForDebugger):
- khtml/xml/dom_selection.h:
- khtml/xml/dom_textimpl.cpp: (TextImpl::formatForDebugger):
- khtml/xml/dom_textimpl.h:
- 2:01 PM Changeset in webkit [6979] by
-
- 2 edits in trunk/WebCore
Reviewed by Vicki.
- fixed <rdar://problem/3721544> crash increasing font size; entrezeroetun.com (works in IE and Firefox)
- khtml/rendering/render_block.cpp: (khtml::RenderBlock::updateFirstLetter): Check for nil originalString() before dereffing
- 1:49 PM Changeset in webkit [6978] by
-
- 2 edits in trunk/WebKit
Fixed: <rdar://problem/3720728> REGRESSION (125.8-146): Crash moving mouse over plugin at manray-photo.com
Reviewed by john.
- Plugins.subproj/WebBaseNetscapePluginView.m: (-[WebBaseNetscapePluginView pluginScriptableObject]): don't call NPP_GetValue unless the plug-in implements it
- 1:28 PM Changeset in webkit [6977] by
-
- 2 edits in trunk/WebKit
Fixed: <rdar://problem/3706296> VIP: ifilm.com crashing reproducibly with Safari
Reviewed by kocienda.
- Plugins.subproj/WebNetscapePluginPackage.m: (-[WebNetscapePluginPackage launchRealPlayer]): don't release a NULL appURL
- 1:22 PM Changeset in webkit [6976] by
-
- 2 edits in trunk/WebCore
Fix for 3721453, CSS3 initial property caused crashes because the macros were not written correctly.
Reviewed by john
- khtml/css/cssstyleselector.cpp:
- 12:33 PM Changeset in webkit [6975] by
-
- 2 edits in trunk/WebKit
Fixed: <rdar://problem/3650140> reproducible assertion failure going to plugin page with JavaScript disabled
Reviewed by john.
- Plugins.subproj/WebBaseNetscapePluginView.m: (-[WebBaseNetscapePluginView evaluateJavaScriptPluginRequest:]): don't call NPP_NewStream and other stream methods if there is no JS result to deliver. This is what Mozilla does. (-[WebBaseNetscapePluginView loadRequest:inTarget:withNotifyData:]): Return NPERR_GENERIC_ERROR if JS is disabled. This is what Mozilla does.
- 11:46 AM Changeset in webkit [6974] by
-
- 3 edits in trunk
change the version number from '151' to '152u'
- 11:38 AM Changeset in webkit [6973]
-
- 3 copies in tags/Safari-151
This commit was manufactured by cvs2svn to create tag 'Safari-151'.
- 11:38 AM Changeset in webkit [6972] by
-
- 6 edits in trunk
Safari-151 stamp!
Jul 7, 2004:
- 4:24 PM Changeset in webkit [6971] by
-
- 4 edits in trunk/WebCore
Fix for 3712133, crash from first-line pseudo-style use.
Reviewed by kocienda
- khtml/css/cssstyleselector.cpp: (khtml::CSSStyleSelector::styleForElement):
- khtml/css/cssstyleselector.h:
- khtml/rendering/render_object.cpp: (RenderObject::getPseudoStyle):
- 2:36 PM Changeset in webkit [6970] by
-
- 2 edits in trunk/WebKit
3719051 - Safari doesn't update form inputs when a page was refreshed by javascript window.location
... and at least 5 other cases in Radar
Very similar problem to the Harvard PIN bug. We need to be sure
to not carry any state over when we are processing a client
redirect, which reuses the same WebHistoryItem.
Reviewed by John.
- WebView.subproj/WebFrame.m: (-[WebFrame _transitionToCommitted:]): Comment (-[WebFrame _opened]): Clear form and scroll state on client redirect.
- 1:13 PM Changeset in webkit [6969] by
-
- 5 edits in trunk/WebCore
Reviewed by Hyatt
Fix for this bug:
<rdar://problem/3716479> calling setInnerHTML during a webViewDidChange delegate call causes a crash
The fix involves some rearrangement of code in TypingCommand and TypingCommandImpl.
Formerly, new TypingCommands would apply themselves (which was a no-op) and then
do their action in some code a way different than other commands. This type of command
application is different than for all other commands since TypingCommands can be coalesced.
The crash occurred as a result of the "no-op" TypingCommand having the unconsidered
consequence of causing editing delegate notifications to be sent before the command
has actually run. This change takes a small step towards making TypingCommandImpl function like
other commands, where the command work is done in doApply. This makes the notification
happen in the right order.
- khtml/editing/htmlediting.cpp: (khtml::TypingCommand::TypingCommand): (khtml::TypingCommand::insertText): (khtml::TypingCommand::insertNewline): (khtml::TypingCommand::deleteKeyPressed):
- khtml/editing/htmlediting.h: (khtml::TypingCommand::):
- khtml/editing/htmlediting_impl.cpp: (khtml::TypingCommandImpl::TypingCommandImpl): (khtml::TypingCommandImpl::doApply):
- khtml/editing/htmlediting_impl.h:
