Timeline



Aug 20, 2007:

6:37 PM Changeset in webkit [25168] by pewtermoose
  • 3 edits
    6 adds in trunk

WebCore:

2007-08-20 Mitz Pettel <mitz@webkit.org>

Reviewed by Dave Hyatt.

Test: fast/repaint/layer-visibility.html

  • rendering/RenderLayer.cpp: (WebCore::RenderLayer::setHasVisibleContent): Cache the layer's rects when it changes to visible.

LayoutTests:

2007-08-20 Mitz Pettel <mitz@webkit.org>

Reviewed by Dave Hyatt.

  • fast/repaint/layer-visibility.html: Added.
  • platform/mac/fast: Added.
  • platform/mac/fast/repaint: Added.
  • platform/mac/fast/repaint/layer-visibility-expected.checksum: Added.
  • platform/mac/fast/repaint/layer-visibility-expected.png: Added.
  • platform/mac/fast/repaint/layer-visibility-expected.txt: Added.
5:14 PM Changeset in webkit [25167] by aroben
  • 2 edits in trunk/WebKitSite

Remove any mention of drwtsn32.log, as it is almost never useful for tracking down crashes

Reviewed by Oliver.

  • quality/crashlogs.html:
5:08 PM Changeset in webkit [25166] by kdecker
  • 2 edits in trunk/WebCore

Reviewed by Anders.

Fixed: <rdar://problem/5325262> REGRESSION (Tiger-Leopard): PictureTalk plug-in doesn't work

The problem was that this particular plug-in handles "text/ptf", but WebCore wasn't giving the plug-in a chance to load
any type with "text/"

  • dom/DOMImplementation.cpp: (WebCore::DOMImplementation::createDocument): Allow plug-ins to once again use "text/" MIME types, but only if the MIME type is not "text/plain". Disallowing plug-ins to use text/plain prevents plug-ins from hijacking a fundamental type that the browser is expected to handle, and also serves as an optimization to prevent loading the plug-in database in the common case.
4:46 PM Changeset in webkit [25165] by aroben
  • 2 edits in trunk/LayoutTests

Removed a now-working test from the Windows Skipped file

  • platform/win/Skipped:
4:36 PM Changeset in webkit [25164] by aroben
  • 2 edits in trunk/WebKitTools

Put LayoutTests after all other ChangeLogs in commit logs

We use "~" to sort LayoutTests after all the other ChangeLogs because
"~" is the last ASCII character (other than "DEL").

Reviewed by Sam.

  • Scripts/commit-log-editor:
4:18 PM Changeset in webkit [25163] by aroben
  • 2 edits in trunk/WebKitTools

Detect that DRT crashed even if a crash dialog is running

On Windows, when DRT crashes a crash dialog commonly appears. The DRT
process is still running at this point, so run-webkit-tests wouldn't
detect that DRT had crashed. We now record the crash in our SIGPIPE
handler so that we know if DRT crashed even if the crash dialog is up.

Reviewed by Sam.

  • Scripts/run-webkit-tests: (sub catch_pipe): Set the crashed bit. (sub openDumpTool): Reset the crashed bit. (sub dumpToolDidCrash): Check the crashed bit.
4:04 PM Changeset in webkit [25162] by aroben
  • 3 edits
    4 adds in trunk

Remove workarounds for <rdar://problem/5386894> now that it's been fixed

WebCore:

Remove workarounds for <rdar://problem/5386894> now that it's been fixed

Reviewed by Darin.

Tests: fast/loader/local-svg-parsed-as-svg.svg

fast/loader/local-xhtml-parsed-as-xhtml.xhtml

  • platform/network/cf/ResourceResponseCFNet.cpp: (WebCore::ResourceResponse::doUpdateResourceResponse): Removed hackish workaround.

LayoutTests:

Tests to ensure that local .xhtml and .svg files end up being parsed as XHTML and SVG, respectively

Reviewed by Darin.

  • fast/loader/local-svg-parsed-as-svg-expected.txt: Added.
  • fast/loader/local-svg-parsed-as-svg.svg: Added.
  • fast/loader/local-xhtml-parsed-as-xhtml-expected.txt: Added.
  • fast/loader/local-xhtml-parsed-as-xhtml.xhtml: Added.
3:05 PM Changeset in webkit [25161] by kmccullo
  • 3 edits
    2 adds in trunk

JavaScriptCore:

Reviewed by Geoff and Adam.

  • Changing stack depth to 500 (from 100 on mac and win) to help out some apps specifically gmail. <rdar://problem/3590522> JavaScript call stack limit of 99 is too small for some applications; needs to be closer to 500 (4045)
  • kjs/object.cpp:

LayoutTests:

Reviewed by Geoff and Adam.

  • Changing stack depth toi 500 (from 100 in mac and win) to help out some apps specifically gmail. <rdar://problem/3590522> JavaScript call stack limit of 99 is too small for some applications; needs to be closer to 500 (4045).
  • fast/js/deep-recursion-test-expected.txt: Added.
  • fast/js/deep-recursion-test.html: Added.
2:41 PM Changeset in webkit [25160] by aroben
  • 2 edits in trunk/WebKitTools

Fix Bug 15026: prepare-ChangeLog should list new tests in WebCore/ChangeLog

http://bugs.webkit.org/show_bug.cgi?id=15026

Reviewed by NOBODY (OOPS!).

  • Scripts/prepare-ChangeLog: (sub isModifiedStatus): Split out from isModifiedOrAddedStatus. (sub isAddedStatus): Ditto. (sub testListForChangeLog): Added.
1:32 PM Changeset in webkit [25159] by andersca
  • 2 edits in trunk/WebCore

Reviewed by Adam.

<rdar://problem/5412988>
Crash when visiting http://www.rockonflash.com/blog/?p=58


  • plugins/win/PluginViewWin.cpp: (WebCore::PluginViewWin::updateWindow): Just return if the plugin view hasn't been inserted in the hierarchy yet.
11:10 AM Changeset in webkit [25158] by antti
  • 2 edits in trunk/WebKit

Reviewed by John.


Fix <rdar://problem/5378390>
Crash at Range::startContainer() when creating multiple ToDos on the same line


Null check range.


No layout test, this only happens with ObjC API.

  • WebView/WebHTMLView.mm: (-[WebHTMLView _expandSelectionToGranularity:]):
6:30 AM Changeset in webkit [25157] by zecke
  • 2 edits in trunk/WebCore

2007-08-20 Holger Hans Peter Freyther <zecke@selfish.org>

Reviewed by Zack.

Do not define svg as ImageMIMEType if we can use ksvg2.

  • platform/MIMETypeRegistry.cpp: (WebCore::initialiseSupportedImageMIMETypes):
12:11 AM Changeset in webkit [25156] by mjs
  • 2 edits in trunk/WebKit

Not reviewed, fix for crash on launch bug in last patch.

  • WebView/WebHTMLView.mm: (-[WebHTMLView setDataSource:]): Remove an assertion, fix code to work right in the face of that condition.
12:04 AM Changeset in webkit [25155] by rwlbuis
  • 3 edits
    4 adds in branches/feature-branch

Reviewed by Nikolas.

http://bugs.webkit.org/show_bug.cgi?id=14924
rotated rect with pattern draws incorrectly

Use the bounding box before transformation.

12:01 AM Changeset in webkit [25154] by mjs
  • 6 edits in trunk/LayoutTests

Not reviewed - test case fixes.


  • fix some test cases where expected results were altered by the last change (I reviewed all the new results.)
  • fast/events/focusingUnloadedFrame-expected.txt:
  • http/tests/loading/simple-subframe-expected.txt:
  • tables/mozilla_expected_failures/bugs/bug137388-1-expected.txt:
  • tables/mozilla_expected_failures/bugs/bug137388-2-expected.txt:
  • webarchive/loading/test-loading-archive-expected.txt:

Aug 19, 2007:

5:04 PM Changeset in webkit [25153] by aroben
  • 2 edits in trunk/WebCore

Gtk+ build fix.

  • platform/gdk/TemporaryLinkStubs.cpp: Removed const.
3:07 PM Changeset in webkit [25152] by aroben
  • 7 edits in trunk/WebCore

Fix <rdar://5395835> REGRESSION (r24527): Context menu for edit fields is missing "Font & Writing Direction"

The problem was that ContextMenuItem::setSubMenu was just copying the
HMENU from the ContextMenu passed in on Windows, but that HMENU was
later getting destroyed when the ContextMenu went out of scope.

I added a new ContextMenu::releasePlatformDescription method that is
used in setSubMenu instead. I think an ultimately better design would
be for setSubMenu to take ownership of the ContextMenu that's passed in
(as should insertItem and appendItem), but I decided to be conservative
and just make the changes needed to fix the bug.

Reviewed by Darin.

No test possible.

  • platform/ContextMenu.h: Added releasePlatformDescription.
  • platform/gdk/TemporaryLinkStubs.cpp: Added stub implementation.
  • platform/mac/ContextMenuMac.mm: (WebCore::ContextMenu::releasePlatformDescription): Implemented, though it's never called on this platform.
  • platform/qt/ContextMenuQt.cpp: (WebCore::ContextMenu::releasePlatformDescription): Ditto.
  • platform/win/ContextMenuItemWin.cpp: (WebCore::ContextMenuItem::setSubMenu): Call releasePlatformDescription since we need to take ownership of the HMENU.
  • platform/win/ContextMenuWin.cpp: (WebCore::ContextMenu::releasePlatformDescription): Implemented.
2:40 PM Changeset in webkit [25151] by mjs
  • 11 edits in trunk

LayoutTests:

Reviewed by Darin.

  • update for fix to <rdar://problem/5198272> REGRESSION: PLT 1.5% slower due to r21367 (change to start frames with empty documents)


No longer expect windowScriptObject delegate method in frames that never
use script.

  • http/tests/loading/bad-scheme-subframe-expected.txt:
  • http/tests/loading/bad-server-subframe-expected.txt:
  • http/tests/loading/empty-subframe-expected.txt:
  • http/tests/loading/slow-parsing-subframe-expected.txt:

WebCore:

Reviewed by Darin.

  • fixed <rdar://problem/5198272> REGRESSION: PLT 1.5% slower due to r21367 (change to start frames with empty documents)


There were three main cuases of extra time due to creating the initial empty document:


1) Creating an extra WebHTMLView and swapping it for a new one for each frame created.
2) Parsing the minimal markup for the initial document's contents.
3) Clearing the Window object an extra time and dispatching the corresponding delegate method.


The WebCore part of the fixes addresses 2 and 3.


  • loader/FrameLoader.cpp: (WebCore::FrameLoader::init): Don't parse "<html><body>" for the initial empty document; it turns out not to be needed. (WebCore::FrameLoader::dispatchWindowObjectAvailable): Don't dispatch the delegate if we haven't created a ScriptInterpreter yet.
  • bindings/js/kjs_proxy.cpp: (WebCore::KJSProxy::initScriptIfNeeded): Dispatch the window object delegate when we first create the interpreter, since that is now done lazily.
  • loader/FrameLoader.h: (WebCore::FrameLoader::committingFirstRealLoad): Helper for WebKit to know when to reuse a WebHTMLView.

WebKit:

Reviewed by Darin.


  • fixed <rdar://problem/5198272> REGRESSION: PLT 1.5% slower due to r21367 (change to start frames with empty documents)

There were three main cuases of extra time due to creating the initial empty document:


1) Creating an extra WebHTMLView and swapping it for a new one for each frame created.
2) Parsing the minimal markup for the initial document's contents.
3) Clearing the Window object an extra time and dispatching the corresponding delegate method.


The WebKit part of the fixes addresses 1.

  • WebCoreSupport/WebFrameLoaderClient.mm: (WebFrameLoaderClient::makeDocumentView): When switching from the initial empty document to the first real document, reuse the WebHTMLView.


It might actually be a significant performance improvement to always
reuse the WebHTMLView, but that is a much riskier change and not
needed to fix the regression right now.

11:26 AM Changeset in webkit [25150] by pewtermoose
  • 3 edits
    2 adds in trunk

LayoutTests:

2007-08-19 Mitz Pettel <mitz@webkit.org>

Reviewed by Adam Roben.

  • fast/images/text-content-crash-2-expected.txt: Added.
  • fast/images/text-content-crash-2.html: Added.

WebCore:

2007-08-19 Mitz Pettel <mitz@webkit.org>

Reviewed by Adam Roben.

Test: fast/images/text-content-crash-2.html

  • html/HTMLImageLoader.cpp: (WebCore::HTMLImageLoader::setImage): Added a check that the renderer is an image. (WebCore::HTMLImageLoader::updateFromElement): Ditto. (WebCore::HTMLImageLoader::notifyFinished): Ditto.
10:10 AM Changeset in webkit [25149] by staikos
  • 2 edits in trunk/WebKitQt

Don't export ICO symbols

9:51 AM Changeset in webkit [25148] by ddkilzer
  • 1 edit
    2 adds in trunk/LayoutTests

LayoutTests:

Reviewed by Adam and Geoff within one minute of each other.

Tests that the '-apple-opacity', '-khtml-opacity' and '-webkit-opacity' styles
all map to the 'opacity' style.

  • fast/css/legacy-opacity-styles-expected.txt: Added.
  • fast/css/legacy-opacity-styles.html: Added.
5:07 AM Changeset in webkit [25147] by bdash
  • 2 edits in trunk/LayoutTests

2007-08-19 Mark Rowe <mrowe@apple.com>

Update expected results. The results that were landed with the test did not match the wording
in the test that was landed.

  • fast/encoding/namespace-tolerance-expected.txt:
4:13 AM Changeset in webkit [25146] by zecke
  • 2 edits in trunk/WebKitTools

2007-08-19 Oleg Sukhodolsky <son.two@gmail.com>

Reviewed by Mark.

-fixes http://bugs.webkit.org/show_bug.cgi?id=14632

  • Scripts/webkitdirs.pm: qt and gtk ports now explicitly pass debug (or release) mode to qmake.
1:05 AM Changeset in webkit [25145] by rwlbuis
  • 33 edits
    4 adds in branches/feature-branch

Reviewed by Nikolas.

http://bugs.webkit.org/show_bug.cgi?id=14926
WebKit has 'em' length handling problems related to CSS properties

Parse the properties in inline style attributes non-strict for SVG.

Aug 18, 2007:

10:15 PM Changeset in webkit [25144] by staikos
  • 3 edits in trunk/WebKitQt

Fix compilation

11:20 AM Changeset in webkit [25143] by zecke
  • 2 edits in trunk/WebKit/gtk

2007-08-18 Holger Hans Peter Freyther <zecke@selfish.org>

Build fix. Add const to the first parameter of createPlugin

  • WebCoreSupport/FrameLoaderClientGtk.cpp:

Aug 17, 2007:

8:48 PM Changeset in webkit [25142] by mjs
  • 4 edits in trunk

WebCore:

Reviewed by Darin.

  • WebCore part of fix to scrollbar suppression hack for Leopard
  • loader/FrameLoader.cpp: (WebCore::FrameLoader::transitionToCommitted): Suppress scrollbars earlier, so it happens before any potential view swap.

WebKit:

Reviewed by Darin.

  • WebKit part of fix to scrollbar suppression hack for Leopard
  • WebView/WebDynamicScrollBarsView.m: (-[WebDynamicScrollBarsView reflectScrolledClipView:]): Don't call the superclass method when scrollbars are suppressed. (-[WebDynamicScrollBarsView setScrollBarsSuppressed:repaintOnUnsuppress:]): Instead call it here, when unsuppressing.
7:41 PM Changeset in webkit [25141] by bdash
  • 1 copy in tags/Safari-4523.1

New tag.

7:00 PM Changeset in webkit [25140] by aroben
  • 8 edits
    1 add in trunk/WebKit/win

Fix <rdar://5192578> Inspect Element should not appear in context menu in non-debug mode

We now follow the same logic as Mac WebKit for displaying the Inspect Element item:

1) If DisableWebKitDeveloperExtras is set to true, don't display it
2) If not, and we're in a debug build, display it
3) If not, and we're in a release build, display it if

WebKitDeveloperExtras is set to true

Reviewed by Ada.

  • Interfaces/IWebPreferencesPrivate.idl: Added.
  • WebKit.vcproj/Interfaces.vcproj: Add new IWebPreferencesPrivate.idl file to project.
  • WebKit.vcproj/WebKitGUID.vcproj: Added generated .c file for IWebPreferencesPrivate to project.
  • WebPreferenceKeysPrivate.h: Added new keys.
  • WebPreferences.cpp: Added IID_WebPreferences. (WebPreferences::postPreferencesChangesNotification): Added an explicit cast needed now that WebPreferences implements two interfaces. (WebPreferences::QueryInterface): Added new cases. (WebPreferences::setDeveloperExtrasEnabled): Added. (WebPreferences::developerExtrasEnabled): Added. (WebPreferences::developerExtrasDisabledByOverride): Added.
  • WebPreferences.h: Now implements IWebPreferencesPrivate.
  • WebView.cpp: (WebView::updateWebCoreSettingsFromPreferences): Call developerExtrasEnabled. (WebView::developerExtrasEnabled): Ported from -[WebView _developerExtrasEnabled].
  • WebView.h:
7:00 PM Changeset in webkit [25139] by aroben
  • 6 edits in trunk/WebKit/win

Add WebPreferences::sharedStandardPreferences

This is a convenience method to get the standard preferences object so
that within WebKit we don't have to deal with the fact that COM doesn't
support static methods.

Reviewed by Ada.

  • WebHistory.cpp: (WebHistory::WebHistory): Use sharedStandardPreferences.
  • WebIconDatabase.cpp: (WebIconDatabase::init): Ditto.
  • WebPreferences.cpp: (WebPreferences::sharedStandardPreferences): Added. (WebPreferences::getInstanceForIdentifier): Use sharedStandardPreferences. (WebPreferences::standardPreferences): Ditto.
  • WebPreferences.h:
  • WebView.cpp: (WebView::preferences): Ditto.
6:23 PM Changeset in webkit [25138] by darin
  • 3 edits in trunk/WebKitTools

Reviewed by Oliver Hunt.

  • don't look for Apple-style localizable strings in the GTK version of WebKit
  • Scripts/extract-localizable-strings: Add a feature where you can pass in the name of subdirectories to skip.
  • Scripts/update-webkit-localizable-strings: Pass WebKit/gtk as a subdirectory to skip.
6:08 PM Changeset in webkit [25137] by darin
  • 3 edits in trunk/WebKit

Reviewed by Maciej.

  • fix <rdar://problem/5414518> Use root URL as origin URL when quarantining downloads
  • WebCoreSupport/WebFrameLoaderClient.mm: (WebFrameLoaderClient::setOriginalURLForDownload): Extract only the scheme and host name and make the originating URL from that.
  • WebKit/StringsNotToBeLocalized.txt: Updated for recent changes.
5:04 PM Changeset in webkit [25136] by andersca
  • 3 edits in trunk/WebKit/gtk

Build fix.


  • WebCoreSupport/FrameLoaderClientGtk.cpp: (WebKit::FrameLoaderClient::createPlugin):
  • WebCoreSupport/FrameLoaderClientGtk.h:
5:01 PM Changeset in webkit [25135] by thatcher
  • 1 edit in trunk/WebKit/WebView/WebHTMLView.mm

Fix a spelling mistake.

4:53 PM Changeset in webkit [25134] by thatcher
  • 3 edits in trunk/WebKit

Reviewed by Darin.

<rdar://problem/5398301> Xcode threw mutation exception while enumerating subviews (GC only)

I was never able to reproduce this exception. But there can be cases where layout will
trigger JavaScript or plugin code that can modify the WebView view hierarchy during a
recursive enumeration of all the subviews.

This patch does two things:
1) Adds a check in debug builds that will LOG when any view is added or removed during layout.
Noting that added views will not recieve layout this round and might paint without first recieving layout.

2) Recursivly builds up an array of descendant WebHTMLViews before calling layout on them.
This matches the behavior of makeObjectsPerformSelector: in the non-GC case (making a copy
before enumerating.)

  • WebView/WebHTMLView.mm: (-[WebHTMLView _web_setPrintingModeRecursive]): Use _web_addDescendantWebHTMLViewsToArray to build up an array of WebHTMLViews to enumerate. (-[WebHTMLView _web_clearPrintingModeRecursive]): Ditto. (-[WebHTMLView _web_setPrintingModeRecursiveAndAdjustViewSize]): Ditto. (-[WebHTMLView _web_layoutIfNeededRecursive]): Ditto. (-[WebHTMLView _layoutIfNeeded]): Moved to WebHTMLViewFileInternal category. (-[WebHTMLView didAddSubview:]): LOG in debug builds. (-[WebHTMLView willRemoveSubview:]): Ditto. (-[NSView _web_addDescendantWebHTMLViewsToArray:]): Recursivly build an array of descendant WebHTMLViews.
  • WebView/WebHTMLViewInternal.h: Added a BOOL in WebHTMLViewPrivate to track subview changes (debug only.)
4:45 PM Changeset in webkit [25133] by andersca
  • 2 edits in trunk/WebKitTools

Build fix.


  • DumpRenderTree/TestNetscapePlugIn.subproj/main.c: (NPP_SetWindow):
4:29 PM Changeset in webkit [25132] by antti
  • 7 edits
    2 adds in trunk

LayoutTests:

Reviewed by Hyatt.

Test for <rdar://problem/5403773>
CrashTracer: [USER] 88 crashes in Safari at com.apple.WebCore: WebCore::RenderTableSection::paint + 846


Changed results for fast/dynamic/containing-block-change.html are progression
(even though new results don't match Firefox and old ones did!)

  • fast/dynamic/ancestor-to-absolute-expected.txt: Added.
  • fast/dynamic/ancestor-to-absolute.html: Added.
  • fast/dynamic/containing-block-change-expected.checksum:
  • fast/dynamic/containing-block-change-expected.png:
  • fast/dynamic/containing-block-change-expected.txt:

WebCore:

Reviewed by Hyatt.


Fix <rdar://problem/5403773>
CrashTracer: [USER] 88 crashes in Safari at com.apple.WebCore: WebCore::RenderTableSection::paint + 846

  • rendering/RenderBlock.cpp: (WebCore::RenderBlock::removePositionedObjects):


Fix crash in http://www.infobae.com/interior/home.html
Positioned objects removed from m_positionedObjects would in some cases not get added back to any
positioned objects list. Adding objects happens in block layout but since layout was not invalidated
correctly in removePositionedObjects() it would not get invoked. As a result some positioned objects
would stay in layout dirty state leading to crashes and other bad things.


  • rendering/RenderTableSection.cpp: (WebCore::RenderTableSection::paint):


Add needLayout() guard to eliminate this class of crashes from release builds.
Assert commented out for now since one existing layout test can't handle it.

3:58 PM Changeset in webkit [25131] by andersca
  • 3 edits in trunk/WebKit/win

Build fix.


  • WebFrame.cpp: (WebFrame::createPlugin):
  • WebFrame.h:
3:48 PM Changeset in webkit [25130] by kdecker
  • 1 edit
    2 adds in trunk/LayoutTests

Reviewed by Darin.

<rdar://problem/5252836> Adobe Help Viewer: Japanese characters in the Help Tree structure are shown as garbage
This test ensures a UTF-8 encoding is properly set. The code tests compatibility of documents which:

(1) use namespace prefixes on HTML elements
(2) specify a non-latin charset
(3) contain non-latin characters


If this test passes, the UTF-8 character below should exactly match the character the character in namespace-tolerance-expected.txt.

  • fast/encoding/namespace-tolerance-expected.txt: Added.
  • fast/encoding/namespace-tolerance.html: Added.
3:45 PM Changeset in webkit [25129] by kdecker
  • 2 edits in trunk/WebCore

2007-08-17 Kevin Decker <kdecker@apple.com>

Code change by Darin, landed and reviewed by me.

Fixed: <rdar://problem/5252836> Adobe Help Viewer: Japanese characters in the Help Tree structure are shown as garbage
Added fast/encoding/namespace-tolerance.html test.

  • loader/TextResourceDecoder.cpp: (WebCore::TextResourceDecoder::checkForHeadCharset): Slightly loosen the charset decoder heuristic by tweaking it to ignore namespaces. This restores compatibility to documents which (1) use namespace prefixes on HTML elements (2) specify a non-latin charset and (3) contain non-latin characters.


Added fast/encoding/namespace-tolerance.html test.

3:12 PM Changeset in webkit [25128] by andersca
  • 21 edits
    2 adds in trunk

LayoutTests:

Reviewed by Dave Hyatt.

<rdar://problem/5379040>
REGRESSION (Tiger-Leopard): ADOBE: Safari calls NPP_SetWindow with bad values sometimes


Add test.


  • plugins/netscape-plugin-setwindow-size-expected.txt: Added.
  • plugins/netscape-plugin-setwindow-size.html: Added.

WebCore:

Reviewed by Dave Hyatt.


<rdar://problem/5379040>
REGRESSION (Tiger-Leopard): ADOBE: Safari calls NPP_SetWindow with bad values sometimes

Instantiate plug-ins during the first layout instead of doing so when creating the renderer.
This ensures that the plug-in widget will have a correct initial size.


  • html/HTMLEmbedElement.cpp: (WebCore::HTMLEmbedElement::getInstance): Force a layout if the plug-in doesn't have an instance.


(WebCore::HTMLEmbedElement::attach):
Pass true to updateWidget, causing it to only create a widget if it won't be a plug-in.


  • html/HTMLIFrameElement.cpp: (WebCore::HTMLIFrameElement::attach): Pass false to updateWidget, this will only create subframes anyway.


  • html/HTMLObjectElement.cpp: (WebCore::HTMLObjectElement::getInstance): Force a layout if the plug-in doesn't have an instance.


(WebCore::HTMLObjectElement::attach):
Pass true to updateWidget, causing it to only create a widget if it won't be a plug-in.


  • loader/FrameLoader.cpp: (WebCore::FrameLoader::loadPlugin): Get the size from the renderer and pass it to the client.


  • loader/FrameLoaderClient.h:
  • page/mac/WebCoreFrameBridge.h:
  • platform/graphics/svg/SVGImageEmptyClients.h: (WebCore::SVGEmptyFrameLoaderClient::createPlugin): Update declarations.


  • rendering/RenderPart.cpp: (WebCore::RenderPart::setWidget): No need to mark the renderer as dirty here.


  • rendering/RenderPartObject.h:
  • rendering/RenderPartObject.cpp: (WebCore::RenderPartObject::updateWidget): Add a parameter, onlyCreateNonPlugins. If this is true the widget will only be created if it's not a plug-in.


(WebCore::RenderPartObject::layout):
Call updateWidget here if m_widget is 0, causing the plug-in to be instantiated.

WebKit:

Reviewed by Dave Hyatt.

<rdar://problem/5379040>
REGRESSION (Tiger-Leopard): ADOBE: Safari calls NPP_SetWindow with bad values sometimes


Pass the right size when creating the views.


  • WebCoreSupport/WebFrameBridge.mm: (-[WebFrameBridge viewForPluginWithFrame:URL:attributeNames:attributeValues:MIMEType:DOMElement:loadManually:]):
  • WebCoreSupport/WebFrameLoaderClient.h:
  • WebCoreSupport/WebFrameLoaderClient.mm: (WebFrameLoaderClient::createPlugin):

WebKitTools:

Reviewed by Dave Hyatt.

<rdar://problem/5379040>
REGRESSION (Tiger-Leopard): ADOBE: Safari calls NPP_SetWindow with bad values sometimes

Add a way for the plug-in to dump the width and height when it gets its NPP_SetWindow call.


  • DumpRenderTree/TestNetscapePlugIn.subproj/PluginObject.c: (pluginAllocate):
  • DumpRenderTree/TestNetscapePlugIn.subproj/PluginObject.h:
  • DumpRenderTree/TestNetscapePlugIn.subproj/main.c: (NPP_New): (NPP_SetWindow):
1:50 PM Changeset in webkit [25127] by zbujtas
  • 3 edits in S60/trunk/WebCore

rathnasa, reviewed by Zbujtas

DESC: TSW Id SJUN-73XBVC document.write does not work in onload, onclick events
http://bugs.webkit.org/show_bug.cgi?id=14915

WARNING: NO TEST CASES ADDED OR CHANGED

1:48 PM Changeset in webkit [25126] by zbujtas
  • 3 edits in S60/branches/3.1m/WebCore

2007-08-09 rathnasa <sornalatha.rathnasamy@nokia.com>

Reviewed by zbujtas
DESC: TSW Id SJUN-73XBVC document.write does not work in onload, onclick events

http://bugs.webkit.org/show_bug.cgi?id=14915

1:10 PM Changeset in webkit [25125] by oliver
  • 1 edit in trunk/WebCore/ChangeLog

Correct ChangeLog to reference correct person

1:42 AM Changeset in webkit [25124] by oliver
  • 4 edits
    2 adds in trunk

LayoutTests:

Reviewed by Maciej.

Simple test to ensure we don't crash when creating a pattern

  • fast/canvas/create-pattern-does-not-crash-expected.txt: Added.
  • fast/canvas/create-pattern-does-not-crash.html: Added.

WebCore:

Reviewed by Maciej.

http://bugs.webkit.org/show_bug.cgi?id=14189
<rdar://problem/5319511> REPRODUCIBLE CRASH: Canvas createPattern(canvas, ...) crashes on Windows (14189)

Ensure that we actually retain the CG pattern correctly.

Credit to Philip Taylor <excors@gmail.com> for finding the cause of this.

  • html/CanvasPattern.cpp: (WebCore::CanvasPattern::~CanvasPattern): (WebCore::CanvasPattern::createPattern):
  • html/CanvasPattern.h: (WebCore::CanvasPattern::platformImage):

Aug 16, 2007:

11:49 PM Changeset in webkit [25123] by rwlbuis
  • 4 edits
    4 adds in branches/feature-branch

Reviewed by Oliver.

http://bugs.webkit.org/show_bug.cgi?id=14927
use element in SVG does not render after parent is displayed off and on

Also detach the shadow tree when detaching the <use>.

10:29 PM Changeset in webkit [25122] by bdash
  • 4 edits in trunk

Versioning.

10:20 PM Changeset in webkit [25121] by bdash
  • 2 edits in tags/Safari-5523.1/JavaScriptCore

Merge r25078.

Reviewed by Sam.

  • fix <rdar://problem/5410570> Global initializer introduced by use of std::numeric_limits in r24919
  • kjs/ustring.cpp: (KJS::overflowIndicator): Turned into a function. (KJS::maxUChars): Ditto. (KJS::allocChars): Use the functions. (KJS::reallocChars): Ditto. (KJS::UString::expandedSize): Ditto.
10:20 PM Changeset in webkit [25120] by bdash
  • 5 edits
    4 adds in tags/Safari-5523.1

Merge r25076.

LayoutTests:

Reviewed by Tim.

<rdar://problem/5408255> REGRESSION: In Mail, clicking the containing element's UI closebox doesn't delete element

  • editing/deleting/5408255.html: Added.
  • editing/deleting/5408255-expected.checksum: Added.
  • editing/deleting/5408255-expected.png: Added.
  • editing/deleting/5408255-expected.txt: Added.

WebCore:

Reviewed by Tim.

<rdar://problem/5408255> REGRESSION: In Mail, clicking the containing element's UI closebox doesn't delete element

  • editing/DeleteButtonController.cpp: (WebCore::DeleteButtonController::show): Use -webkit-user-select:ignore for the deletion UI.

WebKitTools:

Reviewed by Tim.

<rdar://problem/5408255> REGRESSION: In Mail, clicking the containing element's UI closebox doesn't delete element

  • DumpRenderTree/EditingDelegate.m: (-[EditingDelegate webView:shouldShowDeleteInterfaceForElement:]): Added, return YES only for elements with the class needsDeletionUI.
10:19 PM Changeset in webkit [25119] by bdash
  • 27 edits in tags/Safari-5523.1/WebCore

Merge r25098.

Reviewed by Hyatt.

Rolling back in. I made a silly mistake in XMLTokenizer that caused
this patch to crash SVG tests. It's fixed now!

Refactor of change for <rdar://problem/5404899> REGRESSION: Mail
crash in WebCore::FontFallbackList::fontDataAt() after dragging
image into text multiple times

The original fix that I made last night prevents the pending style
sheet count from being incremented until the element is in the
document. This fix prevents the style sheet from loading at all
until it is in the document.

Here is the fix.

  • dom/StyleElement.cpp: (WebCore::StyleElement::insertedIntoDocument): Call process. (WebCore::StyleElement::removedFromDocument): This can be reverted to its original state before my patch last night. (WebCore::StyleElement::process): childrenChanged is now called process. Return early if your not in the document. (WebCore::StyleElement::createSheet): Revert change from last night. The inDocument check is now in caller childrenChanged.
  • dom/StyleElement.h: insertedIntoDocument() must now accept an element in addition to a document.

This is an optimization to prevent calling updateStyleSelector()
too frequently.

  • dom/XMLTokenizer.cpp: (WebCore::XMLTokenizer::startElementNs):
  • html/HTMLStyleElement.cpp: (WebCore::HTMLStyleElement::HTMLStyleElement): (WebCore::HTMLStyleElement::finishedParsing): (WebCore::HTMLStyleElement::insertedIntoDocument): (WebCore::HTMLStyleElement::childrenChanged): (WebCore::HTMLStyleElement::sheetLoaded):
  • html/HTMLStyleElement.h:
  • ksvg2/svg/SVGStyleElement.cpp: (WebCore::SVGStyleElement::SVGStyleElement): (WebCore::SVGStyleElement::finishedParsing): (WebCore::SVGStyleElement::insertedIntoDocument): (WebCore::SVGStyleElement::childrenChanged): (WebCore::SVGStyleElement::sheetLoaded):
  • ksvg2/svg/SVGStyleElement.h: (WebCore::SVGStyleElement::setCreatedByParser):

This is a name change. Document::stylesheetLoaded()
is now Document::removePendingSheet()

  • dom/Document.cpp: (WebCore::Document::removePendingSheet):
  • dom/Document.h:
  • dom/ProcessingInstruction.cpp: (WebCore::ProcessingInstruction::sheetLoaded):
  • html/HTMLLinkElement.cpp: (WebCore::HTMLLinkElement::~HTMLLinkElement): (WebCore::HTMLLinkElement::setDisabledState): (WebCore::HTMLLinkElement::process): (WebCore::HTMLLinkElement::sheetLoaded):
  • page/Frame.cpp: (WebCore::UserStyleSheetLoader::~UserStyleSheetLoader): (WebCore::UserStyleSheetLoader::setCSSStyleSheet):

This is another name change. closeRenderer() is now
finishedParsing()

  • dom/Node.h: (WebCore::Node::finishedParsing):
  • dom/XMLTokenizer.cpp: (WebCore::XMLTokenizer::endElementNs): (WebCore::):
  • html/HTMLAppletElement.cpp: (WebCore::HTMLAppletElement::finishedParsing):
  • html/HTMLAppletElement.h:
  • html/HTMLGenericFormElement.cpp: (WebCore::HTMLFormControlElementWithState::finishedParsing):
  • html/HTMLGenericFormElement.h:
  • html/HTMLObjectElement.cpp: (WebCore::HTMLObjectElement::finishedParsing):
  • html/HTMLObjectElement.h:
  • html/HTMLParser.cpp: (WebCore::HTMLParser::insertNode): (WebCore::HTMLParser::popOneBlockCommon):
  • html/HTMLScriptElement.cpp: (WebCore::HTMLScriptElement::finishedParsing):
  • html/HTMLScriptElement.h: (WebCore::HTMLStyleElement::setCreatedByParser):
  • ksvg2/svg/SVGAnimationElement.cpp: (WebCore::SVGAnimationElement::finishedParsing):
  • ksvg2/svg/SVGAnimationElement.h:
  • ksvg2/svg/SVGElement.cpp: (WebCore::SVGElement::finishedParsing):
  • ksvg2/svg/SVGElement.h:
10:19 PM Changeset in webkit [25118] by bdash
  • 4 edits in tags/Safari-5523.1/WebCore

Merge r25068.

Reviewed by Maciej.

Fix for <rdar://problem/5404899> REGRESSION: Mail crash in
WebCore::FontFallbackList::fontDataAt() after dragging image into
text multiple times

We were crashing because style information was not up-to-date. This
patch fixes the problem in two ways:

Style information was not up to date at the time of the crash
because the document thought there was still a pending style sheet.
The pending style sheet counter was incremented when a call to
cloneNode from Mail cloned a style node with an imported style
sheet. Because Mail disables the cache, the style sheet did not
load immediately for the cloned node, and we do not check again to
see if it has loaded in time to decrement the pending style sheet
counter before the crash point. The fix here is only to increment
the pending style sheet counter for elements that are already in
the document.

  • dom/StyleElement.cpp: (WebCore::StyleElement::insertedIntoDocument): If we have a CSS style sheet that is currently loading, increment the pending style sheet counter. This should keep the counter accurate in the case where a style node is cloned and then immediately inserted into the document. (WebCore::StyleElement::removedFromDocument): If we have a CSS style sheet that is currently loading, decrement the pending style sheet count. This is required to keep the correct balance, given the change above. (WebCore::StyleElement::createSheet): Only addPendingSheet() and checkLoaded() if we are in the document.

Here is Darin's original fix. It seems worth keeping this fix too.
Font style information should not cause a crash if there are still
pending style sheets. This is good belt-and-suspenders in case
there is another way to run into this bug with a wacky timing
issue.

  • css/CSSStyleSelector.cpp: (WebCore::CSSStyleSelector::styleForElement): Update the font.
10:08 PM Changeset in webkit [25117] by bdash
  • 1 copy in tags/Safari-5523.1

New tag.

8:10 PM Changeset in webkit [25116] by ggaren
  • 2 edits in trunk/WebCore

Build fix. (Maybe?)


  • loader/Cache.cpp: (WebCore::Cache::pruneLiveResources): (WebCore::Cache::pruneDeadResources):
5:29 PM Changeset in webkit [25115] by justing
  • 5 edits
    6 adds in trunk

LayoutTests:

Reviewed by Harrison.


<rdar://problem/5378473> Undoing a deletion that is part of an open typing command fails to reinsert the caret

  • editing/undo/5378473.html: Added.
  • platform/mac/editing: Added.
  • platform/mac/editing/undo: Added.
  • platform/mac/editing/undo/5378473-expected.checksum: Added.
  • platform/mac/editing/undo/5378473-expected.png: Added.
  • platform/mac/editing/undo/5378473-expected.txt: Added.

WebCore:

Reviewed by Harrison.

<rdar://problem/5378473>
REGRESSION: Undoing a deletion that is part of an open typing command fails to reinsert the caret


We recently made Undo of a series of deletes select all of the
characters that were deleted, not just the most recently deleted
character. But the code that did this set a new starting selection
after every delete, even those that were part of an open typing
command that started with character insertions or forward deletes,
operations that when undone, remove the starting selection being
set from the document.


After this change we only set a new starting selection if the open typing
command was opened by a backward delete. The new behavior matches TextEdit.
We don't do something similar or forward deletes because TextEdit opens
and closes a new typing command on forward delete (added a FIXME about this).

  • editing/TypingCommand.cpp: (WebCore::TypingCommand::TypingCommand): Initialize m_openedByBackwardDelete. (WebCore::TypingCommand::forwardDeleteKeyPressed): Added a FIXME about how in TextEdit, forward deletes open and close a new typing command. (WebCore::TypingCommand::doApply): Set m_openedByBackwardDelete appropriately. (WebCore::TypingCommand::deleteKeyPressed): Only set the starting selection if this delete is the first one in an open typing command or one in a series of deletes that opened the typing command.
  • editing/TypingCommand.h: Added m_openedByBackwardDelete.
4:43 PM Changeset in webkit [25114] by ggaren
  • 12 edits in trunk

WebCore:

Reviewed by Dave Hyatt.


Tweaked the cache eviction model to better balance between live and
dead resources.


For the sake of avoiding evictions during the PLT, the old model
required the sum of dead and live resources to grow to twice the cache
capacity before evicting, and would then evict dead or live down to 0
if necessary. This was a too-high high water mark, which would nullify
much of the value of eviction, and a too-low low water mark, which
would nullify much of the value of the LRU-SP strategy.


This patch changes the model in 3 ways.


  1. The new model for dead resources is a flexible window with a fixed minimum and maximum. The dead resource window is big when live resource pressure is small, and vice versa. This has the immediate advantage of cutting the high water mark by up to 50%. It also enables the following tunable optimizations in future patches:
    1. A dead resource limit of 0 for clients who want that. (Just set the fixed maximum to 0.)
    2. A much higher low water mark. (Just set the fixed minimum to, say, 25% of the cache's capacity.)
    3. A much lower high water mark for users who browse simple pages in one tab. (Just set the fixed maximum to, say, 50% of the cache's capacity.)


I plan to make the changes that actually take advantage of these
tunable optimizations in another check-in.

The new model won't hurt the PLT because it will notice the PLT's low
live resource size, and up the dead resource capacity in response. For
the same reason, the new model should establish a good balance in
real-world use.


  1. Live resource eviction is now based on size(), not encodedSize(). So, a page with lots of large, encoded images will start evicting resources, if necessary, even before all the images paint. This allows you to more accurately stipulate an exact high water mark.


  1. When pruning, prune to a small percentage below capacity, to avoid just having to prune again immediately.

Layout tests pass. PLT shows no regression.

  • history/PageCache.cpp: (WebCore::PageCache::releaseAutoreleasedPagesNow): Updated for rename.
  • loader/Cache.cpp: Implemented the algorithm explained above.
  • loader/Cache.h: Removed explicit tracking of decoded data size, since it was unused.
  • loader/CachedResource.cpp: ditto on tracking of decoded data size

WebKit:

Reviewed by Dave Hyatt.


WebKit changes to support new cache eviction model in WebCore.

  • WebView/WebPreferences.m: (+[WebPreferences initialize]): Modified to reflect new API in WebCore.
  • WebView/WebView.mm: (+[WebView _initializeCacheSizesIfNecessary]): Slightly increased cache size on low memory systems to avoid affecting the PLT for now.

win:

Reviewed by Dave Hyatt.

WebKit changes to support new cache eviction model in WebCore.

  • WebPreferences.cpp: (WebPreferences::initialize):
  • WebView/WebPreferences.m: Modified to reflect new API in WebCore.
  • WebView.cpp: (WebView::initializeCacheSizesIfNecessary): Slightly increased cache size on low memory systems to avoid affecting the PLT for now.
4:12 PM Changeset in webkit [25113] by aliceli1
  • 2 edits in trunk/LayoutTests

Removed a fixed test from the skip list. r25112 fixed this test.

  • platform/mac-leopard/Skipped:
4:09 PM Changeset in webkit [25112] by aliceli1
  • 2 edits in trunk/WebKitTools

Reviewed by Maciej.

Fix <rdar://problem/5360135> REGRESSION (Leopard only): editing/selection/5354455-1.html is causing subsequent tests to fail

  • DumpRenderTree/DumpRenderTree.m: (createWebView): Create a DumpRenderTreeWindow instead of a NSWindow, now that a DumpRenderTreeWindow no longer poses as a NSWindow. (dumpRenderTree): Don't pose as a NSWindow, since when the spelling panel gets created, it creates an NSWindow which ends up creating a DumpRenderTreeWindow.
1:50 PM Changeset in webkit [25111] by bdakin
  • 2 edits in trunk/LayoutTests

Reviewed by Hyatt.

Changing this test to get it to pass again after http://
trac.webkit.org/projects/webkit/changeset/25098

The test is changing because our new behavior seems correct, though
not completely consistent. http://bugs.webkit.org/show_bug.cgi?
id=14979 is tracking the fact that the behavior is not consistent
regarding style elements that are not in the document.

  • fast/css/css-selector-text.html:
12:05 PM Changeset in webkit [25110] by kmccullo
  • 3 edits
    5 adds in trunk

LayoutTests:

Reviewed by Adam.

  • Added tests for regressions in other components. In this case we also need to add a skipped list for Tiger since this functionality didn't exist in 10.4.
  • fast/cookies: Added.
  • fast/cookies/local-file-can-set-cookies-expected.txt: Added.
  • fast/cookies/local-file-can-set-cookies.html: Added.
  • platform/mac-tiger: Added.
  • platform/mac-tiger/Skipped: Added.

WebKitTools:

Reviewed by Adam.

  • Added tests for regressions in other components. In this case we also need to add a skipped list for Tiger since this functionality didn't exist in 10.4.
  • Scripts/run-webkit-tests:
11:52 AM Changeset in webkit [25109] by darin
  • 3 edits in trunk/WebCore

Reviewed by Tim Hatcher.

  • fix <rdar://problem/5415029> In Mail, a crash occurs at WebCore::Node::isDescendantOf() when attempting to delete a selection in a table

The bug was caused by createMarkup trying to operate on a range that
has an endpoint in the delete button DOM, because it removes that DOM
during its operation! Still working on a regression test -- it's hard
to make the kind of bad selection that's needed with the DOM, so I might
have to use the eventSender.

  • editing/DeleteButtonController.h: Made some of the identifiers private. We can make them public if we need to use them. Added a getter function for the container element so we can figure out if a given node is inside the DOM added for the delete button.
  • editing/markup.cpp: (WebCore::moveEndpointsBeforeNode): Added. General purpose helper function that moves endpoints of a range to before a given node -- we do this before removing the delete button, so the endpoint is where the delete button was, rather than having an endpoint that's not in the document. (WebCore::createMarkup): Always return empty string, not null string. Get the document by calling ownerDocument on the range rather than getting the document of the commonAncestorContainer. That's because we need to get at the delete button before calling commonAncestorContainer. Call moveEndpointsBeforeNode to move the range endpoints out of the delete button interface before calling disable() which will remove it from the DOM if it's in there. Added an early return for the case where commonAncestor is non-0. If this happens, we would crash later because pastEndNode would not be in the tree. This change alone would prevent the crash, but we'd get bad markup, so we need the moveEndpointsBeforeNode fix. Added null checks for the frame to the range version as in the single-node version so this won't crash immediately on documents that are not in a frame. For the single-node version, added a check if a ndoe of 0 and a node inside the delete button user interface, and return the empty string for those cases.
11:51 AM Changeset in webkit [25108] by justing
  • 3 edits
    2 adds in trunk

LayoutTests:

Reviewed by Maciej.


<rdar://problem/5378847>
After creating and removing a ToDo, the caret disappears as soon as I start to type

  • editing/inserting/5378847-expected.txt: Added.
  • editing/inserting/5378847.html: Added.

WebCore:

Reviewed by Maciej.


<rdar://problem/5378847> After creating and removing a ToDo, the caret disappears as soon as I start to type


  • editing/InsertTextCommand.cpp: (WebCore::InsertTextCommand::input): A whitespace text node inserted by Mail when a ToDo is removed is completely removed by deleteInsignificantWhitespace, and since it contains the text insertion position, insertion fails. Save the position before the node where text insertion will occur, and if that node is removed, use the saved position for insertion.
9:29 AM Changeset in webkit [25107] by darin
  • 11 edits in trunk/WebCore

Reviewed by Adele.

  • fix <rdar://problem/5413488> REGRESSION: every DOM element is about 40 bytes bigger because it has a Timer

Moved the timer to the document from the element.

  • dom/Document.h: Made frame() inline. Added updateFocusApperanceSoon(), cancelFocusAppearanceUpdate(), m_updateFocusAppearanceTimer, clearXMLVersion(), and updateFocusAppearanceTimerFired(). Also made everything that was previously protected be private instead.
  • dom/Document.cpp: (WebCore::Document::Document): Initialize m_updateFocusAppearanceTimer. (WebCore::Document::updateFocusAppearanceSoon): Added. Starts timer. (WebCore::Document::cancelFocusAppearanceUpdate): Added. Stops timer. (WebCore::Document::updateFocusAppearanceTimerFired): Added. If the focused node is a focusable element, then calls updateFocusAppearance(false) on it.
  • dom/Element.h: Removed default value of the boolean parameter to updateFocusAppareance. Removed needsFocusAppearanceUpdate(), setNeedsFocusAppearanceUpdate(), updateFocusAppearanceTimerFired(), stopUpdateFocusAppearanceTimer(), m_updateFocusAppearanceTimer, and m_needsFocusAppearanceUpdate. Added updateFocusAppearanceSoonAfterAttach() and cancelFocusAppearanceUpdate().
  • dom/Element.cpp: (WebCore::ElementRareData::ElementRareData): Added initializer for m_needsFocusAppearanceUpdateSoonAfterAttach. (WebCore::Element::Element): Removed initializers for m_updateFocusAppearanceTimer and m_needsFocusAppearanceUpdate. (WebCore::Element::attach): Updated code that starts the focus appearance timer to instead call updateFocusAppearanceSoon() on the document. (WebCore::Element::detach): Replaced call to stopUpdateFocusAppearanceTimer with call to cancelFocusAppearanceUpdate. (WebCore::Element::focus): Added check for node that's already focused, to match the logic that's in the derived classes. This makes it safe for us to remove the override in the derived classes. Also replaced the code that called setNeedsFocusAppearanceUpdate(true) with code to set the rare data flag m_needsFocusAppearanceUpdateSoonAfterAttach and added a call to cancelFocusAppearanceUpdate() in the case where there's no focus appearance update. (WebCore::Element::blur): Replaced call to stopUpdateFocusAppearanceTimer with call to cancelFocusAppearanceUpdate. (WebCore::Element::cancelFocusAppearanceUpdate): Added. Sets m_needsFocusAppearanceUpdateSoonAfterAttach to false, and then calls cancelFocusAppearanceUpdate() on the document, but only if the element is the focused node of the document.
  • html/HTMLDocument.cpp: (WebCore::HTMLDocument::HTMLDocument): Replaced code that sets m_xmlVersion directly with a call to a new inline clearXMLVersion() function. (WebCore::HTMLDocument::setCookie): Replaced use of m_policyBaseURL with policyBaseURL(). (WebCore::HTMLDocument::createTokenizer): Replaced uses of m_frame with frame(). (WebCore::HTMLDocument::determineParseMode): Replaced code that sets pMode and hMode directly with calls to setParseMode and setHTMLMode. Replaced use of m_styleSelector with styleSelector().
  • html/HTMLInputElement.h: Removed now-unneed override of focus(). Removed default value of the boolean parameter to updateFocusAppareance.
  • html/HTMLInputElement.cpp: (WebCore::HTMLInputElement::updateFocusAppearance): Pass the restorePreviousSelection boolean through -- while it's ignored, it no longer has a default value.
  • html/HTMLTextAreaElement.h: Removed now-unneed override of focus(). Removed default value of the boolean parameter to updateFocusAppareance.
  • html/HTMLTextAreaElement.cpp: Ditto.
  • WebCore.exp: Removed the Document::frame() symbol, since it's now inline.
9:13 AM Changeset in webkit [25106] by antti
  • 5 edits
    2 adds in trunk

LayoutTests:

Reviewed by Maciej.


Test for <rdar://problem/5388936>
Crash while setting display:none for a table cell with selection

  • fast/table/destroy-cell-with-selection-crash-expected.txt: Added.
  • fast/table/destroy-cell-with-selection-crash.html: Added.

WebCore:

Reviewed by Maciej.


Fix <rdar://problem/5388936>
Crash while setting display:none for a table cell with selection


Super class destroy() could (through some selection code in removeChild()) trigger section recalc
in middle of RenderTableCell::destroy(), cleaning section dirty bit. This would later crash in
layout since cell grid would still have refence to the dead cell.


Ensure table sections are dirty when leaving destroy method.


I can't figure out tests for row and section changes but they look like
they could crash in similar way as cell.

  • rendering/RenderTableCell.cpp: (WebCore::RenderTableCell::destroy):
  • rendering/RenderTableRow.cpp: (WebCore::RenderTableRow::destroy):
  • rendering/RenderTableSection.cpp: (WebCore::RenderTableSection::destroy):
Note: See TracTimeline for information about the timeline view.