Diff
Modified: trunk/Source/WebCore/ChangeLog (121520 => 121521)
--- trunk/Source/WebCore/ChangeLog 2012-06-29 06:20:34 UTC (rev 121520)
+++ trunk/Source/WebCore/ChangeLog 2012-06-29 06:38:42 UTC (rev 121521)
@@ -1,3 +1,18 @@
+2012-06-28 Ryosuke Niwa <[email protected]>
+
+ DOMHTMLCollection::item may return a wrong element after namedItem is called
+ https://bugs.webkit.org/show_bug.cgi?id=90240
+
+ Reviewed by Antti Koivisto.
+
+ The bug was caused by namedItem updating m_cache.current without updating m_cache.position.
+ Fixed the bug by updating both. This is similar to the bug I fixed in r121478.
+
+ WebKit API Test: WebKit1.HTMLCollectionNamedItemTest
+
+ * html/HTMLCollection.cpp:
+ (WebCore::HTMLCollection::namedItem):
+
2012-06-28 Kentaro Hara <[email protected]>
Change argument types of Element::getAttribute*() from String to AtomicString
Modified: trunk/Source/WebCore/html/HTMLCollection.cpp (121520 => 121521)
--- trunk/Source/WebCore/html/HTMLCollection.cpp 2012-06-29 06:20:34 UTC (rev 121520)
+++ trunk/Source/WebCore/html/HTMLCollection.cpp 2012-06-29 06:38:42 UTC (rev 121521)
@@ -263,21 +263,26 @@
// that are allowed a name attribute.
invalidateCacheIfNeeded();
+ unsigned i = 0;
for (Element* e = itemAfter(0); e; e = itemAfter(e)) {
if (checkForNameMatch(e, /* checkName */ false, name)) {
m_cache.current = e;
+ m_cache.position = i;
return e;
}
+ i++;
}
+ i = 0;
for (Element* e = itemAfter(0); e; e = itemAfter(e)) {
if (checkForNameMatch(e, /* checkName */ true, name)) {
m_cache.current = e;
+ m_cache.position = i;
return e;
}
+ i++;
}
- m_cache.current = 0;
return 0;
}
Modified: trunk/Tools/ChangeLog (121520 => 121521)
--- trunk/Tools/ChangeLog 2012-06-29 06:20:34 UTC (rev 121520)
+++ trunk/Tools/ChangeLog 2012-06-29 06:38:42 UTC (rev 121521)
@@ -1,3 +1,17 @@
+2012-06-28 Ryosuke Niwa <[email protected]>
+
+ DOMHTMLCollection::item may return a wrong element after namedItem is called
+ https://bugs.webkit.org/show_bug.cgi?id=90240
+
+ Reviewed by Antti Koivisto.
+
+ Add a WebKit API test since namedItem is not used in the JS/V8 binding code.
+
+ * TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
+ * TestWebKitAPI/Tests/mac/HTMLCollectionNamedItem.html: Copied from Tools/TestWebKitAPI/Tests/mac/HTMLFormCollectionNamedItem.html.
+ * TestWebKitAPI/Tests/mac/HTMLCollectionNamedItem.mm: Copied from Tools/TestWebKitAPI/Tests/mac/HTMLFormCollectionNamedItem.mm.
+ (TestWebKitAPI::TEST):
+
2012-06-28 Dirk Pranke <[email protected]>
nrwt: remove the 'google-chrome' port code
Modified: trunk/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj (121520 => 121521)
--- trunk/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj 2012-06-29 06:20:34 UTC (rev 121520)
+++ trunk/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj 2012-06-29 06:38:42 UTC (rev 121521)
@@ -73,6 +73,8 @@
93F7E86F14DC8E5C00C84A99 /* NewFirstVisuallyNonEmptyLayoutFrames_Bundle.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 93F7E86E14DC8E5B00C84A99 /* NewFirstVisuallyNonEmptyLayoutFrames_Bundle.cpp */; };
9B26FC6C159D061000CC3765 /* HTMLFormCollectionNamedItem.mm in Sources */ = {isa = PBXBuildFile; fileRef = 9B26FC6B159D061000CC3765 /* HTMLFormCollectionNamedItem.mm */; };
9B26FCCA159D16DE00CC3765 /* HTMLFormCollectionNamedItem.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = 9B26FCB4159D15E700CC3765 /* HTMLFormCollectionNamedItem.html */; };
+ 9B4F8FA4159D52B1002D9F94 /* HTMLCollectionNamedItem.mm in Sources */ = {isa = PBXBuildFile; fileRef = 9B4F8FA3159D52B1002D9F94 /* HTMLCollectionNamedItem.mm */; };
+ 9B4F8FA7159D52DD002D9F94 /* HTMLCollectionNamedItem.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = 9B4F8FA6159D52CA002D9F94 /* HTMLCollectionNamedItem.html */; };
A7A966DB140ECCC8005EF9B4 /* CheckedArithmeticOperations.cpp in Sources */ = {isa = PBXBuildFile; fileRef = A7A966DA140ECCC8005EF9B4 /* CheckedArithmeticOperations.cpp */; };
B55F11A01516834F00915916 /* AttributedString.mm in Sources */ = {isa = PBXBuildFile; fileRef = B55F119F1516834F00915916 /* AttributedString.mm */; };
B55F11B71517D03300915916 /* attributedStringCustomFont.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = B55F11B01517A2C400915916 /* attributedStringCustomFont.html */; };
@@ -188,6 +190,7 @@
B55F11B71517D03300915916 /* attributedStringCustomFont.html in Copy Resources */,
76E182DF154767E600F1FADD /* auto-submitting-form.html in Copy Resources */,
5142B2731517C8C800C32B19 /* ContextMenuCanCopyURL.html in Copy Resources */,
+ 9B4F8FA7159D52DD002D9F94 /* HTMLCollectionNamedItem.html in Copy Resources */,
9B26FCCA159D16DE00CC3765 /* HTMLFormCollectionNamedItem.html in Copy Resources */,
E1220DCA155B28AA0013E2FC /* MemoryCacheDisableWithinResourceLoadDelegate.html in Copy Resources */,
517E7E04151119C100D0B008 /* MemoryCachePruneWithinResourceLoadDelegate.html in Copy Resources */,
@@ -284,6 +287,8 @@
93F7E86E14DC8E5B00C84A99 /* NewFirstVisuallyNonEmptyLayoutFrames_Bundle.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = NewFirstVisuallyNonEmptyLayoutFrames_Bundle.cpp; sourceTree = "<group>"; };
9B26FC6B159D061000CC3765 /* HTMLFormCollectionNamedItem.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = HTMLFormCollectionNamedItem.mm; sourceTree = "<group>"; };
9B26FCB4159D15E700CC3765 /* HTMLFormCollectionNamedItem.html */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.html; path = HTMLFormCollectionNamedItem.html; sourceTree = "<group>"; };
+ 9B4F8FA3159D52B1002D9F94 /* HTMLCollectionNamedItem.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = HTMLCollectionNamedItem.mm; sourceTree = "<group>"; };
+ 9B4F8FA6159D52CA002D9F94 /* HTMLCollectionNamedItem.html */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.html; path = HTMLCollectionNamedItem.html; sourceTree = "<group>"; };
A7A966DA140ECCC8005EF9B4 /* CheckedArithmeticOperations.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = CheckedArithmeticOperations.cpp; path = WTF/CheckedArithmeticOperations.cpp; sourceTree = "<group>"; };
B55F119F1516834F00915916 /* AttributedString.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = AttributedString.mm; sourceTree = "<group>"; };
B55F11B01517A2C400915916 /* attributedStringCustomFont.html */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.html; path = attributedStringCustomFont.html; sourceTree = "<group>"; };
@@ -663,6 +668,7 @@
C07E6CAE13FD67650038B22B /* DynamicDeviceScaleFactor.mm */,
3776BC62150946BC0043A66D /* DeviceScaleFactorInDashboardRegions.mm */,
939BA91614103412001A01BD /* DeviceScaleFactorOnBack.mm */,
+ 9B4F8FA3159D52B1002D9F94 /* HTMLCollectionNamedItem.mm */,
9B26FC6B159D061000CC3765 /* HTMLFormCollectionNamedItem.mm */,
C507E8A614C6545B005D6B3B /* InspectorBar.mm */,
E1220D9F155B25480013E2FC /* MemoryCacheDisableWithinResourceLoadDelegate.mm */,
@@ -687,6 +693,7 @@
379028B814FABE49007E6B43 /* acceptsFirstMouse.html */,
5142B2721517C89100C32B19 /* ContextMenuCanCopyURL.html */,
37DC678F140D7D3A00ABCCDB /* DOMRangeOfString.html */,
+ 9B4F8FA6159D52CA002D9F94 /* HTMLCollectionNamedItem.html */,
9B26FCB4159D15E700CC3765 /* HTMLFormCollectionNamedItem.html */,
E1220DC9155B287D0013E2FC /* MemoryCacheDisableWithinResourceLoadDelegate.html */,
517E7E031511187500D0B008 /* MemoryCachePruneWithinResourceLoadDelegate.html */,
@@ -899,6 +906,7 @@
51E93017156B13E1004C99DF /* WKPageGetScaleFactorNotZero.cpp in Sources */,
52B8CF9615868CF000281053 /* SetDocumentURI.mm in Sources */,
9B26FC6C159D061000CC3765 /* HTMLFormCollectionNamedItem.mm in Sources */,
+ 9B4F8FA4159D52B1002D9F94 /* HTMLCollectionNamedItem.mm in Sources */,
);
runOnlyForDeploymentPostprocessing = 0;
};
Copied: trunk/Tools/TestWebKitAPI/Tests/mac/HTMLCollectionNamedItem.html (from rev 121511, trunk/Tools/TestWebKitAPI/Tests/mac/HTMLFormCollectionNamedItem.html) (0 => 121521)
--- trunk/Tools/TestWebKitAPI/Tests/mac/HTMLCollectionNamedItem.html (rev 0)
+++ trunk/Tools/TestWebKitAPI/Tests/mac/HTMLCollectionNamedItem.html 2012-06-29 06:38:42 UTC (rev 121521)
@@ -0,0 +1,9 @@
+<!DOCTYPE html>
+<html>
+<body>
+<input type="text" id="idForTwoTextFields" value="firstItem">
+<input type="text" id="idForTwoTextFields" value="secondItem">
+<img name="nameForTwoImages" title="thirdItem">
+<img name="nameForTwoImages" title="fourthItem">
+</body>
+</html>
Copied: trunk/Tools/TestWebKitAPI/Tests/mac/HTMLCollectionNamedItem.mm (from rev 121511, trunk/Tools/TestWebKitAPI/Tests/mac/HTMLFormCollectionNamedItem.mm) (0 => 121521)
--- trunk/Tools/TestWebKitAPI/Tests/mac/HTMLCollectionNamedItem.mm (rev 0)
+++ trunk/Tools/TestWebKitAPI/Tests/mac/HTMLCollectionNamedItem.mm 2012-06-29 06:38:42 UTC (rev 121521)
@@ -0,0 +1,80 @@
+/*
+ * Copyright (C) 2012 Apple Inc. All rights reserved.
+ * Copyright (C) 2012 Google Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include "PlatformUtilities.h"
+#include "PlatformWebView.h"
+#include <wtf/RetainPtr.h>
+
+#import <WebKit/DOM.h>
+#import <WebKit/WebViewPrivate.h>
+
+@interface HTMLCollectionNamedItemTest : NSObject {
+}
+@end
+
+static bool didFinishLoad;
+
+@implementation HTMLCollectionNamedItemTest
+
+- (void)webView:(WebView *)sender didFinishLoadForFrame:(WebFrame *)frame
+{
+ didFinishLoad = true;
+}
+@end
+
+namespace TestWebKitAPI {
+
+TEST(WebKit1, HTMLCollectionNamedItemTest)
+{
+ RetainPtr<WebView> webView(AdoptNS, [[WebView alloc] initWithFrame:NSMakeRect(0, 0, 120, 200) frameName:nil groupName:nil]);
+ RetainPtr<HTMLCollectionNamedItemTest> testController(AdoptNS, [HTMLCollectionNamedItemTest new]);
+
+ webView.get().frameLoadDelegate = testController.get();
+ [[webView.get() mainFrame] loadRequest:[NSURLRequest requestWithURL:[[NSBundle mainBundle]
+ URLForResource:@"HTMLCollectionNamedItem" withExtension:@"html" subdirectory:@"TestWebKitAPI.resources"]]];
+
+ Util::run(&didFinishLoad);
+ didFinishLoad = false;
+
+ DOMDocument *document = webView.get().mainFrameDocument;
+ RetainPtr<DOMHTMLCollection> collection = [[document body] children];
+
+ EXPECT_EQ([collection.get() length], (unsigned)4);
+ EXPECT_WK_STREQ([[collection.get() item:0] value], @"firstItem");
+ EXPECT_WK_STREQ([[collection.get() item:1] value], @"secondItem");
+ EXPECT_WK_STREQ([[collection.get() namedItem:@"idForTwoTextFields"] value], @"firstItem");
+ EXPECT_WK_STREQ([[collection.get() item:1] value], @"secondItem");
+ EXPECT_WK_STREQ([[collection.get() item:0] value], @"firstItem");
+
+ EXPECT_WK_STREQ([(DOMHTMLElement*)[collection.get() item:2] title], @"thirdItem");
+ EXPECT_WK_STREQ([(DOMHTMLElement*)[collection.get() item:3] title], @"fourthItem");
+ EXPECT_WK_STREQ([(DOMHTMLElement*)[collection.get() namedItem:@"nameForTwoImages"] title], @"thirdItem");
+ EXPECT_WK_STREQ([(DOMHTMLElement*)[collection.get() item:3] title], @"fourthItem");
+ EXPECT_WK_STREQ([(DOMHTMLElement*)[collection.get() item:2] title], @"thirdItem");
+}
+
+} // namespace TestWebKitAPI
