Don't keep unassociated elements in the past names map
authorrniwa@webkit.org <rniwa@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 28 Aug 2013 18:28:55 +0000 (18:28 +0000)
committerrniwa@webkit.org <rniwa@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 28 Aug 2013 18:28:55 +0000 (18:28 +0000)
commit806bf5dd4da84a533a813c2212237533365c8509
tree070167024446e876efc83ee03e5542f0f25b8a30
parentc6c41d08fbe7c0e31941e74f8c859a0de78b1c14
Don't keep unassociated elements in the past names map
https://bugs.webkit.org/show_bug.cgi?id=120328

Reviewed by Darin Adler.

Source/WebCore:

Remove elements from the past names map of a form element when they are disassociated with the form to match
the behaviors of Firefox 24 and Internet Explorer 10. The specification feedback has been submitted to WHATWG
in http://lists.whatwg.org/pipermail/whatwg-whatwg.org/2013-August/040586.html

Also fix a memory leak via the past names map when the elements in the map becomes an ancestor of the form
element by storing a raw pointer in the map. This is safe because the form associated elements are kept alive
by another mechanism.

Because ~FormAssociatedElement removes entries from the past names map, we could no longer store HTMLElement*
in HTMLFormElement::m_pastNamesMap as that requires casting FormAssociatedElement* to HTMLElement*, which is
not possible in ~FormAssociatedElement. We instead store pointers to FormNamedItem, new base class of
FormAssociatedElement and HTMLImageElement.

Test: fast/forms/past-names-map-should-not-contained-disassociated-elements.html

* Target.pri:
* WebCore.exp.in:
* WebCore.vcxproj/WebCore.vcxproj:
* WebCore.vcxproj/WebCore.vcxproj.filters:
* WebCore.xcodeproj/project.pbxproj:
* html/FormAssociatedElement.cpp:
* html/FormAssociatedElement.h:
(WebCore::toHTMLElement):

* html/FormNamedItem.h: Added.
(WebCore::FormNamedItem::~FormNamedItem):

* html/HTMLElement.h:
(WebCore::HTMLElement::asFormNamedItem): Added. This allows the conversion from a HTMLFormControlElement,
HTMLObjectElement, HTMLImageElement to FormNamedItem in getNamedElements to update the past names map.

* html/HTMLFormControlElement.h:
* html/HTMLFormElement.cpp:
(WebCore::HTMLFormElement::removeFormElement):
(WebCore::HTMLFormElement::removeImgElement):
(WebCore::HTMLFormElement::assertItemCanBeInPastNamesMap): Asserts that FormNamedItem added to or obtained
from the past names map is either a form associated element or an image element; the condition guarantees
that the item will be removed from the map before its element gets destructed.

(WebCore::HTMLFormElement::elementFromPastNamesMap):
(WebCore::HTMLFormElement::addToPastNamesMap):
(WebCore::HTMLFormElement::removeFromPastNamesMap): Finds and removes the obsolete item from the map in O(n).
Note that removeFromVector, which is called on m_associatedElements or m_imageElements before this function is called,
is already O(n).

(WebCore::HTMLFormElement::getNamedElements):

* html/HTMLFormElement.h:
* html/HTMLImageElement.h:
* html/HTMLObjectElement.h:

LayoutTests:

Add a regression test. Also Updated the tests to expect the new behavior in which elements are not accessible via
their past names in a form element's name getter once they're disassociated with the form element.

* fast/forms/form-image-access-by-name-expected.txt:
* fast/forms/form-image-access-by-name.html:
* fast/forms/old-names-expected.txt:
* fast/forms/old-names.html:
* fast/forms/past-names-map-should-not-contained-disassociated-elements-expected.txt: Added.
* fast/forms/past-names-map-should-not-contained-disassociated-elements.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@154761 268f45cc-cd09-0410-ab3c-d52691b4dbfc
22 files changed:
LayoutTests/ChangeLog
LayoutTests/fast/forms/form-image-access-by-name-expected.txt
LayoutTests/fast/forms/form-image-access-by-name.html
LayoutTests/fast/forms/old-names-expected.txt
LayoutTests/fast/forms/old-names.html
LayoutTests/fast/forms/past-names-map-should-not-contained-disassociated-elements-expected.txt [new file with mode: 0644]
LayoutTests/fast/forms/past-names-map-should-not-contained-disassociated-elements.html [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/Target.pri
Source/WebCore/WebCore.exp.in
Source/WebCore/WebCore.vcxproj/WebCore.vcxproj
Source/WebCore/WebCore.vcxproj/WebCore.vcxproj.filters
Source/WebCore/WebCore.xcodeproj/project.pbxproj
Source/WebCore/html/FormAssociatedElement.cpp
Source/WebCore/html/FormAssociatedElement.h
Source/WebCore/html/FormNamedItem.h [new file with mode: 0644]
Source/WebCore/html/HTMLElement.h
Source/WebCore/html/HTMLFormControlElement.h
Source/WebCore/html/HTMLFormElement.cpp
Source/WebCore/html/HTMLFormElement.h
Source/WebCore/html/HTMLImageElement.h
Source/WebCore/html/HTMLObjectElement.h