[webkit-changes] [159618] trunk

Thu, 21 Nov 2013 10:37:57 -0800

Title: [159618] trunk
Revision
159618
Author
[email protected]
Date
2013-11-21 05:43:34 -0800 (Thu, 21 Nov 2013)

Log Message

HTML parser should not associate elements inside templates with forms
https://bugs.webkit.org/show_bug.cgi?id=117779

Reviewed by Antti Koivisto.

Source/WebCore:

Merge https://chromium.googlesource.com/chromium/blink/+/45aadf7ee7ee010327eb692066cf013315ef3ed7

When parsing <form><template><input>, the previous behavior was to associate the <input> with the <form>,
even though they're not in the same tree (or even the same document).

This patch changes that by checking, prior to creating a form control element, whether the element to be
created lives in a document with a browsing context.

We don't update m_form as needed to faithfully match the HTML5 specification's form element pointer
http://www.whatwg.org/specs/web-apps/current-work/multipage/parsing.html#form-element-pointer
and its algorithm for creating and inserting nodes:
http://www.whatwg.org/specs/web-apps/current-work/multipage/tree-construction.html#creating-and-inserting-nodes

While this leaves isindex's reference to form element pointer stale:
http://www.whatwg.org/specs/web-apps/current-work/multipage/tree-construction.html#isindex
The HTML5 specification matches the behaviors of Chrome and Firefox so we leave it as is.

Test: fast/dom/HTMLTemplateElement/no-form-association.html

* html/parser/HTMLConstructionSite.cpp:
(WebCore::HTMLConstructionSite::createHTMLElement):

LayoutTests:

* fast/dom/HTMLTemplateElement/no-form-association-expected.txt: Added.
* fast/dom/HTMLTemplateElement/no-form-association.html: Added.

Modified Paths

Added Paths

Diff

Modified: trunk/LayoutTests/ChangeLog (159617 => 159618)


--- trunk/LayoutTests/ChangeLog	2013-11-21 13:22:44 UTC (rev 159617)
+++ trunk/LayoutTests/ChangeLog	2013-11-21 13:43:34 UTC (rev 159618)
@@ -1,3 +1,13 @@
+2013-11-21  Ryosuke Niwa  <[email protected]>
+
+        HTML parser should not associate elements inside templates with forms
+        https://bugs.webkit.org/show_bug.cgi?id=117779
+
+        Reviewed by Antti Koivisto.
+
+        * fast/dom/HTMLTemplateElement/no-form-association-expected.txt: Added.
+        * fast/dom/HTMLTemplateElement/no-form-association.html: Added.
+
 2013-11-20  Ryosuke Niwa  <[email protected]>
 
         Hoist <template> to head when found between </head> and <body> for consistency with <script>

Added: trunk/LayoutTests/fast/dom/HTMLTemplateElement/no-form-association-expected.txt (0 => 159618)


--- trunk/LayoutTests/fast/dom/HTMLTemplateElement/no-form-association-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/fast/dom/HTMLTemplateElement/no-form-association-expected.txt	2013-11-21 13:43:34 UTC (rev 159618)
@@ -0,0 +1,16 @@
+Form control elements inside templates should not be associated with forms outside the template
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+Form in document, input inside template:
+PASS form.length is 0
+PASS input.form is null
+
+Form in template, input in sub-template:
+PASS form.length is 0
+PASS input.form is null
+PASS successfullyParsed is true
+
+TEST COMPLETE
+

Added: trunk/LayoutTests/fast/dom/HTMLTemplateElement/no-form-association.html (0 => 159618)


--- trunk/LayoutTests/fast/dom/HTMLTemplateElement/no-form-association.html	                        (rev 0)
+++ trunk/LayoutTests/fast/dom/HTMLTemplateElement/no-form-association.html	2013-11-21 13:43:34 UTC (rev 159618)
@@ -0,0 +1,24 @@
+<!DOCTYPE html>
+<body>
+<form style="display:none">
+<template id="one"><input></template>
+</form>
+<template id="two"><form><template><input></template></form></template>
+<script src=""
+<script>
+description("Form control elements inside templates should not be associated with forms outside the template");
+
+debug('Form in document, input inside template:');
+var form = document.querySelector('form');
+var input = document.querySelector('#one').content.querySelector('input');
+shouldBe('form.length', '0');
+shouldBeNull('input.form');
+
+debug('\nForm in template, input in sub-template:');
+form = document.querySelector('#two').content.querySelector('form');
+input = document.querySelector('#two').content.querySelector('template').content.querySelector('input');
+shouldBe('form.length', '0');
+shouldBeNull('input.form');
+</script>
+<script src=""
+</body>

Modified: trunk/Source/WebCore/ChangeLog (159617 => 159618)


--- trunk/Source/WebCore/ChangeLog	2013-11-21 13:22:44 UTC (rev 159617)
+++ trunk/Source/WebCore/ChangeLog	2013-11-21 13:43:34 UTC (rev 159618)
@@ -1,3 +1,32 @@
+2013-11-21  Ryosuke Niwa  <[email protected]>
+
+        HTML parser should not associate elements inside templates with forms
+        https://bugs.webkit.org/show_bug.cgi?id=117779
+
+        Reviewed by Antti Koivisto.
+
+        Merge https://chromium.googlesource.com/chromium/blink/+/45aadf7ee7ee010327eb692066cf013315ef3ed7
+
+        When parsing <form><template><input>, the previous behavior was to associate the <input> with the <form>,
+        even though they're not in the same tree (or even the same document).
+
+        This patch changes that by checking, prior to creating a form control element, whether the element to be
+        created lives in a document with a browsing context.
+
+        We don't update m_form as needed to faithfully match the HTML5 specification's form element pointer
+        http://www.whatwg.org/specs/web-apps/current-work/multipage/parsing.html#form-element-pointer
+        and its algorithm for creating and inserting nodes:
+        http://www.whatwg.org/specs/web-apps/current-work/multipage/tree-construction.html#creating-and-inserting-nodes
+
+        While this leaves isindex's reference to form element pointer stale:
+        http://www.whatwg.org/specs/web-apps/current-work/multipage/tree-construction.html#isindex
+        The HTML5 specification matches the behaviors of Chrome and Firefox so we leave it as is.
+
+        Test: fast/dom/HTMLTemplateElement/no-form-association.html
+
+        * html/parser/HTMLConstructionSite.cpp:
+        (WebCore::HTMLConstructionSite::createHTMLElement):
+
 2013-11-21  Carlos Garcia Campos  <[email protected]>
 
         [GTK] Cannot scroll in option menu when it larger than the screen

Modified: trunk/Source/WebCore/html/parser/HTMLConstructionSite.cpp (159617 => 159618)


--- trunk/Source/WebCore/html/parser/HTMLConstructionSite.cpp	2013-11-21 13:22:44 UTC (rev 159617)
+++ trunk/Source/WebCore/html/parser/HTMLConstructionSite.cpp	2013-11-21 13:43:34 UTC (rev 159618)
@@ -543,7 +543,10 @@
     // FIXME: This can't use HTMLConstructionSite::createElement because we
     // have to pass the current form element.  We should rework form association
     // to occur after construction to allow better code sharing here.
-    RefPtr<Element> element = HTMLElementFactory::createElement(tagName, ownerDocumentForCurrentNode(), form(), true);
+    // http://www.whatwg.org/specs/web-apps/current-work/multipage/tree-construction.html#create-an-element-for-the-token
+    Document& ownerDocument = ownerDocumentForCurrentNode();
+    bool openElementsContainTemplateElement = !ownerDocument.frame();
+    RefPtr<Element> element = HTMLElementFactory::createElement(tagName, ownerDocument, openElementsContainTemplateElement ? nullptr : form(), true);
     setAttributes(element.get(), token, m_parserContentPolicy);
     ASSERT(element->isHTMLElement());
     return element.release();

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to