Reviewed by Eric Seidel.
authormitz <mitz@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 24 Oct 2007 01:51:04 +0000 (01:51 +0000)
committermitz <mitz@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 24 Oct 2007 01:51:04 +0000 (01:51 +0000)
commit14828646326dae467b709016ba51e2294ffc0411
tree3e4786c9bc7e1d2adf205bce776a2abbcb9d656d
parent8eedc1a71d0f6a0176508dc212759780843322ec
    Reviewed by Eric Seidel.

        - fix http://bugs.webkit.org/show_bug.cgi?id=15405
          ASSERTION FAILED: d->m_view && !d->m_view->needsLayout() in Frame::Paint

        Calling updateWidget() during attach() led to arbitrary (plugin and resource load delegate)
        code execution under attach(). The fix is to use the mechanism that's already in place for
        deferring updateWidget() until after layout.

        * html/HTMLEmbedElement.cpp:
        (WebCore::HTMLEmbedElement::attach): Replaced call to updateWidget() with call to updateWidgetSoon()
        * html/HTMLObjectElement.cpp:
        (WebCore::HTMLObjectElement::attach): Ditto.
        * manual-tests/paint-during-plugin-attach.html: Added.
        * rendering/RenderPartObject.cpp:
        (WebCore::RenderPartObject::updateWidgetSoon): Added this function that schedules the
        updateWidget() call for after the next layout.
        * rendering/RenderPartObject.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@26941 268f45cc-cd09-0410-ab3c-d52691b4dbfc
WebCore/ChangeLog
WebCore/html/HTMLEmbedElement.cpp
WebCore/html/HTMLObjectElement.cpp
WebCore/manual-tests/paint-during-plugin-attach.html [new file with mode: 0644]
WebCore/rendering/RenderPartObject.cpp
WebCore/rendering/RenderPartObject.h