Title: [168264] releases/WebKitGTK/webkit-2.4
- Revision
- 168264
- Author
- carlo...@webkit.org
- Date
- 2014-05-05 01:01:21 -0700 (Mon, 05 May 2014)
Log Message
Merge r166236 - Hold a reference to firstSuccessfulSubmitButton in HTMLFormElement::submit
<http://webkit.org/b/130713>
<rdar://problem/15661876>
Reviewed by Darin Adler.
Merged from Blink (patch by Ian Beer):
http://crbug.com/303657
https://src.chromium.org/viewvc/blink?view=rev&revision=158938
Source/WebCore:
Test: fast/forms/form-submission-crash-successful-submit-button.html
* html/HTMLFormElement.cpp:
(WebCore::HTMLFormElement::submit):
LayoutTests:
* fast/forms/form-submission-crash-successful-submit-button-expected.txt: Added.
* fast/forms/form-submission-crash-successful-submit-button.html: Added.
Modified Paths
Added Paths
Diff
Modified: releases/WebKitGTK/webkit-2.4/LayoutTests/ChangeLog (168263 => 168264)
--- releases/WebKitGTK/webkit-2.4/LayoutTests/ChangeLog 2014-05-05 08:01:13 UTC (rev 168263)
+++ releases/WebKitGTK/webkit-2.4/LayoutTests/ChangeLog 2014-05-05 08:01:21 UTC (rev 168264)
@@ -1,3 +1,18 @@
+2014-03-25 David Kilzer <ddkil...@apple.com>
+
+ Hold a reference to firstSuccessfulSubmitButton in HTMLFormElement::submit
+ <http://webkit.org/b/130713>
+ <rdar://problem/15661876>
+
+ Reviewed by Darin Adler.
+
+ Merged from Blink (patch by Ian Beer):
+ http://crbug.com/303657
+ https://src.chromium.org/viewvc/blink?view=rev&revision=158938
+
+ * fast/forms/form-submission-crash-successful-submit-button-expected.txt: Added.
+ * fast/forms/form-submission-crash-successful-submit-button.html: Added.
+
2014-03-21 Andreas Kling <akl...@apple.com>
HTMLFrameOwnerElement should obey the SubframeLoadingDisabler when creating subframes
Added: releases/WebKitGTK/webkit-2.4/LayoutTests/fast/forms/form-submission-crash-successful-submit-button-expected.txt (0 => 168264)
--- releases/WebKitGTK/webkit-2.4/LayoutTests/fast/forms/form-submission-crash-successful-submit-button-expected.txt (rev 0)
+++ releases/WebKitGTK/webkit-2.4/LayoutTests/fast/forms/form-submission-crash-successful-submit-button-expected.txt 2014-05-05 08:01:21 UTC (rev 168264)
@@ -0,0 +1,5 @@
+PASS if not crashed.
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
Added: releases/WebKitGTK/webkit-2.4/LayoutTests/fast/forms/form-submission-crash-successful-submit-button.html (0 => 168264)
--- releases/WebKitGTK/webkit-2.4/LayoutTests/fast/forms/form-submission-crash-successful-submit-button.html (rev 0)
+++ releases/WebKitGTK/webkit-2.4/LayoutTests/fast/forms/form-submission-crash-successful-submit-button.html 2014-05-05 08:01:21 UTC (rev 168264)
@@ -0,0 +1,37 @@
+<!DOCTYPE html>
+<body>
+<script src=""
+<script>
+jsTestIsAsync = true;
+var form1;
+var submit1;
+
+function start() {
+ form1 = document.createElement('form');
+ submit1 = document.createElement('input');
+ submit2 = document.createElement('input');
+ submit1.type = 'submit';
+ submit2.type = 'image';
+ form1.addEventListener('submit', handleSubmit, false);
+ form1.action = '';
+ form1.appendChild(submit1);
+ form1.appendChild(submit2);
+ submit1.click();
+ testPassed('if not crashed.');
+ finishJSTest();
+}
+
+function handleSubmit() {
+ form1.removeChild(submit1);
+}
+
+function removeImage() {
+ form1.removeChild(submit2);
+ submit2 = null;
+ gc();
+}
+
+window._onload_ = start;
+</script>
+<script src=""
+</body>
Modified: releases/WebKitGTK/webkit-2.4/Source/WebCore/ChangeLog (168263 => 168264)
--- releases/WebKitGTK/webkit-2.4/Source/WebCore/ChangeLog 2014-05-05 08:01:13 UTC (rev 168263)
+++ releases/WebKitGTK/webkit-2.4/Source/WebCore/ChangeLog 2014-05-05 08:01:21 UTC (rev 168264)
@@ -1,3 +1,20 @@
+2014-03-25 David Kilzer <ddkil...@apple.com>
+
+ Hold a reference to firstSuccessfulSubmitButton in HTMLFormElement::submit
+ <http://webkit.org/b/130713>
+ <rdar://problem/15661876>
+
+ Reviewed by Darin Adler.
+
+ Merged from Blink (patch by Ian Beer):
+ http://crbug.com/303657
+ https://src.chromium.org/viewvc/blink?view=rev&revision=158938
+
+ Test: fast/forms/form-submission-crash-successful-submit-button.html
+
+ * html/HTMLFormElement.cpp:
+ (WebCore::HTMLFormElement::submit):
+
2014-03-21 Andreas Kling <akl...@apple.com>
HTMLFrameOwnerElement should obey the SubframeLoadingDisabler when creating subframes
Modified: releases/WebKitGTK/webkit-2.4/Source/WebCore/html/HTMLFormElement.cpp (168263 => 168264)
--- releases/WebKitGTK/webkit-2.4/Source/WebCore/html/HTMLFormElement.cpp 2014-05-05 08:01:13 UTC (rev 168263)
+++ releases/WebKitGTK/webkit-2.4/Source/WebCore/html/HTMLFormElement.cpp 2014-05-05 08:01:21 UTC (rev 168264)
@@ -333,7 +333,7 @@
m_isSubmittingOrPreparingForSubmission = true;
m_wasUserSubmitted = processingUserGesture;
- HTMLFormControlElement* firstSuccessfulSubmitButton = 0;
+ RefPtr<HTMLFormControlElement> firstSuccessfulSubmitButton;
bool needButtonActivation = activateSubmitButton; // do we need to activate a submit button?
for (unsigned i = 0; i < m_associatedElements.size(); ++i) {
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
