Roll r168668 back in.
authorjhoneycutt@apple.com <jhoneycutt@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 29 May 2014 23:52:32 +0000 (23:52 +0000)
committerjhoneycutt@apple.com <jhoneycutt@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 29 May 2014 23:52:32 +0000 (23:52 +0000)
<https://bugs.webkit.org/show_bug.cgi?id=132621>

Reviewed by Brent Fulgham.

Source/WebCore:
Tests: fast/events/beforeload-assertion.html
       fast/events/beforeload-iframe-crash.html
       fast/events/beforeload-input-time-crash.html

* WebCore.exp.in:
* dom/Document.cpp:
(WebCore::Document::updateLayoutIgnorePendingStylesheets):
* dom/Document.h:
* html/HTMLAppletElement.cpp:
(WebCore::HTMLAppletElement::renderWidgetForJSBindings):
* html/HTMLEmbedElement.cpp:
(WebCore::HTMLEmbedElement::renderWidgetForJSBindings):
* html/HTMLObjectElement.cpp:
(WebCore::HTMLObjectElement::renderWidgetForJSBindings):
* page/FrameView.cpp:
(WebCore::FrameView::FrameView):
(WebCore::FrameView::reset):
(WebCore::FrameView::updateEmbeddedObjectsTimerFired):
(WebCore::FrameView::flushAnyPendingPostLayoutTasks):
(WebCore::FrameView::performPostLayoutTasks):
* page/FrameView.h:
* testing/Internals.cpp:
(WebCore::Internals::updateLayoutIgnorePendingStylesheetsAndRunPostLayoutTasks):
* testing/Internals.h:
* testing/Internals.idl:

Source/WebKit:
* WebKit.vcxproj/WebKitExportGenerator/WebKitExports.def.in:

LayoutTests:
* compositing/plugins/composited-plugin.html:
* compositing/plugins/no-backing-store.html:
* fast/dom/beforeload/flash-before-load.html:
* fast/events/beforeload-assertion-expected.txt: Added.
* fast/events/beforeload-assertion.html: Added.
* fast/events/beforeload-iframe-crash-expected.txt: Added.
* fast/events/beforeload-iframe-crash.html: Added.
* fast/events/beforeload-input-time-crash-expected.txt: Added.
* fast/events/beforeload-input-time-crash.html: Added.
* http/tests/security/contentSecurityPolicy/1.1/plugintypes-notype-data.html:
* http/tests/security/contentSecurityPolicy/1.1/plugintypes-nourl-blocked.html:
* http/tests/security/contentSecurityPolicy/object-src-no-url-allowed.html:
* http/tests/security/contentSecurityPolicy/object-src-no-url-blocked.html:
* http/tests/security/contentSecurityPolicy/object-src-none-allowed.html:
* http/tests/security/contentSecurityPolicy/object-src-none-blocked.html:
* http/tests/security/contentSecurityPolicy/resources/multiple-iframe-plugin-test.js:
(testImpl.iframe.onload):
(testImpl):
* http/tests/security/mixedContent/insecure-plugin-in-iframe.html:
* platform/mac/plugins/supports-carbon-event-model.html:
* platform/mac/plugins/testplugin-onnew-onpaint.html:
* plugins/get-user-agent-with-null-npp-from-npp-new.html:
* plugins/mouse-click-plugin-clears-selection.html:
* plugins/netscape-plugin-map-data-to-src.html:
* plugins/no-mime-with-valid-extension.html:
* plugins/plugin-initiate-popup-window.html:
* plugins/windowless_plugin_paint_test.html:
* resources/plugin.js: Added.
(runAfterPluginLoad):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@169475 268f45cc-cd09-0410-ab3c-d52691b4dbfc

41 files changed:
LayoutTests/ChangeLog
LayoutTests/compositing/plugins/composited-plugin.html
LayoutTests/compositing/plugins/no-backing-store.html
LayoutTests/fast/dom/beforeload/flash-before-load.html
LayoutTests/fast/events/beforeload-assertion-expected.txt [new file with mode: 0644]
LayoutTests/fast/events/beforeload-assertion.html [new file with mode: 0644]
LayoutTests/fast/events/beforeload-iframe-crash-expected.txt [new file with mode: 0644]
LayoutTests/fast/events/beforeload-iframe-crash.html [new file with mode: 0644]
LayoutTests/fast/events/beforeload-input-time-crash-expected.txt [new file with mode: 0644]
LayoutTests/fast/events/beforeload-input-time-crash.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/plugintypes-notype-data.html
LayoutTests/http/tests/security/contentSecurityPolicy/1.1/plugintypes-nourl-blocked.html
LayoutTests/http/tests/security/contentSecurityPolicy/object-src-no-url-allowed.html
LayoutTests/http/tests/security/contentSecurityPolicy/object-src-no-url-blocked.html
LayoutTests/http/tests/security/contentSecurityPolicy/object-src-none-allowed.html
LayoutTests/http/tests/security/contentSecurityPolicy/object-src-none-blocked.html
LayoutTests/http/tests/security/contentSecurityPolicy/resources/multiple-iframe-plugin-test.js
LayoutTests/http/tests/security/mixedContent/insecure-plugin-in-iframe.html
LayoutTests/platform/mac/plugins/supports-carbon-event-model.html
LayoutTests/platform/mac/plugins/testplugin-onnew-onpaint.html
LayoutTests/plugins/get-user-agent-with-null-npp-from-npp-new.html
LayoutTests/plugins/mouse-click-plugin-clears-selection.html
LayoutTests/plugins/netscape-plugin-map-data-to-src.html
LayoutTests/plugins/no-mime-with-valid-extension.html
LayoutTests/plugins/plugin-initiate-popup-window.html
LayoutTests/plugins/windowless_plugin_paint_test.html
LayoutTests/resources/plugin.js [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/WebCore.exp.in
Source/WebCore/dom/Document.cpp
Source/WebCore/dom/Document.h
Source/WebCore/html/HTMLAppletElement.cpp
Source/WebCore/html/HTMLEmbedElement.cpp
Source/WebCore/html/HTMLObjectElement.cpp
Source/WebCore/page/FrameView.cpp
Source/WebCore/page/FrameView.h
Source/WebCore/testing/Internals.cpp
Source/WebCore/testing/Internals.h
Source/WebCore/testing/Internals.idl
Source/WebKit/ChangeLog
Source/WebKit/WebKit.vcxproj/WebKitExportGenerator/WebKitExports.def.in

index 95d2469..b55776c 100644 (file)
@@ -1,3 +1,41 @@
+2014-05-28  Jon Honeycutt  <jhoneycutt@apple.com>
+
+        Roll r168668 back in.
+
+        <https://bugs.webkit.org/show_bug.cgi?id=132621>
+
+        Reviewed by Brent Fulgham.
+
+        * compositing/plugins/composited-plugin.html:
+        * compositing/plugins/no-backing-store.html:
+        * fast/dom/beforeload/flash-before-load.html:
+        * fast/events/beforeload-assertion-expected.txt: Added.
+        * fast/events/beforeload-assertion.html: Added.
+        * fast/events/beforeload-iframe-crash-expected.txt: Added.
+        * fast/events/beforeload-iframe-crash.html: Added.
+        * fast/events/beforeload-input-time-crash-expected.txt: Added.
+        * fast/events/beforeload-input-time-crash.html: Added.
+        * http/tests/security/contentSecurityPolicy/1.1/plugintypes-notype-data.html:
+        * http/tests/security/contentSecurityPolicy/1.1/plugintypes-nourl-blocked.html:
+        * http/tests/security/contentSecurityPolicy/object-src-no-url-allowed.html:
+        * http/tests/security/contentSecurityPolicy/object-src-no-url-blocked.html:
+        * http/tests/security/contentSecurityPolicy/object-src-none-allowed.html:
+        * http/tests/security/contentSecurityPolicy/object-src-none-blocked.html:
+        * http/tests/security/contentSecurityPolicy/resources/multiple-iframe-plugin-test.js:
+        (testImpl.iframe.onload):
+        (testImpl):
+        * http/tests/security/mixedContent/insecure-plugin-in-iframe.html:
+        * platform/mac/plugins/supports-carbon-event-model.html:
+        * platform/mac/plugins/testplugin-onnew-onpaint.html:
+        * plugins/get-user-agent-with-null-npp-from-npp-new.html:
+        * plugins/mouse-click-plugin-clears-selection.html:
+        * plugins/netscape-plugin-map-data-to-src.html:
+        * plugins/no-mime-with-valid-extension.html:
+        * plugins/plugin-initiate-popup-window.html:
+        * plugins/windowless_plugin_paint_test.html:
+        * resources/plugin.js: Added.
+        (runAfterPluginLoad):
+
 2014-05-29  Myles C. Maxfield  <mmaxfield@apple.com>
 
         Support -apple-system-font on OS X
index e9099ee..eb01953 100644 (file)
@@ -1,6 +1,8 @@
 <!DOCTYPE html>
 <html>
 <body>
+  <script src="../../resources/plugin.js"></script>
+  <script>runAfterPluginLoad(null, NotifyDone);</script>
   <embed type="application/x-webkit-test-netscape" drawingmodel="coreanimation">
 </body>
 </html>
index 8280fcc..9d58e74 100644 (file)
@@ -6,11 +6,12 @@
       margin: 10px;
     }
   </style>
+  <script src="../../resources/plugin.js"></script>
   <script type="text/javascript" charset="utf-8">
-    if (window.testRunner) {
+    if (window.testRunner)
         testRunner.dumpAsText();
-        testRunner.waitUntilDone();
-    }
+
+    runAfterPluginLoad(doTest, DoNotNotifyDone);
 
     function doTest()
     {
@@ -22,7 +23,6 @@
             }
         }, 0)
     }
-    window.addEventListener('load', doTest, false);
   </script>
 </head>
 <body>
index 0f4ba30..fe107b5 100644 (file)
@@ -4,9 +4,12 @@
 </head>
 <body>
 <div id="console"></div>
+<script src="../../../resources/plugin.js"></script>
 <script>
-if (window.testRunner)
-    testRunner.dumpAsText();
+    if (window.testRunner)
+        testRunner.dumpAsText();
+
+    runAfterPluginLoad(null, NotifyDone);
 </script>
 
 <object id="plugin" onbeforeload="return false" type="application/x-shockwave-flash" data="../../../plugins/resources/simple_blank.swf"
diff --git a/LayoutTests/fast/events/beforeload-assertion-expected.txt b/LayoutTests/fast/events/beforeload-assertion-expected.txt
new file mode 100644 (file)
index 0000000..35f869b
--- /dev/null
@@ -0,0 +1,2 @@
+
+PASS if no assertion failure.
diff --git a/LayoutTests/fast/events/beforeload-assertion.html b/LayoutTests/fast/events/beforeload-assertion.html
new file mode 100644 (file)
index 0000000..e8cebf1
--- /dev/null
@@ -0,0 +1,12 @@
+<div id="d1"></div>
+<script>
+if (window.testRunner)
+    testRunner.dumpAsText();
+document.addEventListener('beforeload', function(event) {
+    d1.appendChild(document.createElement('button'));
+    d1.offsetLeft;
+    d1.remove();
+}, true);
+</script>
+<embed src="data:image/png,"></embed>
+<p>PASS if no assertion failure.</p>
\ No newline at end of file
diff --git a/LayoutTests/fast/events/beforeload-iframe-crash-expected.txt b/LayoutTests/fast/events/beforeload-iframe-crash-expected.txt
new file mode 100644 (file)
index 0000000..fbfeed9
--- /dev/null
@@ -0,0 +1 @@
+PASS if not crashed.
diff --git a/LayoutTests/fast/events/beforeload-iframe-crash.html b/LayoutTests/fast/events/beforeload-iframe-crash.html
new file mode 100644 (file)
index 0000000..a4dc7e6
--- /dev/null
@@ -0,0 +1,19 @@
+<iframe></iframe><object onbeforeload="crash()">
+<script>
+if (window.testRunner) {
+    testRunner.dumpAsText();
+    testRunner.waitUntilDone();
+}
+
+function crash() {
+    document.getElementsByTagName("iframe")[0].contentWindow.scrollX;
+    document.open();
+}
+
+document.body.offsetLeft;
+setTimeout(function() {
+    document.close();
+    document.body.innerHTML = 'PASS if not crashed.';
+    testRunner.notifyDone();
+}, 1);
+</script>
\ No newline at end of file
diff --git a/LayoutTests/fast/events/beforeload-input-time-crash-expected.txt b/LayoutTests/fast/events/beforeload-input-time-crash-expected.txt
new file mode 100644 (file)
index 0000000..fbfeed9
--- /dev/null
@@ -0,0 +1 @@
+PASS if not crashed.
diff --git a/LayoutTests/fast/events/beforeload-input-time-crash.html b/LayoutTests/fast/events/beforeload-input-time-crash.html
new file mode 100644 (file)
index 0000000..6cd6855
--- /dev/null
@@ -0,0 +1,18 @@
+<input id="t1" type="time">
+<script>
+var time1 = document.getElementById('t1');
+document.addEventListener('beforeload', function(event) {
+    time1.value = time1.value ? '' : '23:59';
+}, true);
+
+if (window.testRunner) {
+    testRunner.dumpAsText();
+    testRunner.waitUntilDone();
+}
+setTimeout(function() {
+    document.body.innerHTML = 'PASS if not crashed.';
+    testRunner.notifyDone();
+}, 100);
+time1.focus();
+</script>
+<embed src="data:text/html,PASS"></embed>
\ No newline at end of file
index 1b41b01..9542c47 100644 (file)
@@ -1,11 +1,14 @@
 <!DOCTYPE html>                                                                                                                                                                                
 <html>
 <head>
+<script src="/js-test-resources/plugin.js"></script>
 <script>
-if (window.testRunner) {
-    testRunner.dumpAsText();
-    testRunner.dumpChildFramesAsText();
-}
+    if (window.testRunner) {
+        testRunner.dumpAsText();
+        testRunner.dumpChildFramesAsText();
+    }
+
+    runAfterPluginLoad(null, NotifyDone);
 </script>
 <script src="/plugins/resources/mock-plugin-logger.js"></script>
 <meta http-equiv="X-WebKit-CSP" content="plugin-types application/x-invalid-type">
index 18db2d7..a0b8f5b 100644 (file)
@@ -1,9 +1,12 @@
 <!DOCTYPE html>
 <html>
 <head>
+<script src="/js-test-resources/plugin.js"></script>
 <script>
-if (window.testRunner)
-    testRunner.dumpAsText();
+    if (window.testRunner)
+        testRunner.dumpAsText();
+
+    runAfterPluginLoad(null, NotifyDone);
 </script>
 <meta http-equiv="X-WebKit-CSP" content="plugin-types text/plain">
 </head>
index 2c06d1f..5ae9e3c 100644 (file)
@@ -1,9 +1,12 @@
 <!DOCTYPE html>
 <html>
 <head>
+<script src="/js-test-resources/plugin.js"></script>
 <script>
-if (window.testRunner)
-  testRunner.dumpAsText();
+    if (window.testRunner)
+        testRunner.dumpAsText();
+
+    runAfterPluginLoad(null, NotifyDone);
 </script>
 <meta http-equiv="Content-Security-Policy" content="object-src 'self'">
 </head>
index 6135915..fc57e72 100644 (file)
@@ -1,9 +1,12 @@
 <!DOCTYPE html>
 <html>
 <head>
+<script src="/js-test-resources/plugin.js"></script>
 <script>
-if (window.testRunner)
-  testRunner.dumpAsText();
+    if (window.testRunner)
+        testRunner.dumpAsText();
+
+    runAfterPluginLoad(null, NotifyDone);
 </script>
 <meta http-equiv="Content-Security-Policy" content="object-src 'none'">
 </head>
index 7afb449..72f7f95 100644 (file)
@@ -1,14 +1,17 @@
 <!DOCTYPE html>
 <html>
 <head>
-<script>
-if (window.testRunner) {
-  testRunner.dumpAsText();
-  testRunner.dumpChildFramesAsText();
-}
-</script>
+<script src="/js-test-resources/plugin.js"></script>
 </head>
 <body>
   <iframe src="http://127.0.0.1:8000/security/contentSecurityPolicy/resources/echo-object-data.pl?plugin=data:application/x-webkit-test-netscape,logifloaded&log=PASS!&csp=img-src%20'none'"></iframe>
 </body>
+<script>
+    if (window.testRunner) {
+        testRunner.dumpAsText();
+        testRunner.dumpChildFramesAsText();
+    }
+
+    runAfterPluginLoad(null, NotifyDone, document.getElementsByTagName("iframe")[0]);
+</script>
 </html>
index b49f3c2..ed43e20 100644 (file)
@@ -1,14 +1,17 @@
 <!DOCTYPE html>
 <html>
 <head>
-<script>
-if (window.testRunner) {
-  testRunner.dumpAsText();
-  testRunner.dumpChildFramesAsText();
-}
-</script>
+<script src="/js-test-resources/plugin.js"></script>
 </head>
 <body>
   <iframe src="http://127.0.0.1:8000/security/contentSecurityPolicy/resources/echo-object-data.pl?plugin=data:application/x-webkit-test-netscape,logifloaded&log=FAIL&csp=object-src%20'none'"></iframe>
 </body>
+<script>
+    if (window.testRunner) {
+        testRunner.dumpAsText();
+        testRunner.dumpChildFramesAsText();
+    }
+
+    runAfterPluginLoad(null, NotifyDone, document.getElementsByTagName("iframe")[0]);
+</script>
 </html>
index 0420b3e..8cd4acf 100644 (file)
@@ -38,7 +38,11 @@ function testImpl(experimental) {
     else
         iframe.src += "&type=application/x-webkit-test-netscape";
 
-    iframe.onload = function() { testImpl(experimental); };
+    iframe.onload = function() {
+        if (window.internals)
+            internals.updateLayoutIgnorePendingStylesheetsAndRunPostLayoutTasks(iframe);
+        testImpl(experimental);
+    };
     document.body.appendChild(iframe);
 }
 
index 0a7bb2c..f7520b6 100644 (file)
@@ -3,6 +3,11 @@
 <script>
 if (window.testRunner)
     testRunner.dumpAsText();
+
+onload = function() {
+    if (window.internals)
+        internals.updateLayoutIgnorePendingStylesheetsAndRunPostLayoutTasks(document.querySelector('iframe'));
+};
 </script>
 <p>This test loads a secure iframe that loads an insecure plugin.  We should
 get a mixed content callback because the insecure plug-in can script the secure
index 6ab09bd..5456ab3 100644 (file)
@@ -1,6 +1,9 @@
+<script src="../../../resources/plugin.js"></script>
 <script>
-if (window.testRunner)
-    testRunner.dumpAsText();
+    if (window.testRunner)
+        testRunner.dumpAsText();
+
+    runAfterPluginLoad(null, NotifyDone);
 </script>
 
 <embed id="testPlugin" 
index 7771a7f..e059096 100644 (file)
@@ -2,6 +2,7 @@
 
 <html>
 <head>
+    <script src="../../../resources/plugin.js"></script>
     <script type="text/javascript" charset="utf-8">
         if (window.testRunner)
             testRunner.dumpAsText();
@@ -25,6 +26,8 @@
                 didPaint = true;
             }
         }
+
+        runAfterPluginLoad(null, NotifyDone);
     </script>
 </head>
 <body>
index 8c43f8a..e87f5e4 100644 (file)
@@ -1,9 +1,11 @@
 <!DOCTYPE html>
 <html>
 <head>
+    <script src="../resources/plugin.js"></script>
     <script>
         if (window.testRunner)
             testRunner.dumpAsText();
+        runAfterPluginLoad(null, NotifyDone);
     </script>
 </head>
 <body>
index 516001b..ffbf527 100644 (file)
@@ -1,8 +1,9 @@
 <html>
 <head>
+<script src="../resources/plugin.js"></script>
 <script>
 
-function runTest() {
+runAfterPluginLoad(function() {
     inputElement = document.getElementById('frame');
     inputElement.focus();
     inputElement.select();
@@ -14,10 +15,10 @@ function runTest() {
         eventSender.mouseDown();
         eventSender.mouseUp();
     }
-}
+}, NotifyDone);
 </script>
 </head>
-<body onload="runTest();">
+<body>
 <embed id="plg" type="application/x-webkit-test-netscape" width="100" height="100" windowedplugin="false"></embed><br>
 <input id="frame" value="hello"/>
 <div id="output"></div>
index 7adaee5..7d91ec0 100644 (file)
@@ -1,8 +1,10 @@
 <html>
 <head>
+<script src="../resources/plugin.js"></script>
 <script>
     if (window.testRunner)
         testRunner.dumpAsText();
+    runAfterPluginLoad(null, NotifyDone);
 </script>
 <body style="margin:0px;overflow:hidden">
 <object name="testPlugin" type="application/x-webkit-test-netscape" logSrc="true" data="blah">
index 46fbce8..032eb23 100644 (file)
@@ -1,8 +1,8 @@
+<script src="../resources/plugin.js"></script>
 <script>
-    if (window.testRunner) {
+    if (window.testRunner)
         testRunner.dumpAsText();
-        testRunner.waitUntilDone();
-    }
+    runAfterPluginLoad(null, NotifyDone);
 </script>
 <p>
 This test checks that <a href="https://bugs.webkit.org/show_bug.cgi?id=50657">bug 50568</a>
@@ -12,8 +12,4 @@ and nothing will be displayed on screen. Upon success, this test should display
 attribute.
 </p>
 <!-- Embed tag with missing type="" parameter -->
-<embed id="plugin" name="plugin" src="resources/test.testnetscape" logSrc="1">
-<script>
-    if (window.testRunner)
-        testRunner.notifyDone();
-</script>
+<embed id="plugin" name="plugin" src="resources/test.testnetscape" logSrc="1">
\ No newline at end of file
index 8b22ca1..9be0f9b 100644 (file)
@@ -64,7 +64,7 @@ function end_test() {
 }
 </script>
 </head>
-<body onload="window.setTimeout(test, 0);">
+<body onload="internals.updateLayoutIgnorePendingStylesheetsAndRunPostLayoutTasks(); test();">
 <embed type="application/x-webkit-test-netscape" width=100 height=40 evaluatescript="mouse::popup_by_mousedown()" windowedplugin="false"></embed><br>
 <embed type="application/x-webkit-test-netscape" width=100 height=40 evaluatescript="key::popup_by_keydown()" windowedplugin="false"></embed><br>
 Specify a script and a mouse/keyboard event to the plugin. The specified script will be evaluated in the browser when the specified event is received by the plugin. The test is for bug https://bugs.webkit.org/show_bug.cgi?id=41292.<br>
index fc6432a..c8a9c5b 100644 (file)
@@ -14,6 +14,8 @@
         var pluginDiv = document.getElementById("pluginDiv");\r
         // Create the plugin in the middle of the page.\r
         pluginDiv.innerHTML = "<embed id=\"testPlugin\" type=\"application/x-webkit-test-netscape\" width=\"200\" height=\"200\" onpaintevent=\"didPaint()\" windowedPlugin=\"false\"></embed>";\r
+        if (window.internals)\r
+            internals.updateLayoutIgnorePendingStylesheetsAndRunPostLayoutTasks();\r
         testRunner.displayInvalidatedRegion();\r
       }\r
 \r
diff --git a/LayoutTests/resources/plugin.js b/LayoutTests/resources/plugin.js
new file mode 100644 (file)
index 0000000..8a03e8b
--- /dev/null
@@ -0,0 +1,21 @@
+// Wait for the load event, run post layout tasks, run the specified function,
+// and notify the test runner that the test is done.
+
+var NotifyDone = true;
+var DoNotNotifyDone = false;
+
+function runAfterPluginLoad(func, notifyDone, node) {
+    if (window.testRunner)
+        testRunner.waitUntilDone();
+
+    window.addEventListener('load', function() {
+        if (window.internals)
+            internals.updateLayoutIgnorePendingStylesheetsAndRunPostLayoutTasks(node);
+
+        if (func)
+            func();
+
+        if (notifyDone && window.testRunner)
+            testRunner.notifyDone();
+    }, false);
+}
index 092ff45..4f430c9 100644 (file)
@@ -1,3 +1,37 @@
+2014-05-28  Jon Honeycutt  <jhoneycutt@apple.com>
+
+        Roll r168668 back in.
+
+        <https://bugs.webkit.org/show_bug.cgi?id=132621>
+
+        Reviewed by Brent Fulgham.
+
+        Tests: fast/events/beforeload-assertion.html
+               fast/events/beforeload-iframe-crash.html
+               fast/events/beforeload-input-time-crash.html
+
+        * WebCore.exp.in:
+        * dom/Document.cpp:
+        (WebCore::Document::updateLayoutIgnorePendingStylesheets):
+        * dom/Document.h:
+        * html/HTMLAppletElement.cpp:
+        (WebCore::HTMLAppletElement::renderWidgetForJSBindings):
+        * html/HTMLEmbedElement.cpp:
+        (WebCore::HTMLEmbedElement::renderWidgetForJSBindings):
+        * html/HTMLObjectElement.cpp:
+        (WebCore::HTMLObjectElement::renderWidgetForJSBindings):
+        * page/FrameView.cpp:
+        (WebCore::FrameView::FrameView):
+        (WebCore::FrameView::reset):
+        (WebCore::FrameView::updateEmbeddedObjectsTimerFired):
+        (WebCore::FrameView::flushAnyPendingPostLayoutTasks):
+        (WebCore::FrameView::performPostLayoutTasks):
+        * page/FrameView.h:
+        * testing/Internals.cpp:
+        (WebCore::Internals::updateLayoutIgnorePendingStylesheetsAndRunPostLayoutTasks):
+        * testing/Internals.h:
+        * testing/Internals.idl:
+
 2014-05-29  Myles C. Maxfield  <mmaxfield@apple.com>
 
         Support -apple-system-font on OS X
index b511322..67b077e 100644 (file)
@@ -1278,7 +1278,7 @@ __ZN7WebCore8Document25scheduleForcedStyleRecalcEv
 __ZN7WebCore8Document26didRemoveWheelEventHandlerEv
 __ZN7WebCore8Document26pageSizeAndMarginsInPixelsEiRNS_7IntSizeERiS3_S3_S3_
 __ZN7WebCore8Document27removeMediaCanStartListenerEPNS_21MediaCanStartListenerE
-__ZN7WebCore8Document36updateLayoutIgnorePendingStylesheetsEv
+__ZN7WebCore8Document36updateLayoutIgnorePendingStylesheetsENS0_18RunPostLayoutTasksE
 __ZN7WebCore8Document4headEv
 __ZN7WebCore8Document8iconURLsEi
 __ZN7WebCore8FormData6createEPKvm
@@ -1797,6 +1797,7 @@ __ZNK7WebCore20TransformationMatrixcv13CATransform3DEv
 __ZNK7WebCore21BackForwardController12forwardCountEv
 __ZNK7WebCore21BackForwardController18canGoBackOrForwardEi
 __ZNK7WebCore21BackForwardController9backCountEv
+__ZNK7WebCore21HTMLFrameOwnerElement15contentDocumentEv
 __ZNK7WebCore21NetworkStorageSession13cookieStorageEv
 __ZNK7WebCore21RenderLayerCompositor11scrollLayerEv
 __ZNK7WebCore21RenderLayerCompositor15rootRenderLayerEv
index eb45ab8..9908e6e 100644 (file)
@@ -1826,10 +1826,10 @@ void Document::updateLayout()
 // stylesheets are loaded. Doing a layout ignoring the pending stylesheets
 // lets us get reasonable answers. The long term solution to this problem is
 // to instead suspend JavaScript execution.
-void Document::updateLayoutIgnorePendingStylesheets()
+void Document::updateLayoutIgnorePendingStylesheets(Document::RunPostLayoutTasks runPostLayoutTasks)
 {
     bool oldIgnore = m_ignorePendingStylesheets;
-    
+
     if (!haveStylesheetsLoaded()) {
         m_ignorePendingStylesheets = true;
         // FIXME: We are willing to attempt to suppress painting with outdated style info only once.  Our assumption is that it would be
@@ -1851,6 +1851,9 @@ void Document::updateLayoutIgnorePendingStylesheets()
 
     updateLayout();
 
+    if (runPostLayoutTasks == RunPostLayoutTasksSynchronously && view())
+        view()->flushAnyPendingPostLayoutTasks();
+
     m_ignorePendingStylesheets = oldIgnore;
 }
 
index 07c3018..b6fc9da 100644 (file)
@@ -587,7 +587,11 @@ public:
     void updateStyleIfNeeded();
     bool updateStyleIfNeededForNode(const Node&);
     void updateLayout();
-    void updateLayoutIgnorePendingStylesheets();
+    enum RunPostLayoutTasks {
+        RunPostLayoutTasksAsynchronously,
+        RunPostLayoutTasksSynchronously,
+    };
+    void updateLayoutIgnorePendingStylesheets(RunPostLayoutTasks = RunPostLayoutTasksAsynchronously);
     PassRef<RenderStyle> styleForElementIgnoringPendingStylesheets(Element*);
 
     // Returns true if page box (margin boxes and page borders) is visible.
index 7afabd4..934e35b 100644 (file)
@@ -88,7 +88,10 @@ RenderWidget* HTMLAppletElement::renderWidgetForJSBindings() const
     if (!canEmbedJava())
         return 0;
 
-    document().updateLayoutIgnorePendingStylesheets();
+    // Needs to load the plugin immediatedly because this function is called
+    // when JavaScript code accesses the plugin.
+    // FIXME: <rdar://16893708> Check if dispatching events here is safe.
+    document().updateLayoutIgnorePendingStylesheets(Document::RunPostLayoutTasksSynchronously);
     return renderWidget();
 }
 
index 67b966e..045155d 100644 (file)
@@ -71,8 +71,12 @@ static inline RenderWidget* findWidgetRenderer(const Node* n)
 RenderWidget* HTMLEmbedElement::renderWidgetForJSBindings() const
 {
     FrameView* view = document().view();
-    if (!view || (!view->isInLayout() && !view->isPainting()))
-        document().updateLayoutIgnorePendingStylesheets();
+    if (!view || (!view->isInLayout() && !view->isPainting())) {
+        // Needs to load the plugin immediatedly because this function is called
+        // when JavaScript code accesses the plugin.
+        // FIXME: <rdar://16893708> Check if dispatching events here is safe.
+        document().updateLayoutIgnorePendingStylesheets(Document::RunPostLayoutTasksSynchronously);
+    }
     return findWidgetRenderer(this);
 }
 
index a3a9996..ab91bbc 100644 (file)
@@ -83,7 +83,10 @@ PassRefPtr<HTMLObjectElement> HTMLObjectElement::create(const QualifiedName& tag
 
 RenderWidget* HTMLObjectElement::renderWidgetForJSBindings() const
 {
-    document().updateLayoutIgnorePendingStylesheets();
+    // Needs to load the plugin immediatedly because this function is called
+    // when JavaScript code accesses the plugin.
+    // FIXME: <rdar://16893708> Check if dispatching events here is safe.
+    document().updateLayoutIgnorePendingStylesheets(Document::RunPostLayoutTasksSynchronously);
     return renderWidget(); // This will return 0 if the renderer is not a RenderWidget.
 }
 
index 780f599..39033f5 100644 (file)
@@ -160,6 +160,7 @@ FrameView::FrameView(Frame& frame)
     , m_layoutPhase(OutsideLayout)
     , m_inSynchronousPostLayout(false)
     , m_postLayoutTasksTimer(this, &FrameView::postLayoutTimerFired)
+    , m_updateEmbeddedObjectsTimer(this, &FrameView::updateEmbeddedObjectsTimerFired)
     , m_isTransparent(false)
     , m_baseBackgroundColor(Color::white)
     , m_mediaType("screen")
@@ -250,6 +251,7 @@ void FrameView::reset()
     m_layoutCount = 0;
     m_nestedLayoutCount = 0;
     m_postLayoutTasksTimer.stop();
+    m_updateEmbeddedObjectsTimer.stop();
     m_firstLayout = true;
     m_firstLayoutCallbackPending = false;
     m_wasScrolledByUser = false;
@@ -2735,16 +2737,28 @@ bool FrameView::updateEmbeddedObjects()
     return m_embeddedObjectsToUpdate->isEmpty();
 }
 
-void FrameView::flushAnyPendingPostLayoutTasks()
+void FrameView::updateEmbeddedObjectsTimerFired(Timer<FrameView>*)
 {
-    if (!m_postLayoutTasksTimer.isActive())
-        return;
+    RefPtr<FrameView> protect(this);
+    m_updateEmbeddedObjectsTimer.stop();
+    for (unsigned i = 0; i < maxUpdateEmbeddedObjectsIterations; i++) {
+        if (updateEmbeddedObjects())
+            break;
+    }
+}
 
-    performPostLayoutTasks();
+void FrameView::flushAnyPendingPostLayoutTasks()
+{
+    if (m_postLayoutTasksTimer.isActive())
+        performPostLayoutTasks();
+    if (m_updateEmbeddedObjectsTimer.isActive())
+        updateEmbeddedObjectsTimerFired(nullptr);
 }
 
 void FrameView::performPostLayoutTasks()
 {
+    // FIXME: We should not run any JavaScript code in this function.
+
     m_postLayoutTasksTimer.stop();
 
     frame().selection().layoutDidChange();
@@ -2775,10 +2789,7 @@ void FrameView::performPostLayoutTasks()
     // is called through the post layout timer.
     Ref<FrameView> protect(*this);
 
-    for (unsigned i = 0; i < maxUpdateEmbeddedObjectsIterations; i++) {
-        if (updateEmbeddedObjects())
-            break;
-    }
+    m_updateEmbeddedObjectsTimer.startOneShot(0);
 
     if (auto* page = frame().page()) {
         if (auto* scrollingCoordinator = page->scrollingCoordinator())
index 4e0443f..7b1ab55 100644 (file)
@@ -588,6 +588,7 @@ private:
     void enableSpeculativeTilingIfNeeded();
     void speculativeTilingEnableTimerFired(Timer<FrameView>&);
 
+    void updateEmbeddedObjectsTimerFired(Timer<FrameView>*);
     bool updateEmbeddedObjects();
     void updateEmbeddedObject(RenderEmbeddedObject&);
     void scrollToAnchor();
@@ -642,6 +643,7 @@ private:
     int m_layoutCount;
     unsigned m_nestedLayoutCount;
     Timer<FrameView> m_postLayoutTasksTimer;
+    Timer<FrameView> m_updateEmbeddedObjectsTimer;
     bool m_firstLayoutCallbackPending;
 
     bool m_firstLayout;
index de856c8..62cc45e 100644 (file)
@@ -50,6 +50,7 @@
 #include "FormController.h"
 #include "FrameLoader.h"
 #include "FrameView.h"
+#include "HTMLIFrameElement.h"
 #include "HTMLInputElement.h"
 #include "HTMLNames.h"
 #include "HTMLPlugInElement.h"
@@ -1905,6 +1906,28 @@ void Internals::stopTrackingRepaints(ExceptionCode& ec)
     frameView->setTracksRepaints(false);
 }
 
+void Internals::updateLayoutIgnorePendingStylesheetsAndRunPostLayoutTasks(ExceptionCode& ec)
+{
+    updateLayoutIgnorePendingStylesheetsAndRunPostLayoutTasks(nullptr, ec);
+}
+
+void Internals::updateLayoutIgnorePendingStylesheetsAndRunPostLayoutTasks(Node* node, ExceptionCode& ec)
+{
+    Document* document;
+    if (!node)
+        document = contextDocument();
+    else if (node->isDocumentNode())
+        document = toDocument(node);
+    else if (node->hasTagName(HTMLNames::iframeTag))
+        document = toHTMLIFrameElement(node)->contentDocument();
+    else {
+        ec = TypeError;
+        return;
+    }
+
+    document->updateLayoutIgnorePendingStylesheets(Document::RunPostLayoutTasksSynchronously);
+}
+
 #if !PLATFORM(IOS)
 static const char* cursorTypeToString(Cursor::Type cursorType)
 {
index 639e275..7fa90fd 100644 (file)
@@ -271,6 +271,8 @@ public:
 
     void startTrackingRepaints(ExceptionCode&);
     void stopTrackingRepaints(ExceptionCode&);
+    void updateLayoutIgnorePendingStylesheetsAndRunPostLayoutTasks(ExceptionCode&);
+    void updateLayoutIgnorePendingStylesheetsAndRunPostLayoutTasks(Node*, ExceptionCode&);
 
     PassRefPtr<ArrayBuffer> serializeObject(PassRefPtr<SerializedScriptValue>) const;
     PassRefPtr<SerializedScriptValue> deserializeBuffer(PassRefPtr<ArrayBuffer>) const;
index 259e518..6b73a1a 100644 (file)
     [RaisesException] void startTrackingRepaints();
     [RaisesException] void stopTrackingRepaints();
 
+    // |node| should be Document, HTMLIFrameElement, or unspecified.
+    // If |node| is an HTMLIFrameElement, it assumes node.contentDocument is
+    // specified without security checks. Unspecified means this document.
+    [RaisesException] void updateLayoutIgnorePendingStylesheetsAndRunPostLayoutTasks(optional Node node);
+
     // Returns a string with information about the mouse cursor used at the specified client location.
     [RaisesException] DOMString getCurrentCursorInfo();
 
index c089535..b3adc18 100644 (file)
@@ -1,3 +1,13 @@
+2014-05-28  Jon Honeycutt  <jhoneycutt@apple.com>
+
+        Roll r168668 back in.
+
+        <https://bugs.webkit.org/show_bug.cgi?id=132621>
+
+        Reviewed by Brent Fulgham.
+
+        * WebKit.vcxproj/WebKitExportGenerator/WebKitExports.def.in:
+
 2014-05-27  Csaba Osztrogon√°c  <ossy@webkit.org>
 
         Speculative Windows buildfix after r169358.
index affe014..ace2570 100644 (file)
@@ -175,6 +175,7 @@ EXPORTS
         symbolWithPointer(?childItemWithTarget@HistoryItem@WebCore@@QBEPAV12@ABVString@WTF@@@Z, ?childItemWithTarget@HistoryItem@WebCore@@QEBAPEAV12@AEBVString@WTF@@@Z)
         symbolWithPointer(?create@Range@WebCore@@SA?AV?$PassRefPtr@VRange@WebCore@@@WTF@@AAVDocument@2@V?$PassRefPtr@VNode@WebCore@@@4@H1H@Z, ?create@Range@WebCore@@SA?AV?$PassRefPtr@VRange@WebCore@@@WTF@@AEAVDocument@2@V?$PassRefPtr@VNode@WebCore@@@4@H1H@Z)
         symbolWithPointer(?commonVM@JSDOMWindowBase@WebCore@@SAAAVVM@JSC@@XZ, ?commonVM@JSDOMWindowBase@WebCore@@SAAEAVVM@JSC@@XZ)
+               symbolWithPointer(?contentDocument@HTMLFrameOwnerElement@WebCore@@QBEPAVDocument@2@XZ, ?contentDocument@HTMLFrameOwnerElement@WebCore@@QEBAPEAVDocument@2@XZ)
         symbolWithPointer(?create@SerializedScriptValue@WebCore@@SA?AV?$PassRefPtr@VSerializedScriptValue@WebCore@@@WTF@@ABVString@4@@Z, ?create@SerializedScriptValue@WebCore@@SA?AV?$PassRefPtr@VSerializedScriptValue@WebCore@@@WTF@@AEBVString@4@@Z)
 #if USE(CF)
         symbolWithPointer(?createCFString@String@WTF@@QBE?AV?$RetainPtr@PBU__CFString@@@2@XZ, ?createCFString@String@WTF@@QEBA?AV?$RetainPtr@PEBU__CFString@@@2@XZ)
@@ -203,6 +204,7 @@ EXPORTS
                symbolWithPointer(?getOutOfLineCachedWrapper@WebCore@@YAPAVJSObject@JSC@@PAVJSDOMGlobalObject@1@PAVNode@1@@Z, ?getOutOfLineCachedWrapper@WebCore@@YAPEAVJSObject@JSC@@PEAVJSDOMGlobalObject@1@PEAVNode@1@@Z)
         symbolWithPointer(?hitTest@RenderView@WebCore@@QAE_NABVHitTestRequest@2@AAVHitTestResult@2@@Z, ?hitTest@RenderView@WebCore@@QEAA_NAEBVHitTestRequest@2@AEAVHitTestResult@2@@Z)
         ?inputTag@HTMLNames@WebCore@@3VHTMLQualifiedName@2@B
+               symbolWithPointer(?iframeTag@HTMLNames@WebCore@@3VHTMLQualifiedName@2@B,?iframeTag@HTMLNames@WebCore@@3VHTMLQualifiedName@2@B)
         symbolWithPointer(?intersects@IntRect@WebCore@@QBE_NABV12@@Z, ?intersects@IntRect@WebCore@@QEBA_NAEBV12@@Z)
         symbolWithPointer(?item@StaticNodeList@WebCore@@UBEPAVNode@2@I@Z, ?item@StaticNodeList@WebCore@@UEBAPEAVNode@2@I@Z)
         ?selectTag@HTMLNames@WebCore@@3VHTMLQualifiedName@2@B
@@ -323,7 +325,7 @@ EXPORTS
         symbolWithPointer(?toRange@WebCore@@YAPAVRange@1@VJSValue@JSC@@@Z, ?toRange@WebCore@@YAPEAVRange@1@VJSValue@JSC@@@Z)
         symbolWithPointer(?isTreeScope@Node@WebCore@@QBE_NXZ, ?isTreeScope@Node@WebCore@@QEBA_NXZ)
         symbolWithPointer(?updateEditorUINowIfScheduled@Editor@WebCore@@QAEXXZ, ?updateEditorUINowIfScheduled@Editor@WebCore@@QEAAXXZ)
-        symbolWithPointer(?updateLayoutIgnorePendingStylesheets@Document@WebCore@@QAEXXZ, ?updateLayoutIgnorePendingStylesheets@Document@WebCore@@QEAAXXZ)
+        symbolWithPointer(?updateLayoutIgnorePendingStylesheets@Document@WebCore@@QAEXW4RunPostLayoutTasks@12@@Z, ?updateLayoutIgnorePendingStylesheets@Document@WebCore@@QEAAXW4RunPostLayoutTasks@12@@Z)
         symbolWithPointer(?updateStyleIfNeeded@Document@WebCore@@QAEXXZ, ?updateStyleIfNeeded@Document@WebCore@@QEAAXXZ)
         symbolWithPointer(?view@Document@WebCore@@QBEPAVFrameView@2@XZ, ?view@Document@WebCore@@QEBAPEAVFrameView@2@XZ)
         symbolWithPointer(??1ContextDestructionObserver@WebCore@@MAE@XZ, ??1ContextDestructionObserver@WebCore@@MEAA@XZ)