Fix a crash in HTMLFormControlElement::disabled().
authortkent@chromium.org <tkent@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 29 May 2012 05:37:57 +0000 (05:37 +0000)
committertkent@chromium.org <tkent@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 29 May 2012 05:37:57 +0000 (05:37 +0000)
commitaf32e3afec114696510fb1b6ad466571d84233b3
tree9ac30b58c5b5419fa6b75c9e9f9d29c4d2f8888f
parenta70c729bd57c057ad3d54514658ab4e378261aaa
Fix a crash in HTMLFormControlElement::disabled().
https://bugs.webkit.org/show_bug.cgi?id=86534

Reviewed by Ryosuke Niwa.

Source/WebCore:

Stop to hold pointers of fildset and legend elements. We can avoid it by
holding ancestor's disabled state.

The ancesotr's disabled state should be invalidated when
 - fieldset's disabled value is changed.
 - fieldset's children is updated because a legend position might be changed.
 - A form control is attached to or detached from a tree.

No new tests. It's almost impossible to make a reliable test.

* html/HTMLFieldSetElement.cpp:
(WebCore::HTMLFieldSetElement::invalidateDisabledStateUnder):
Added. Invalidate disabled state of form controls under the specified node.
(WebCore::HTMLFieldSetElement::disabledAttributeChanged):
Uses invalidateDisabledStateUnder().
(WebCore::HTMLFieldSetElement::childrenChanged):
Added new override function. We need invalidate disabled state of form
controls under legend elements.

* html/HTMLFieldSetElement.h:
(HTMLFieldSetElement): Add invalidateDisabledStateUnder() and childrenChanged().

* html/HTMLFormControlElement.cpp:
(WebCore::HTMLFormControlElement::HTMLFormControlElement):
Remove initialization of the removed data members.
Initialize m_ancestorDisabledState.
(WebCore::HTMLFormControlElement::updateAncestorDisabledState):
Update m_ancestorDisabledState. It should be
AncestorDisabledStateDisabled if the control is under a disabled
fieldset and not under the first legend child of the disabled filedset.
(WebCore::HTMLFormControlElement::ancestorDisabledStateWasChanged):
Invalidate m_ancestorDisabledState.
(WebCore::HTMLFormControlElement::insertedInto): ditto.
(WebCore::HTMLFormControlElement::removedFrom): ditto.
(WebCore::HTMLFormControlElement::disabled):
Calls updateAncestorDisabledState() if needed.
(WebCore::HTMLFormControlElement::recalcWillValidate):
Remove unnecessary check for m_legendAncestor.

* html/HTMLFormControlElement.h:
(HTMLFormControlElement):
- Rename updateFieldSetAndLegendAncestor() to updateAncestorDisabledState(), and make it private.
- Remove m_fieldSetAncestor, m_legendAncestor, and m_fieldSetAncestorValid.
- Add m_ancestorDisabledState.

LayoutTests:

Add a testcase to confirm <lagend> doesn't affect validation.

* fast/forms/datalist/datalist-child-validation-expected.txt:
* fast/forms/datalist/datalist-child-validation.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@118725 268f45cc-cd09-0410-ab3c-d52691b4dbfc
LayoutTests/ChangeLog
LayoutTests/fast/forms/datalist/datalist-child-validation-expected.txt
LayoutTests/fast/forms/datalist/datalist-child-validation.html
Source/WebCore/ChangeLog
Source/WebCore/html/HTMLFieldSetElement.cpp
Source/WebCore/html/HTMLFieldSetElement.h
Source/WebCore/html/HTMLFormControlElement.cpp
Source/WebCore/html/HTMLFormControlElement.h