summaryrefslogtreecommitdiff
path: root/Source/WebCore/dom
Commit message (Collapse)AuthorAgeFilesLines
* Import QtWebKit commit 5e53102492e5ce85bda2657468f1369a0173c2ceKonstantin Tokarev2019-10-081-3/+3
| | | | | Change-Id: Id71d7c7f5eafe58f7bd8c46a2a07fd0bad015628 Reviewed-by: Konstantin Tokarev <annulen@yandex.ru>
* Import WebKit commit 5ccca3a720f7c2251c4ac8b28f25bd73524081f0Konstantin Tokarev2019-06-042-0/+4
| | | | | | | | | | | | | Change-Id: Idfb37cd43929536d4c67d1fa5d8cb598e9c0ad7e Reviewed-by: Konstantin Tokarev <annulen@yandex.ru>
* Import WebKit commit a8b574fb3cd509a2d3f2a1568ad0a66d1bf0f6e8Konstantin Tokarev2018-01-113-5/+15
| | | | | Change-Id: I66add69e6d08b74111ec8e7e4401e4d813501206 Reviewed-by: Konstantin Tokarev <annulen@yandex.ru>
* Import WebKit commit 6d0ad27b6bc4209fb8d8cee2692dc0c6a5462051v5.212.0-alpha2Konstantin Tokarev2017-06-172-1/+5
| | | | | Change-Id: Ifdedb7bc3162434686201813dc1d994cf5ae7e70 Reviewed-by: Konstantin Tokarev <annulen@yandex.ru>
* Import WebKit commit 3ca7a25a550e473d60bbbe321475c6c0ef114b31Konstantin Tokarev2017-06-026-36/+66
| | | | | Change-Id: I480668a0cb8114dccf7a1195190a993282875759 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
* Import WebKit commit 17e8bfb1ff30314a838b9bf641c112f63a11dba4Konstantin Tokarev2017-03-264-0/+154
| | | | | Change-Id: Ib6549e44a04300c7b7b07ddc9094b823b37f3183 Reviewed-by: Konstantin Tokarev <annulen@yandex.ru>
* Imported WebKit commit eb954cdcf58f9b915b2fcb6f8e4cb3a60650a4f3Konstantin Tokarev2017-02-025-82/+19
| | | | | Change-Id: I8dda875c38075d43b76fe3a21acb0ffa102bb82d Reviewed-by: Konstantin Tokarev <annulen@yandex.ru>
* Imported QtWebKit TP3 (git b57bc6801f1876c3220d5a4bfea33d620d477443)Konstantin Tokarev2017-02-02446-23025/+24719
| | | | | Change-Id: I3b1d8a2808782c9f34d50240000e20cb38d3680f Reviewed-by: Konstantin Tokarev <annulen@yandex.ru>
* Enforce no remote access from local URLs for XHRAllan Sandfeld Jensen2015-04-281-6/+17
| | | | | | | | | | Add a specific setting to disable remote access for local URLs and also enforce that on data-URLs loaded owned by local URLs. Change-Id: Ied8ec141eb1c28775644fce184a4759a79e1d177 Task-number: QTBUG-45556 Reviewed-by: Dmitry Shachnev <mitya57@gmail.com> Reviewed-by: Michael Brüning <michael.bruning@theqtcompany.com>
* Do not enumerate plugins when plugins are disabledJan Kundrát2014-10-231-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Even if plugins were disabled through QWebSettings::PluginsEnabled, WebKit would still enumerate the on-disk NPAPI plugins and attempt to load them. This caused all sorts of havoc especially when loading plugins linked to Qt4. Even if that wasn't the case, plugins should *not* be loaded unless there's a compelling reason to do so. Loading plugins needlessly takes time and it might even have security implications -- it sounds like a good practice to not execute random code, even though it comes from trusted locations, when that code is not needed. After this change, the code still passes the tst_qwebpage tests which are related to plugin loading. As it turns out, the "QtWebKit application plugins" (application/x-qt-plugin and application/x-qt-styled-widget) do not use this code path at all, they instead go through a path like this one: #0 PluginPage::createPlugin ... #1 QWebPagePrivate::createPlugin ... #2 WebCore::FrameLoaderClientQt::createPlugin ... #3 WebCore::SubframeLoader::loadPlugin ... #4 WebCore::SubframeLoader::requestPlugin ... #5 WebCore::SubframeLoader::requestObject ... #6 WebCore::HTMLObjectElement::updateWidget ... #7 WebCore::HTMLPlugInImageElement::updateWidgetIfNecessary ... #8 WebCore::HTMLPlugInImageElement::updateWidgetCallback ... #9 WebCore::ContainerNode::dispatchPostAttachCallbacks ... #10 WebCore::ContainerNode::resumePostAttachCallbacks ... #11 WebCore::PostAttachCallbackDisabler::~PostAttachCallbackDisabler ... #12 WebCore::Document::recalcStyle ... #13 WebCore::Document::updateStyleIfNeeded ... #14 WebCore::Document::finishedParsing ... #15 WebCore::HTMLConstructionSite::finishedParsing ... #16 WebCore::HTMLTreeBuilder::finished ... #17 WebCore::HTMLDocumentParser::end ... #18 WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd ... #19 WebCore::HTMLDocumentParser::prepareToStopParsing ... #20 WebCore::HTMLDocumentParser::attemptToEnd ... #21 WebCore::HTMLDocumentParser::finish ... #22 WebCore::DocumentWriter::end ... #23 WebCore::DocumentLoader::finishedLoading ... Task-number: QTBUG-36349 Change-Id: Id8f37fb16bb295781c22f439fd54a65486deef8e Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com>
* Need to check if some HTML child elements are HTMLUnknownElementAllan Sandfeld Jensen2014-09-191-4/+5
| | | | | | | | | | | | | | Based on upstream fix http://trac.webkit.org/changeset/156953 The check for whether an element is an HTMLAudioElement or not was incomplete. An element can have the 'audio' tag-name but still be another element if media elements have been disabled. In this case it will be an HTMLUnknownElement. Task-number: QTBUG-41360 Change-Id: I6a3e366b9dc268b0dbebe5880ba68945bcb42a27 Reviewed-by: Michael Bruning <michael.bruning@digia.com> Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
* use after free in WebCore::DocumentOrderedMap::remove / ↵Zalan Bujtas2014-07-041-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | WebCore::TreeScope::removeElementById https://bugs.webkit.org/show_bug.cgi?id=121324 Reviewed by Ryosuke Niwa. Update the document ordered map for an image element before dispatching load or error events when it's inserted into a document. Source/WebCore: Test: fast/dom/modify-node-and-while-in-the-callback-too-crash.html * dom/DocumentOrderedMap.cpp: defensive fix to avoid use after free issues. (WebCore::DocumentOrderedMap::remove): * html/HTMLImageElement.cpp: (WebCore::HTMLImageElement::insertedInto): * loader/ImageLoader.cpp: (WebCore::ImageLoader::updateFromElement): setting m_failedLoadURL makes repeated updateFromElement calls return early. Change-Id: I305e56de969d0efe3dc67930cdf585a201e8c6a5 git-svn-id: http://svn.webkit.org/repository/webkit/trunk@159481 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Michael Bruning <michael.bruning@digia.com>
* Fix clang debug-and-release buildAllan Sandfeld Jensen2014-06-131-2/+5
| | | | | | | | Under circumstances clang will leave code that calls the dead default constructor of Attribute, which causes link time errors. Change-Id: I265f5b6ee864737c8261cff1439d525000eed1ba Reviewed-by: Sergio Ahumada <sahumada@blackberry.com>
* Assertion failure in Range::processContentsBetweenOffsetsRyosuke Niwa2014-03-101-2/+4
| | | | | | | | | | | | | | | | | | | | | | | https://bugs.webkit.org/show_bug.cgi?id=122777 Reviewed by Darin Adler. Source/WebCore: Merge https://chromium.googlesource.com/chromium/blink/+/c15de182774c7859c20d97126eb844ae97b792a4 This patch changes ASSERT statements for checking |endOffset| inbound in Range::processContentsBetweenOffsets() to limit |endOffset|. This is necessary when DOMNodeRemovedFromDocument event handler splits text nodes, Range::insertNode() on text node, in the range calling Range::deleteContents(). Test: fast/dom/Range/range-delete-contents-mutation-event-crash.html * dom/Range.cpp: (WebCore::Range::processContentsBetweenOffsets): Change-Id: Ibafd4e42cfc50b0a386f31a0c1b49072cdb220d5 git-svn-id: http://svn.webkit.org/repository/webkit/trunk@157431 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Michael Bruning <michael.bruning@digia.com>
* ASSERTION FAILED: !node || node->isShadowRoot() in ↵Ryosuke Niwa2013-10-221-1/+2
| | | | | | | | | | | | | | | | | WebCore::EventRetargeter::eventTargetRespectingTargetRules https://bugs.webkit.org/show_bug.cgi?id=119720 Reviewed by Andy Estes. Merge https://chromium.googlesource.com/chromium/blink/+/4ce9bfbf54410179cd0f18b3d1a912045fc0ec3d * dom/EventRetargeter.h: (WebCore::EventRetargeter::eventTargetRespectingTargetRules): Change-Id: I56a3429e72689e58e744895b2f85cbcea20e7f54 git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154289 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
* Enable more AllInOne filesAllan Sandfeld Jensen2013-10-111-1/+4
| | | | | | | | | | Modified DOMAllInOne to work on Windows (without libXML2) and enabled CSSAllInOne which already worked. This should lower memory pressure when linking on Windows x86. Change-Id: I621814f44cc8e0aad4cf822d5f0d52c53a6557e2 Reviewed-by: Simon Hausmann <simon.hausmann@digia.com>
* Fix build with clangAllan Sandfeld Jensen2013-09-191-2/+2
| | | | | | | | | | | | | | Forcing C++11 on clang does not work on older versions of clang. Instead fix https://bugs.webkit.org/show_bug.cgi?id=115741 by disabling rvalue references if clang is using a too old version of libstdc++11. Avoid compile_asserts unless we have the same C++11 static asserts used in trunk. Finally build ANGLE with the same C++11 state as the rest, otherwise it will expect libstdc++ symbols instead of libc++ symbols. Change-Id: Ifa49325a73d6dc17bc67bccd79813b25860df915 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com>
* Import Qt5x2 branch of QtWebkit for Qt 5.2Allan Sandfeld Jensen2013-09-19293-8000/+11587
| | | | | | | Importing a new snapshot of webkit. Change-Id: I2d01ad12cdc8af8cb015387641120a9d7ea5f10c Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com>
* Merge remote-tracking branch 'origin/stable' into devFrederik Gladhorn2013-08-121-1/+0
|\ | | | | | | Change-Id: If43a2a4465fc0f236eb3d20d2dc2e2de81955531
| * Potential use-after-free with an event fired at a HTMLMediaElement which is ↵Eric Carlson2013-08-071-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | currently being deleted https://bugs.webkit.org/show_bug.cgi?id=117466 Reviewed by Oliver Hunt. Merge https://chromium.googlesource.com/chromium/blink/+/f4200a0093b3d9376f703961615359ec7fb712b4 If an event is created using as target an HTMLMediaElement which is currently being deleted it becomes a heap-use-after free situation. The GenericEventQueue instance is already owned by the HTMLMediaElement, and there already is an underlying mechanism to set the target of the event to NULL, if their target is owner of the queue. In order to avoid creating this reference in the first place, we enqueue the event with a NULL target to defer the refcount increment until the timer for dispatching the event happens (which won't happen at all if garbage collection is already destroying the objects). Source/WebCore: Test: media/track/media-element-enqueue-event-crash.html * dom/GenericEventQueue.cpp: (WebCore::GenericEventQueue::enqueueEvent): Don't ASSERT if the event has no target. * html/HTMLMediaElement.cpp: (WebCore::HTMLMediaElement::~HTMLMediaElement): Close the event queue so it won't try to dispatch any pending events. (WebCore::HTMLMediaElement::scheduleEvent): Don't set the event target, it will happen just prior to event dispatch. (WebCore::HTMLMediaElement::stop): Close the event queue. Change-Id: I2b17e9080516036d2a271b204d0925a1a3fb2930 git-svn-id: http://svn.webkit.org/repository/webkit/trunk@151600 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
* | Unprefix Page Visibility APIsimon.fraser@apple.com2013-08-094-13/+13
|/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | https://bugs.webkit.org/show_bug.cgi?id=102340 Source/WebCore: Reviewed by Tim Horton. Remove prefixes from the document properties, and the visibilitychanged event. Rename the "preview" state to "unloaded". The "unloaded" state is never reached yet (see https://bugs.webkit.org/show_bug.cgi?id=116769). Add some comments to places where we should update the visibility state when going in and out of the page cache, but cannot safely do so yet. Tested by existing Page Visibility tests. * dom/Document.cpp: (WebCore::Document::pageVisibilityState): (WebCore::Document::visibilityState): (WebCore::Document::hidden): (WebCore::Document::dispatchVisibilityStateChangeEvent): * dom/Document.h: * dom/Document.idl: * dom/EventNames.h: * history/CachedFrame.cpp: (WebCore::CachedFrameBase::restore): * loader/FrameLoader.cpp: (WebCore::FrameLoader::stopLoading): * page/Page.cpp: (WebCore::Page::setVisibilityState): * page/PageVisibilityState.cpp: (WebCore::pageVisibilityStateString): * page/PageVisibilityState.h: Source/WebKit/efl: Reviewed by Tim Horton. Rename "preview" state to "unloaded" state. * WebCoreSupport/AssertMatchingEnums.cpp: * ewk/ewk_view.h: Source/WebKit/mac: Reviewed by Tim Horton. Renaming of the "preview" state to "unloaded". * WebView/WebView.mm: * WebView/WebViewPrivate.h: Source/WebKit2: Reviewed by Tim Horton. Renaming of the "preview" state to "unloaded". * Shared/API/c/WKPageVisibilityTypes.h: * Shared/API/c/WKSharedAPICast.h: (WebKit::toPageVisibilityState): Tools: Reviewed by Tim Horton. Rename "preview" state to "unloaded" state, and adjust the tests to test for it. * DumpRenderTree/mac/TestRunnerMac.mm: (TestRunner::setPageVisibility): * TestWebKitAPI/Tests/WebKit2/PageVisibilityState.cpp: (TestWebKitAPI::setPageVisibilityStateWithEvalContinuation): (TestWebKitAPI::didRunStep2StateChangeHiddenToPrerender): (TestWebKitAPI::didRunStep3StateChangePrerenderToUnloaded): (TestWebKitAPI::didRunStep4InStateUnloaded): * TestWebKitAPI/Tests/mac/PageVisibilityStateWithWindowChanges.html: * TestWebKitAPI/Tests/mac/PageVisibilityStateWithWindowChanges.mm: (TestWebKitAPI::PageVisibilityStateWithWindowChanges::runTest): * WebKitTestRunner/InjectedBundle/TestRunner.cpp: (WTR::TestRunner::setPageVisibility): LayoutTests: Reviewed by Tim Horton. Remove prefixes, adjust to state name changes. * fast/events/page-visibility-iframe-delete-test.html: * fast/events/page-visibility-iframe-move-test-expected.txt: * fast/events/page-visibility-iframe-move-test.html: * fast/events/page-visibility-iframe-propagation-test-expected.txt: * fast/events/page-visibility-iframe-propagation-test.html: * fast/events/page-visibility-null-view-expected.txt: * fast/events/page-visibility-null-view.html: * fast/events/page-visibility-transition-test-expected.txt: * fast/events/page-visibility-transition-test.html: Change-Id: I9751efeae0bab8136a63c7e22ad0d513fc8ceb0c git-svn-id: http://svn.webkit.org/repository/webkit/trunk@150695 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com>
* Late-loading stylesheets can cause composited layers to be blankSimon Fraser2013-04-301-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | https://bugs.webkit.org/show_bug.cgi?id=103773 Reviewed by Tim Horton. Early painting can be short-circuited in RenderBlock::paintContents() if we know a stylesheet is pending, which is done to avoid a flash of unstyled content (FOUC). When the stylesheet finally loaded, Document::styleResolverChanged() would try to repaint everything by calling repaint() on the RenderView(). In a composited world, however, this repaint() doesn't repaint composited layers. This was particularly prevalent on this specific URL because it failed to load a CSS file from typekit.com, so Document::styleResolverChanged() just did the repaint and returned (rather than doing a recalc style as would happen for correctly loaded stylesheets). Fix by making a way to repaint all compositing layers, and calling it from Document::styleResolverChanged(). No tests because this is timing-dependant. * dom/Document.cpp: (WebCore::Document::styleResolverChanged): Call repaintViewAndCompositedLayers(). * rendering/RenderBlock.cpp: (WebCore::RenderBlock::paintContents): Fix the comment. * rendering/RenderLayerCompositor.cpp: Convert repaintCompositedLayersAbsoluteRect() and associated recursiveRepaintLayerRect() to allow the rect to be null, which indicates that we should just repaint the entire layer, and improve their names. (WebCore::RenderLayerCompositor::repaintCompositedLayers): (WebCore::RenderLayerCompositor::recursiveRepaintLayer): * rendering/RenderLayerCompositor.h: * rendering/RenderView.cpp: (WebCore::RenderView::repaintRectangleInViewAndCompositedLayers): repaintCompositedLayersAbsoluteRect() was renamed to repaintCompositedLayers(). (WebCore::RenderView::repaintViewAndCompositedLayers): * rendering/RenderView.h: (RenderView): repaintViewRectangle() and repaintRectangleInViewAndCompositedLayers() should not be virtual. Add repaintViewAndCompositedLayers(). Change-Id: I86401d25d06128db33a5e5db099144d6b05850ef git-svn-id: http://svn.webkit.org/repository/webkit/trunk@136277 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
* Restore old semantics to webkitRequestAnimationFrame callbacksJames Simonsen2013-04-082-1/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | https://bugs.webkit.org/show_bug.cgi?id=106697 MERGE NOTE: Fixes regression from r131131, webkit bug #66683 Reviewed by James Robinson. Source/WebCore: Sites that use GWT <= 2.4 are buggy and rely on Date.now()-like callback values. We'll restore that behavior to the prefixed version of webkitRequestAnimationFrame. requestAnimationFrame will continue to follow the spec. Test: fast/animation/request-animation-frame-prefix.html * dom/RequestAnimationFrameCallback.h: (RequestAnimationFrameCallback): * dom/ScriptedAnimationController.cpp: (WebCore::ScriptedAnimationController::serviceScriptedAnimations): * page/DOMWindow.cpp: (WebCore::DOMWindow::requestAnimationFrame): (WebCore): (WebCore::DOMWindow::webkitRequestAnimationFrame): * page/DOMWindow.h: (DOMWindow): * page/DOMWindow.idl: LayoutTests: * fast/animation/request-animation-frame-prefix-expected.txt: Added. * fast/animation/request-animation-frame-prefix.html: Added. * fast/animation/script-tests/request-animation-frame-prefix.js: Added. (busyWait): (window.webkitRequestAnimationFrame): Change-Id: Ibdd0b3aaa4154ad0861f3b95e0ab405ccffd0297 git-svn-id: http://svn.webkit.org/repository/webkit/trunk@139509 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
* Regression(r131539): Heap-use-after-free in ↵Allan Sandfeld Jensen2013-02-282-16/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | WebCore::RenderBlock::willBeDestroyed https://bugs.webkit.org/show_bug.cgi?id=107189 Reviewed by Abhishek Arya. Source/WebCore: Test: fast/dynamic/continuation-detach-crash.html This patch reverts r131539 and the following changes (r132591 and r139664). This means we redo detaching from the bottom-up which solves the regression. It fixes the attached test case as we re-attach child nodes before detaching the parent. It seems wrong to do but this avoid a stale continuation. * dom/ContainerNode.cpp: (WebCore::ContainerNode::detach): Detach the children first, then ourself. * dom/Node.cpp: (WebCore::Node::detach): Clear the renderer instead of ASSERT'ing. * rendering/RenderObject.cpp: (WebCore::RenderObject::willBeDestroyed): Removed the code to clear the associated node's renderer. (WebCore::RenderObject::destroyAndCleanupAnonymousWrappers): * rendering/RenderObjectChildList.cpp: (WebCore::RenderObjectChildList::removeChildNode): Moved the repainting logic back into removeChildNode from destroyAndCleanupAnonymousWrappers. (WebCore::RenderObjectChildList::destroyLeftoverChildren): Re-added the code to clear the associated node's renderer. * rendering/RenderTextFragment.cpp: (WebCore::RenderTextFragment::setText): Re-added the code to set the associated node's renderer. * dom/ContainerNode.cpp: (WebCore::ContainerNode::detach): * dom/Node.cpp: (WebCore::Node::detach): * rendering/RenderObject.cpp: (WebCore::RenderObject::willBeDestroyed): (WebCore::RenderObject::destroyAndCleanupAnonymousWrappers): * rendering/RenderObjectChildList.cpp: (WebCore::RenderObjectChildList::destroyLeftoverChildren): (WebCore::RenderObjectChildList::removeChildNode): * rendering/RenderTextFragment.cpp: (WebCore::RenderTextFragment::setText): Change-Id: I5c4df1881f041ecd80180cb1638cd811d0972189 git-svn-id: http://svn.webkit.org/repository/webkit/trunk@142500 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
* REGRESSION: ChildrenAffectedBy flags lost between siblings which have child ↵Allan Sandfeld Jensen2013-02-072-0/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | elements sharing style https://bugs.webkit.org/show_bug.cgi?id=105672 Reviewed by Andreas Kling. Change in how childrenAffectedBy bits were stored made it easier to trigger an issue where childrenAffectedBy bits were not set due to sharing of styles between cousin elements. This patch fixes the issue by not sharing styles from children with parents who prevent sharing. Tests: fast/selectors/cousin-stylesharing-adjacent-selector.html fast/selectors/cousin-stylesharing-last-child-selector.html * css/StyleResolver.cpp: (WebCore::parentElementPreventsSharing): (WebCore::StyleResolver::locateCousinList): * dom/Element.cpp: (WebCore::Element::hasFlagsSetDuringStylingOfChildren): * dom/Element.h: (Element): git-svn-id: http://svn.webkit.org/repository/webkit/trunk@141093 268f45cc-cd09-0410-ab3c-d52691b4dbfc Change-Id: I333eb08622790a1be96287abca38e0d1efb49de6 Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
* Heap-use-after-free in WebCore::XMLDocumentParser::doEndAllan Sandfeld Jensen2013-01-231-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | https://bugs.webkit.org/show_bug.cgi?id=100152 Reviewed by Adam Barth. XMLDocumentParser can be blown away inside document()->styleResolverChanged() call. Protect it with a local RefPtr in Document::explitClose. No new tests. The site specific dependencies are hard to minimize. * dom/Document.cpp: (WebCore::Document::explicitClose): RefPtr m_parser into a local, since it can be detached and nulled out in DocumentWriter::end(). * xml/parser/XMLDocumentParser.cpp: (WebCore::XMLDocumentParser::end): Bail out when we are detached. * xml/parser/XMLDocumentParserLibxml2.cpp: (WebCore::XMLDocumentParser::doEnd): Bail out when we are detached. * xml/parser/XMLDocumentParserQt.cpp: (WebCore::XMLDocumentParser::doEnd): Bail out when we are detached. Change-Id: If7ff9142c561391e7c30632a9b8fb9cbb284fb2c Reviewed-by: Simon Hausmann <simon.hausmann@digia.com>
* [Qt] Crash in WebCore::CachedFrame::destroyjocelyn.turcotte@digia.com2013-01-171-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | https://bugs.webkit.org/show_bug.cgi?id=104525 Reviewed by Adam Barth. Source/WebCore: Add an assert to increase the chances of catching this crash early on in the future. * dom/Document.cpp: (WebCore::Document::takeDOMWindowFrom): Source/WebKit/qt: Remove the call to HistoryController::setCurrentItem which is ultimately causing the initial empty document of a page to be added to the page cache. This re-introduce the bug that was fixed by this line, which will be properly fixed in a follow-up patch. * Api/qwebhistory.cpp: (operator>>): * tests/qwebhistory/tst_qwebhistory.cpp: (tst_QWebHistory::saveAndRestore_crash_4): Cover the crash. Change-Id: Ia96ba570231557f8b53bc586410d50875880e1d1 git-svn-id: http://svn.webkit.org/repository/webkit/trunk@139876 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
* Document::initSecurityContext() fails to call ↵Jocelyn Turcotte2012-12-041-11/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | securityOrigin().grantLoadLocalResources() https://bugs.webkit.org/show_bug.cgi?id=68711 Reviewed by Adam Barth. Source/WebCore: It currently fails since Document::loader() will return 0 until Frame::setDocument is called and we are doing this check before it happens. Delay the check and let the FrameLoader take care of doing grantLoadLocalResources() on the Document along with other header checks in FrameLoader::didBeginDocument. * dom/Document.cpp: (WebCore::Document::initSecurityContext): * loader/FrameLoader.cpp: (WebCore::FrameLoader::didBeginDocument): Source/WebKit/qt: * tests/qwebpage/tst_qwebpage.cpp: (tst_QWebPage::testStopScheduledPageRefresh): Unmark the expected failure. Change-Id: Iec4f0106c42af572a1e4a8d352baa9d1a2fc8a1a git-svn-id: http://svn.webkit.org/repository/webkit/trunk@136404 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
* Imported WebKit commit 6a4a1d32e1d779548c726c4826cba9d69eb87601 ↵Simon Hausmann2012-11-302-3/+3
| | | | | | | | | | | (http://svn.webkit.org/repository/webkit/trunk@136242) Final import for the Qt 5.x series that implements the QtWebKit / QtWebKitWidgets split Extra fixes will be cherry-picked. Change-Id: I844f1ebb99c6d6b75db31d6538c2acd628e79681 Reviewed-by: Simon Hausmann <simon.hausmann@digia.com>
* Imported WebKit commit c60cfe0fc09efd257aa0111d7b133b02deb8a63e ↵Simon Hausmann2012-11-2925-498/+690
| | | | | | | | | (http://svn.webkit.org/repository/webkit/trunk@136119) New snapshot that includes the fix for installing the QtWebProcess into libexec Change-Id: I01344e079cbdac5678c4cba6ffcc05f4597cf0d7 Reviewed-by: Simon Hausmann <simon.hausmann@digia.com>
* Imported WebKit commit 76dac539db7ece7079963adfcfe878d8e2f7d861 ↵Simon Hausmann2012-11-2640-215/+260
| | | | | | | | | (http://svn.webkit.org/repository/webkit/trunk@135696) New snapshot that fixes build after QMacStyle removal Change-Id: Idea95c96c73b49158d52861db2a4b8d2c51766b0 Reviewed-by: Simon Hausmann <simon.hausmann@digia.com>
* Imported WebKit commit 8eb048315f36fa33731f28694630fe4a3c2cbc99 ↵Simon Hausmann2012-11-2314-148/+100
| | | | | | | | | (http://svn.webkit.org/repository/webkit/trunk@135602) New snapshot that fixes various bugs Change-Id: Icb6ce541a26a9f500d087821ce4b83a8d8a5474a Reviewed-by: Simon Hausmann <simon.hausmann@digia.com>
* Imported WebKit commit e89504fa9195b2063b2530961d4b73dd08de3242 ↵Simon Hausmann2012-11-2281-1174/+1416
| | | | | | | (http://svn.webkit.org/repository/webkit/trunk@135485) Change-Id: I03774e5ac79721c13ffa30d152537a74d0b12e66 Reviewed-by: Simon Hausmann <simon.hausmann@digia.com>
* Imported WebKit commit e2c32e2f53e02d388e70b9db88b91d8d9d28fc84 ↵Simon Hausmann2012-11-095-10/+10
| | | | | | (http://svn.webkit.org/repository/webkit/trunk@133952) Revert back to an older snapshot that should build on ARM
* Imported WebKit commit 7bcdfab9a40db7d16b4b95bb77d78b8a59c9e701 ↵Simon Hausmann2012-11-0918-64/+45
| | | | | | (http://svn.webkit.org/repository/webkit/trunk@134025) New snapshot with numerious build fixes, including MSVC 2012 and ARM Thumb-2.
* Imported WebKit commit 20271caf2e2c016d5cef40184cddeefeac4f1876 ↵Simon Hausmann2012-11-0750-617/+924
| | | | | | (http://svn.webkit.org/repository/webkit/trunk@133733) New snapshot that contains all previous fixes as well as build fix for latest QtMultimedia API changes.
* Imported WebKit commit 7136c2962f51f9ea361d9796b069374d0f41c922 ↵Simon Hausmann2012-10-232-19/+15
| | | | | | (http://svn.webkit.org/repository/webkit/trunk@132195) Build fix for Windows when building against Qt that was built without Angle support
* Imported WebKit commit 20434eb8eb95065803473139d8794e98a7672f75 ↵Simon Hausmann2012-10-2312-59/+89
| | | | | | (http://svn.webkit.org/repository/webkit/trunk@132191) New snapshot that should fix build with latest qtbase and the QPlastiqueStyle removal
* Imported WebKit commit 302e7806bff028bd1167a1ec7c86a1ee00ecfb49 ↵Simon Hausmann2012-10-2217-85/+189
| | | | | | (http://svn.webkit.org/repository/webkit/trunk@132067) New snapshot that fixes build without QtWidgets
* Imported WebKit commit 795dcd25a9649fccaf1c9b685f6e2ffedaf7e620 ↵Simon Hausmann2012-10-184-20/+39
| | | | | | | (http://svn.webkit.org/repository/webkit/trunk@131718) New snapshot that includes the return of -fkeep-memory at link time to reduce memory pressure as well as modularized documentation
* Imported WebKit commit cf4f8fc6f19b0629f51860cb2d4b25e139d07e00 ↵Simon Hausmann2012-10-17130-2389/+2499
| | | | | | | (http://svn.webkit.org/repository/webkit/trunk@131592) New snapshot that includes the build fixes for Mac OS X 10.6 and earlier as well as the previously cherry-picked changes
* Revert "Imported WebKit commit 0dc6cd75e1d4836eaffbb520be96fac4847cc9d2 ↵Simon Hausmann2012-10-16125-2400/+2344
| | | | | | | | (http://svn.webkit.org/repository/webkit/trunk@131300)" This reverts commit 5466563f4b5b6b86523e3f89bb7f77e5b5270c78. Caused OOM issues on some CI machines :(
* Imported WebKit commit 0dc6cd75e1d4836eaffbb520be96fac4847cc9d2 ↵Simon Hausmann2012-10-15125-2344/+2400
| | | | | | | | | (http://svn.webkit.org/repository/webkit/trunk@131300) WebKit update which introduces the QtWebKitWidgets module that contains the WK1 widgets based API. (In fact it renames QtWebKit to QtWebKitWidgets while we're working on completing the entire split as part of https://bugs.webkit.org/show_bug.cgi?id=99314
* Imported WebKit commit c596dd7f03007fa7ed896b928106497e8784b3b5 ↵Simon Hausmann2012-09-263-17/+14
| | | | | | (http://svn.webkit.org/repository/webkit/trunk@129610) New snapshot that removes QtQuick1 support (to be moved into QtQuick1 module)
* Imported WebKit commit ce614b0924ba46f78d4435e28ff93c8525fbb7cc ↵Simon Hausmann2012-09-2514-676/+847
| | | | | | (http://svn.webkit.org/repository/webkit/trunk@129485) New snapshot that includes MingW build fixes
* Imported WebKit commit 6339232fec7f5d9984a33388aecfd2cbc7832053 ↵Simon Hausmann2012-09-249-220/+137
| | | | | | (http://svn.webkit.org/repository/webkit/trunk@129343) New snapshot with build fixes for latest qtbase
* Imported WebKit commit 080af0beaa6f0ba8ff8f44cb8bd8b5dcf75ac0af ↵Simon Hausmann2012-09-203-4/+4
| | | | | | (http://svn.webkit.org/repository/webkit/trunk@129119) New snapshot with prospective build fix for incorrect QtWebKit master module header file creation
* Imported WebKit commit c7503cef7ecb236730d1309676ab9fc723fd061d ↵Simon Hausmann2012-09-1821-81/+247
| | | | | | (http://svn.webkit.org/repository/webkit/trunk@128886) New snapshot with various build fixes
* Imported WebKit commit 37c5e5041d39a14ea0d429a77ebd352e4bd26516 ↵Simon Hausmann2012-09-1432-307/+425
| | | | | | (http://svn.webkit.org/repository/webkit/trunk@128608) New snapshot that enables WebKit2 build on Windows (still some bugs) and allows for WebKit to be built with qmake && make
* Imported WebKit commit 42d95198c30c2d1a94a5081181aad0b2be7c316c ↵Simon Hausmann2012-09-113-366/+2
| | | | | | | (http://svn.webkit.org/repository/webkit/trunk@128206) This includes the rewrite of the configure part of the build system which should fix the QtQuick2 detection and allow for further simplifications in the future
View Lorry Controller Status