Use HTMLElementFactory to create equivalent elements in WebVTTElement
authorrniwa@webkit.org <rniwa@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 11 Jun 2013 21:18:55 +0000 (21:18 +0000)
committerrniwa@webkit.org <rniwa@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 11 Jun 2013 21:18:55 +0000 (21:18 +0000)
https://bugs.webkit.org/show_bug.cgi?id=117423

Reviewed by Eric Carlson.

Source/WebCore:

Merge https://chromium.googlesource.com/chromium/blink/+/3d60bec8e5dabfe877c482797d9ef430bfde31

This change forces the calls through the factory so that we create appropriate sub-classes based upon the passed tag name,
rather than just creating a concrete HTMLElement class with an inappropriate tag name.

Test: media/track/getCueAsHTMLCrash.html

* html/track/WebVTTElement.cpp:
(WebCore::WebVTTElement::createEquivalentHTMLElement):

LayoutTests:

* media/track/getCueAsHTMLCrash-expected.txt: Added.
* media/track/getCueAsHTMLCrash.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@151471 268f45cc-cd09-0410-ab3c-d52691b4dbfc

LayoutTests/ChangeLog
LayoutTests/media/track/getCueAsHTMLCrash-expected.txt [new file with mode: 0644]
LayoutTests/media/track/getCueAsHTMLCrash.html [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/html/track/WebVTTElement.cpp

index 7d1914a..5fcd808 100644 (file)
@@ -1,3 +1,13 @@
+2013-06-11  Ryosuke Niwa  <rniwa@webkit.org>
+
+        Use HTMLElementFactory to create equivalent elements in WebVTTElement
+        https://bugs.webkit.org/show_bug.cgi?id=117423
+
+        Reviewed by Eric Carlson.
+
+        * media/track/getCueAsHTMLCrash-expected.txt: Added.
+        * media/track/getCueAsHTMLCrash.html: Added.
+
 2013-06-11  Eric Carlson  <eric.carlson@apple.com>
 
         [Mac] Update text track menu
diff --git a/LayoutTests/media/track/getCueAsHTMLCrash-expected.txt b/LayoutTests/media/track/getCueAsHTMLCrash-expected.txt
new file mode 100644 (file)
index 0000000..bc7f57d
--- /dev/null
@@ -0,0 +1 @@
+Test passes if it does not induce a crash.
diff --git a/LayoutTests/media/track/getCueAsHTMLCrash.html b/LayoutTests/media/track/getCueAsHTMLCrash.html
new file mode 100644 (file)
index 0000000..bc4e3e0
--- /dev/null
@@ -0,0 +1,21 @@
+<!DOCTYPE html>
+<html>
+<div>Test passes if it does not induce a crash.</div>
+<script src="../../resources/testharness.js"></script>
+<script>
+if (window.testRunner)
+    testRunner.dumpAsText();
+
+test(function() {
+    var cue = new TextTrackCue(0, 1, '<c>x\0');
+    window.fragment = cue.getCueAsHTML();
+}, document.title + ', creating the cue');
+
+test(function() {
+    assert_false(fragment.childNodes[0].hasChildNodes(), 'hasChildNodes()');
+}, document.title + ', >');
+
+test(function() {}, document.title + ', ');
+test(function() {}, document.title + ', x\\0');
+</script>
+</html>
index 5f7b1f1..ab51cad 100644 (file)
@@ -1,3 +1,20 @@
+2013-06-11  Ryosuke Niwa  <rniwa@webkit.org>
+
+        Use HTMLElementFactory to create equivalent elements in WebVTTElement
+        https://bugs.webkit.org/show_bug.cgi?id=117423
+
+        Reviewed by Eric Carlson.
+
+        Merge https://chromium.googlesource.com/chromium/blink/+/3d60bec8e5dabfe877c482797d9ef430bfde31
+
+        This change forces the calls through the factory so that we create appropriate sub-classes based upon the passed tag name,
+        rather than just creating a concrete HTMLElement class with an inappropriate tag name.
+
+        Test: media/track/getCueAsHTMLCrash.html
+
+        * html/track/WebVTTElement.cpp:
+        (WebCore::WebVTTElement::createEquivalentHTMLElement):
+
 2013-06-11  Benjamin Poulain  <bpoulain@apple.com>
 
         Split SelectorDataList::executeSingleTagNameSelectorData() into the 4 kinds of traversal
index e063e15..0904730 100644 (file)
@@ -29,6 +29,7 @@
 
 #include "WebVTTElement.h"
 
+#include "HTMLElementFactory.h"
 #include "TextTrack.h"
 
 namespace WebCore {
@@ -93,24 +94,24 @@ PassRefPtr<HTMLElement> WebVTTElement::createEquivalentHTMLElement(Document* doc
     case WebVTTNodeTypeClass:
     case WebVTTNodeTypeLanguage:
     case WebVTTNodeTypeVoice:
-        htmlElement = HTMLElement::create(HTMLNames::spanTag, document);
+        htmlElement = HTMLElementFactory::createHTMLElement(HTMLNames::spanTag, document);
         htmlElement.get()->setAttribute(HTMLNames::titleAttr, getAttribute(voiceAttributeName()));
         htmlElement.get()->setAttribute(HTMLNames::langAttr, getAttribute(langAttributeName()));
         break;
     case WebVTTNodeTypeItalic:
-        htmlElement = HTMLElement::create(HTMLNames::iTag, document);
+        htmlElement = HTMLElementFactory::createHTMLElement(HTMLNames::iTag, document);
         break;
     case WebVTTNodeTypeBold:
-        htmlElement = HTMLElement::create(HTMLNames::bTag, document);
+        htmlElement = HTMLElementFactory::createHTMLElement(HTMLNames::bTag, document);
         break;
     case WebVTTNodeTypeUnderline:
-        htmlElement = HTMLElement::create(HTMLNames::uTag, document);
+        htmlElement = HTMLElementFactory::createHTMLElement(HTMLNames::uTag, document);
         break;
     case WebVTTNodeTypeRuby:
-        htmlElement = HTMLElement::create(HTMLNames::rubyTag, document);
+        htmlElement = HTMLElementFactory::createHTMLElement(HTMLNames::rubyTag, document);
         break;
     case WebVTTNodeTypeRubyText:
-        htmlElement = HTMLElement::create(HTMLNames::rtTag, document);
+        htmlElement = HTMLElementFactory::createHTMLElement(HTMLNames::rtTag, document);
         break;
     default:
         ASSERT_NOT_REACHED();