2011-04-07 Sergey Glazunov <serg.glazunov@gmail.com>
authorinferno@chromium.org <inferno@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 7 Apr 2011 21:17:44 +0000 (21:17 +0000)
committerinferno@chromium.org <inferno@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 7 Apr 2011 21:17:44 +0000 (21:17 +0000)
        Reviewed by Dimitri Glazkov.

        setHasID() is only called for styled elements
        https://bugs.webkit.org/show_bug.cgi?id=57267

        Test: fast/dom/non-styled-element-id-crash.html

        * dom/Element.cpp:
        (WebCore::Element::attributeChanged):
        (WebCore::Element::idAttributeChanged):
        * dom/Element.h:
        * dom/StyledElement.cpp:
        (WebCore::StyledElement::parseMappedAttribute):
2011-04-07  Sergey Glazunov  <serg.glazunov@gmail.com>

        Reviewed by Dimitri Glazkov.

        setHasID() is only called for styled elements
        https://bugs.webkit.org/show_bug.cgi?id=57267

        * fast/dom/non-styled-element-id-crash-expected.txt: Added.
        * fast/dom/non-styled-element-id-crash.html: Added.
        * svg/custom/embedded-svg-disallowed-in-dashboard.xml: Fix the failing test.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@83209 268f45cc-cd09-0410-ab3c-d52691b4dbfc

LayoutTests/ChangeLog
LayoutTests/fast/dom/non-styled-element-id-crash-expected.txt [new file with mode: 0644]
LayoutTests/fast/dom/non-styled-element-id-crash.html [new file with mode: 0644]
LayoutTests/svg/custom/embedded-svg-disallowed-in-dashboard.xml
Source/WebCore/ChangeLog
Source/WebCore/dom/Element.cpp
Source/WebCore/dom/Element.h
Source/WebCore/dom/StyledElement.cpp

index 3648cbb..fe792f9 100644 (file)
@@ -1,3 +1,14 @@
+2011-04-07  Sergey Glazunov  <serg.glazunov@gmail.com>
+
+        Reviewed by Dimitri Glazkov.
+
+        setHasID() is only called for styled elements
+        https://bugs.webkit.org/show_bug.cgi?id=57267
+
+        * fast/dom/non-styled-element-id-crash-expected.txt: Added.
+        * fast/dom/non-styled-element-id-crash.html: Added.
+        * svg/custom/embedded-svg-disallowed-in-dashboard.xml: Fix the failing test.
+
 2011-04-07  Brian Weinstein  <bweinstein@apple.com>
 
         Fix a typo in the Skipped list from r83203.
diff --git a/LayoutTests/fast/dom/non-styled-element-id-crash-expected.txt b/LayoutTests/fast/dom/non-styled-element-id-crash-expected.txt
new file mode 100644 (file)
index 0000000..7ef22e9
--- /dev/null
@@ -0,0 +1 @@
+PASS
diff --git a/LayoutTests/fast/dom/non-styled-element-id-crash.html b/LayoutTests/fast/dom/non-styled-element-id-crash.html
new file mode 100644 (file)
index 0000000..f9d13d0
--- /dev/null
@@ -0,0 +1,40 @@
+<html>
+<head>
+<script>
+if (window.layoutTestController) {
+    layoutTestController.dumpAsText();
+    layoutTestController.waitUntilDone();
+}
+
+gc = window.gc || function()
+{
+    if (window.GCController)
+        return GCController.collect();
+
+    for (var i = 0; i < 10000; ++i)
+        var s = new String("AAAA");
+}
+
+window.onload = function()
+{
+    element = document.body.appendChild(document.createElementNS("foo", "bar"));
+    element.id = "bar";
+    element.setAttribute("id", "bar");
+    document.body.removeChild(element);
+
+    element = null;
+    gc();
+
+    setTimeout(finishTest, 0);
+}
+
+finishTest = function()
+{
+    document.getElementById("bar");
+    
+    if (window.layoutTestController)
+        layoutTestController.notifyDone();
+}
+</script>
+<body>PASS</body>
+</html>
index 587591d..7ab733a 100644 (file)
@@ -19,7 +19,7 @@
         </svg>
         <pre id="console"></pre> 
         <script>
-           if(document.getElementById('svgCircleNode'))
+           if(document.getElementById('svgCircleNode') instanceof SVGElement)
                debug("FAIL: Successfully embedded SVG in document");
            else
                debug("PASS: SVG Elements could not be created");
index 0bb7160..e3ebe85 100644 (file)
@@ -1,3 +1,19 @@
+2011-04-07  Sergey Glazunov  <serg.glazunov@gmail.com>
+
+        Reviewed by Dimitri Glazkov.
+
+        setHasID() is only called for styled elements
+        https://bugs.webkit.org/show_bug.cgi?id=57267
+
+        Test: fast/dom/non-styled-element-id-crash.html
+
+        * dom/Element.cpp:
+        (WebCore::Element::attributeChanged):
+        (WebCore::Element::idAttributeChanged):
+        * dom/Element.h:
+        * dom/StyledElement.cpp:
+        (WebCore::StyledElement::parseMappedAttribute):
+
 2011-04-07  Jer Noble  <jer.noble@apple.com>
 
         Reviewed by Eric Carlson.
index e4d9075..b57f3d2 100644 (file)
@@ -726,6 +726,8 @@ PassRefPtr<Attribute> Element::createAttribute(const QualifiedName& name, const
 
 void Element::attributeChanged(Attribute* attr, bool)
 {
+    if (isIdAttributeName(attr->name()))
+        idAttributeChanged(attr);
     recalcStyleIfNeededAfterAttributeChanged(attr);
     updateAfterAttributeChanged(attr);
 }
@@ -764,6 +766,20 @@ void Element::recalcStyleIfNeededAfterAttributeChanged(Attribute* attr)
         setNeedsStyleRecalc();
 }
 
+void Element::idAttributeChanged(Attribute* attr)
+{
+    setHasID(!attr->isNull());
+    if (attributeMap()) {
+        if (attr->isNull())
+            attributeMap()->setIdForStyleResolution(nullAtom);
+        else if (document()->inQuirksMode())
+            attributeMap()->setIdForStyleResolution(attr->value().lower());
+        else
+            attributeMap()->setIdForStyleResolution(attr->value());
+    }
+    setNeedsStyleRecalc();
+}
+    
 // Returns true is the given attribute is an event handler.
 // We consider an event handler any attribute that begins with "on".
 // It is a simple solution that has the advantage of not requiring any
index 0905d7d..618ad27 100644 (file)
@@ -366,6 +366,8 @@ protected:
     // They are separated to allow a different flow of control in StyledElement::attributeChanged().
     void recalcStyleIfNeededAfterAttributeChanged(Attribute*);
     void updateAfterAttributeChanged(Attribute*);
+    
+    void idAttributeChanged(Attribute*);
 
 private:
     void scrollByUnits(int units, ScrollGranularity);
index 3c55591..6781ed5 100644 (file)
@@ -233,18 +233,9 @@ void StyledElement::classAttributeChanged(const AtomicString& newClassString)
 
 void StyledElement::parseMappedAttribute(Attribute* attr)
 {
-    if (isIdAttributeName(attr->name())) {
-        setHasID(!attr->isNull());
-        if (attributeMap()) {
-            if (attr->isNull())
-                attributeMap()->setIdForStyleResolution(nullAtom);
-            else if (document()->inQuirksMode())
-                attributeMap()->setIdForStyleResolution(attr->value().lower());
-            else
-                attributeMap()->setIdForStyleResolution(attr->value());
-        }
-        setNeedsStyleRecalc();
-    } else if (attr->name() == classAttr)
+    if (isIdAttributeName(attr->name()))
+        idAttributeChanged(attr);
+    else if (attr->name() == classAttr)
         classAttributeChanged(attr->value());
     else if (attr->name() == styleAttr) {
         if (attr->isNull())