Reviewed by Hyatt.
Another go at fix for <rdar://problem/
4820814> A crash occurs at
WebCore::HitTestResult::spellingToolTip() when mousing down on
iframe at www.macsurfer.com
The fix from yesterday caused a layout test regression which
exposed an existing bug. The existing bug was that we allowed text
nodes to stay in the head tag, but other browsers move them to the
body. The previous fix also caused a performance regression, which
was seemingly easy to fix by moving the new clause in
HTMLParser::handleError() to be below the HTMLElement case.
* html/HTMLDocument.cpp:
(WebCore::HTMLDocument::childAllowed): Don't allow comment nodes to
be the child of the document.
* html/HTMLHeadElement.cpp:
(WebCore::HTMLHeadElement::childAllowed): Do not allow non-
whitespace text nodes to be children of the head.
* html/HTMLHeadElement.h:
* html/HTMLParser.cpp:
(WebCore::HTMLParser::handleError): Error case for comment nodes.
* page/FrameView.cpp:
(WebCore::FrameView::handleMousePressEvent): Safety-net null check
for the original crash.
Layout Tests:
Reviewed by Hyatt.
Test cases for <rdar://problem/
4820814> A crash occurs at
WebCore::HitTestResult::spellingToolTip() when mousing down on
iframe at www.macsurfer.com
And for the found-bug of moving text nodes within the head to the
body.
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@17656
268f45cc-cd09-0410-ab3c-
d52691b4dbfc
+2006-11-07 Beth Dakin <bdakin@apple.com>
+
+ Reviewed by Hyatt.
+
+ Test cases for <rdar://problem/4820814> A crash occurs at
+ WebCore::HitTestResult::spellingToolTip() when mousing down on
+ iframe at www.macsurfer.com
+
+ And for the found-bug of moving text nodes within the head to the
+ body.
+
+ * fast/dom/HTMLHeadElement/textInHead1-expected.checksum: Added.
+ * fast/dom/HTMLHeadElement/textInHead1-expected.png: Added.
+ * fast/dom/HTMLHeadElement/textInHead1-expected.txt: Added.
+ * fast/dom/HTMLHeadElement/textInHead1.html: Added.
+ * fast/dom/HTMLHeadElement/textInHead2-expected.checksum: Added.
+ * fast/dom/HTMLHeadElement/textInHead2-expected.png: Added.
+ * fast/dom/HTMLHeadElement/textInHead2-expected.txt: Added.
+ * fast/dom/HTMLHeadElement/textInHead2.html: Added.
+ * fast/dom/HTMLHeadElement/textInHead3-expected.checksum: Added.
+ * fast/dom/HTMLHeadElement/textInHead3-expected.png: Added.
+ * fast/dom/HTMLHeadElement/textInHead3-expected.txt: Added.
+ * fast/dom/HTMLHeadElement/textInHead3.html: Added.
+ * fast/dom/HTMLHeadElement/textInHead4-expected.checksum: Added.
+ * fast/dom/HTMLHeadElement/textInHead4-expected.png: Added.
+ * fast/dom/HTMLHeadElement/textInHead4-expected.txt: Added.
+ * fast/dom/HTMLHeadElement/textInHead4.html: Added.
+ * fast/dom/HTMLHeadElement/textInHead5-expected.checksum: Added.
+ * fast/dom/HTMLHeadElement/textInHead5-expected.png: Added.
+ * fast/dom/HTMLHeadElement/textInHead5-expected.txt: Added.
+ * fast/dom/HTMLHeadElement/textInHead5.html: Added.
+ * fast/frames/onlyCommentInIFrame-expected.checksum: Added.
+ * fast/frames/onlyCommentInIFrame-expected.txt: Added.
+ * fast/frames/onlyCommentInIFrame.html: Added.
+ * fast/frames/resources/comment.html: Added.
+ * fast/frames/resources/commentX.xhtml: Added.
+ * tables/mozilla/bugs/bug1224-expected.checksum:
+ * tables/mozilla/bugs/bug1224-expected.png:
+ * tables/mozilla/bugs/bug1224-expected.txt:
+
2006-11-07 David Harrison <harrison@apple.com>
Updated.
--- /dev/null
+44e021cc33dfc7979bdea1e5e8bf18ac
\ No newline at end of file
--- /dev/null
+layer at (0,0) size 800x600
+ RenderView at (0,0) size 800x600
+layer at (0,0) size 800x600
+ RenderBlock {HTML} at (0,0) size 800x600
+ RenderBody {BODY} at (8,8) size 784x584
+ RenderText {#text} at (0,0) size 31x18
+ text run at (0,0) width 31: "hello"
+ RenderText {#text} at (31,0) size 21x18
+ text run at (31,0) width 21: "test"
+ RenderText {#text} at (52,0) size 34x18
+ text run at (52,0) width 34: "again"
--- /dev/null
+<!--here is my comment-->hello<head>test</head><body>again</body>
\ No newline at end of file
--- /dev/null
+44e021cc33dfc7979bdea1e5e8bf18ac
\ No newline at end of file
--- /dev/null
+layer at (0,0) size 800x600
+ RenderView at (0,0) size 800x600
+layer at (0,0) size 800x600
+ RenderBlock {HTML} at (0,0) size 800x600
+ RenderBody {BODY} at (8,8) size 784x584
+ RenderText {#text} at (0,0) size 31x18
+ text run at (0,0) width 31: "hello"
+ RenderText {#text} at (31,0) size 21x18
+ text run at (31,0) width 21: "test"
+ RenderText {#text} at (52,0) size 34x18
+ text run at (52,0) width 34: "again"
--- /dev/null
+hello<head>test</head><body>again</body>
\ No newline at end of file
--- /dev/null
+ad2cbd076d8999068a14fc0b1c17bfbc
\ No newline at end of file
--- /dev/null
+layer at (0,0) size 800x600
+ RenderView at (0,0) size 800x600
+layer at (0,0) size 800x600
+ RenderBlock {HTML} at (0,0) size 800x600
+ RenderBody {BODY} at (8,8) size 784x584
+ RenderText {#text} at (0,0) size 21x18
+ text run at (0,0) width 21: "test"
+ RenderText {#text} at (21,0) size 34x18
+ text run at (21,0) width 34: "again"
--- /dev/null
+<head>test</head><body>again</body>
\ No newline at end of file
--- /dev/null
+e05d6a764535d3c420053a141e385943
\ No newline at end of file
--- /dev/null
+layer at (0,0) size 800x600
+ RenderView at (0,0) size 800x600
+layer at (0,0) size 800x34
+ RenderBlock {HTML} at (0,0) size 800x34
+ RenderBody {BODY} at (8,8) size 784x18
+ RenderText {#text} at (0,0) size 23x18
+ text run at (0,0) width 23: "text"
+ RenderText {#text} at (23,0) size 4x18
+ text run at (23,0) width 4: " "
+ RenderText {#text} at (27,0) size 21x18
+ text run at (27,0) width 21: "test"
--- /dev/null
+<head> <script></script> <script></script>text<script></script> </head>
+test
\ No newline at end of file
--- /dev/null
+141d003dbe7f35719ba9e830e8f83af3
\ No newline at end of file
--- /dev/null
+layer at (0,0) size 800x600
+ RenderView at (0,0) size 800x600
+layer at (0,0) size 800x600
+ RenderBlock {HTML} at (0,0) size 800x600
+ RenderBody {BODY} at (8,8) size 784x584
+ RenderText {#text} at (0,0) size 29x18
+ text run at (0,0) width 29: "Foo "
+ RenderText {#text} at (29,0) size 76x18
+ text run at (29,0) width 76: "Hello world"
--- /dev/null
+<head>Foo <style>div { color: red }</style></head><body>Hello world
\ No newline at end of file
--- /dev/null
+655becf51f13d8a2827fbc4070800270
\ No newline at end of file
--- /dev/null
+layer at (0,0) size 800x600
+ RenderView at (0,0) size 800x600
+layer at (0,0) size 800x600
+ RenderBlock {HTML} at (0,0) size 800x600
+ RenderBody {BODY} at (8,8) size 784x584
+ RenderText {#text} at (0,0) size 780x54
+ text run at (0,0) width 780: "The documents in the src attributes of the iframes below only contain comments. This test is for a bug where we would only"
+ text run at (0,18) width 773: "construct RenderViews for such iframes. We need to propery construct an empty frame instead, so the RenderView should"
+ text run at (0,36) width 502: "have a RenderBlock and RenderBody below it in the dump of the RenderTree. "
+ RenderBR {BR} at (502,50) size 0x0
+ RenderPartObject {IFRAME} at (0,54) size 784x10
+ layer at (0,0) size 767x8
+ RenderView at (0,0) size 767x6
+ layer at (0,0) size 767x8
+ RenderBlock {HTML} at (0,0) size 767x8
+ RenderBody {BODY} at (8,8) size 751x0
+ RenderText {#text} at (0,0) size 0x0
+ RenderBR {BR} at (0,0) size 0x0
+ RenderBR {BR} at (0,64) size 0x18
+ RenderPartObject {IFRAME} at (0,82) size 784x10
+ layer at (0,0) size 767x130
+ RenderView at (0,0) size 767x6
+ layer at (0,0) size 767x130
+ RenderBlock {html} at (0,0) size 767x130
+ RenderBody {body} at (8,18) size 751x94
+ RenderBlock (anonymous) at (0,0) size 751x0
+ RenderInline {parsererror} at (0,0) size 0x0 [bgcolor=#FFDDDD] [border: (2px solid #CC7777)]
+ RenderBlock (anonymous) at (0,0) size 751x94
+ RenderBlock {h3} at (0,0) size 751x22
+ RenderText {#text} at (0,0) size 324x22
+ text run at (0,0) width 324: "This page contains the following errors:"
+ RenderBlock {div} at (0,40) size 751x14
+ RenderText {#text} at (0,0) size 490x14
+ text run at (0,0) width 490: "error on line 1 at column 15: Extra content at the end of the document"
+ text run at (490,0) width 0: " "
+ RenderBlock {h3} at (0,72) size 751x22
+ RenderText {#text} at (0,0) size 429x22
+ text run at (0,0) width 429: "Below is a rendering of the page up to the first error."
+ RenderBlock (anonymous) at (0,112) size 751x0
+ RenderInline {parsererror} at (0,0) size 0x0 [bgcolor=#FFDDDD] [border: (2px solid #CC7777)]
+ RenderText {#text} at (0,0) size 0x0
--- /dev/null
+<HTML>
+
+<BODY>
+The documents in the src attributes of the iframes below only contain comments. This test is for a bug where we would only construct RenderViews for such iframes. We need to propery construct an empty frame instead, so the RenderView should have a RenderBlock and RenderBody below it in the dump of the RenderTree.
+<br>
+<IFRAME src="resources/comment.html" width="100%" height="10" frameborder=1 ></IFRAME>
+<br>
+<br>
+<IFRAME src="resources/commentX.xhtml" width="100%" height="10" frameborder=1 ></IFRAME>
+
+</HTML>
\ No newline at end of file
--- /dev/null
+<!--comment-->
\ No newline at end of file
--- /dev/null
+<!--comment-->
\ No newline at end of file
-32ab105476c4b88908d3fdfa6e33d0ac
\ No newline at end of file
+d258ae622d3f38a524410a9601038c6f
\ No newline at end of file
layer at (0,0) size 800x600
RenderBlock {HTML} at (0,0) size 800x600
RenderBody {BODY} at (8,8) size 784x584
- RenderTable {TABLE} at (0,0) size 191x52 [border: (1px outset #808080)]
+ RenderBlock (anonymous) at (0,0) size 784x18
+ RenderText {#text} at (0,0) size 132x18
+ text run at (0,0) width 132: "and the page works.)"
+ RenderText {#text} at (0,0) size 0x0
+ RenderTable {TABLE} at (0,18) size 191x52 [border: (1px outset #808080)]
RenderTableSection {TBODY} at (1,1) size 189x50
RenderTableRow {TR} at (0,2) size 189x22
RenderTableCell {TD} at (2,2) size 97x22 [border: (1px inset #808080)] [r=0 c=0 rs=1 cs=1]
+2006-11-07 Beth Dakin <bdakin@apple.com>
+
+ Reviewed by Hyatt.
+
+ Another go at fix for <rdar://problem/4820814> A crash occurs at
+ WebCore::HitTestResult::spellingToolTip() when mousing down on
+ iframe at www.macsurfer.com
+
+ The fix from yesterday caused a layout test regression which
+ exposed an existing bug. The existing bug was that we allowed text
+ nodes to stay in the head tag, but other browsers move them to the
+ body. The previous fix also caused a performance regression, which
+ was seemingly easy to fix by moving the new clause in
+ HTMLParser::handleError() to be below the HTMLElement case.
+
+ * html/HTMLDocument.cpp:
+ (WebCore::HTMLDocument::childAllowed): Don't allow comment nodes to
+ be the child of the document.
+ * html/HTMLHeadElement.cpp:
+ (WebCore::HTMLHeadElement::childAllowed): Do not allow non-
+ whitespace text nodes to be children of the head.
+ * html/HTMLHeadElement.h:
+ * html/HTMLParser.cpp:
+ (WebCore::HTMLParser::handleError): Error case for comment nodes.
+ * page/FrameView.cpp:
+ (WebCore::FrameView::handleMousePressEvent): Safety-net null check
+ for the original crash.
+
2006-11-07 Darin Adler <darin@apple.com>
- another attempt to fix Qt build
bool HTMLDocument::childAllowed( Node *newChild )
{
- return newChild->hasTagName(htmlTag) || newChild->isCommentNode();
+ return newChild->hasTagName(htmlTag);
}
PassRefPtr<Element> HTMLDocument::createElement(const String &name, ExceptionCode& ec)
#include "HTMLHeadElement.h"
#include "HTMLNames.h"
+#include "Text.h"
namespace WebCore {
setAttribute(profileAttr, value);
}
+bool HTMLHeadElement::childAllowed(Node* newChild)
+{
+ // Do not allow non-whitespace text nodes in the head
+ if (newChild->isTextNode())
+ return static_cast<Text*>(newChild)->containsOnlyWhitespace();
+
+ return HTMLElement::childAllowed(newChild);
+}
+
bool HTMLHeadElement::checkDTD(const Node* newChild)
{
return newChild->hasTagName(titleTag) || newChild->hasTagName(isindexTag) ||
virtual HTMLTagStatus endTagRequirement() const { return TagStatusOptional; }
virtual int tagPriority() const { return 10; }
+ virtual bool childAllowed(Node* newChild);
virtual bool checkDTD(const Node* newChild);
String profile() const;
return insertNode(n);
}
}
+ } else if (n->isCommentNode() && !head) {
+ head = new HTMLHeadElement(document);
+ e = head;
+ insertNode(e);
+ if (head) {
+ head->addChild(n);
+ if (!n->attached() && !m_fragment)
+ n->attach();
+ }
+ return true;
}
// 2. Next we examine our currently active element to do some further error handling.
MouseEventWithHitTestResults mev = prepareMouseEvent(false, true, false, mouseEvent);
+ if (!mev.targetNode()) {
+ invalidateClick();
+ return;
+ }
+
Frame* subframe = subframeForTargetNode(mev.targetNode());
if (subframe && passMousePressEventToSubframe(mev, subframe)) {
invalidateClick();
git://git.webkit.org / WebKit-https.git / commitdiff
