WebCore:
authorbdakin <bdakin@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 7 Nov 2006 07:15:00 +0000 (07:15 +0000)
committerbdakin <bdakin@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 7 Nov 2006 07:15:00 +0000 (07:15 +0000)
commit25ab0853e0622f3534560dbccd66b46e3ec26e60
tree40cc8432fcdf8a7f50e46e4fc8f119d4a56b6579
parente2553386caab12ffba51c24c5e2d4020485a4757
WebCore:
        Reviewed by Hyatt.

        Fix for <rdar://problem/4820814> A crash occurs at
        WebCore::HitTestResult::spellingToolTip() when mousing down on
        iframe at www.macsurfer.com

        The bug here is that the source of the iframe is only a comment,
        and we were not properly constructing the frame because it was
        sort-of empty but not.

        * html/HTMLDocument.cpp:
        (WebCore::HTMLDocument::childAllowed): newChild is NOT allowed if
        it is a comment node.
        * html/HTMLParser.cpp:
        (WebCore::HTMLParser::handleError): if n is a comment node and
        there is no head, we create a head, insert in the document, and add
        the comment node as a child. This is what Firefox does too.
        * page/FrameView.cpp:
        (WebCore::FrameView::handleMousePressEvent): Safe-guard for the
        fix. It is possible to get a mouse event without a target node, so
        we null check it. (Of course, in the case of this bug, it should
        not have been null, but it is a good thing to check for anyway.
        * rendering/HitTestResult.cpp:
        (WebCore::HitTestResult::spellingToolTip): Null-check
        m_innerNonSharedNode.

Layout Tests:
        Reviewed by Hyatt.

        Test for <rdar://problem/4820814> A crash occurs at
        WebCore::HitTestResult::spellingToolTip() when mousing down on
        iframe at www.macsurfer.com

        * fast/frames/onlyCommentInIFrame-expected.checksum: Added.
        * fast/frames/onlyCommentInIFrame-expected.png: Added.
        * fast/frames/onlyCommentInIFrame-expected.txt: Added.
        * fast/frames/onlyCommentInIFrame.html: Added.
        * fast/frames/resources/comment.html: Added.
        * fast/frames/resources/commentX.xhtml: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@17640 268f45cc-cd09-0410-ab3c-d52691b4dbfc
12 files changed:
LayoutTests/ChangeLog
LayoutTests/fast/frames/onlyCommentInIFrame-expected.checksum [new file with mode: 0644]
LayoutTests/fast/frames/onlyCommentInIFrame-expected.png [new file with mode: 0644]
LayoutTests/fast/frames/onlyCommentInIFrame-expected.txt [new file with mode: 0644]
LayoutTests/fast/frames/onlyCommentInIFrame.html [new file with mode: 0644]
LayoutTests/fast/frames/resources/comment.html [new file with mode: 0644]
LayoutTests/fast/frames/resources/commentX.xhtml [new file with mode: 0644]
WebCore/ChangeLog
WebCore/html/HTMLDocument.cpp
WebCore/html/HTMLParser.cpp
WebCore/page/FrameView.cpp
WebCore/rendering/HitTestResult.cpp