Reviewed by Darin.
authormjs <mjs@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 3 Mar 2005 00:30:32 +0000 (00:30 +0000)
committermjs <mjs@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 3 Mar 2005 00:30:32 +0000 (00:30 +0000)
<rdar://problem/4031718> REGRESSION (401-401+): Safari reproducible crash setting up scope in JSLazyEventListener::parseCode authenticating to bugweb

* khtml/ecma/kjs_events.cpp:
(JSLazyEventListener::parseCode): If originalNode is NULL, don't
mess with the scope chain.

        * khtml/html/html_baseimpl.cpp:
        (HTMLBodyElementImpl::parseHTMLAttribute): For handlers that are
delcared on body but set on the document, pass NULL to avoid
swizzling the scope chain. It turns out that this is what browsers
do, and it finesses the crash.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@8756 268f45cc-cd09-0410-ab3c-d52691b4dbfc

WebCore/ChangeLog-2005-08-23
WebCore/khtml/ecma/kjs_events.cpp
WebCore/khtml/html/html_baseimpl.cpp

index 56a5309a1b5df5813d91fb3087208bed51c6b657..ed4d97e78191aa53420be68d7e010ed03b83a7fb 100644 (file)
@@ -1,3 +1,19 @@
+2005-03-02  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Darin.
+
+       <rdar://problem/4031718> REGRESSION (401-401+): Safari reproducible crash setting up scope in JSLazyEventListener::parseCode authenticating to bugweb
+        
+       * khtml/ecma/kjs_events.cpp:
+       (JSLazyEventListener::parseCode): If originalNode is NULL, don't
+       mess with the scope chain.
+       
+        * khtml/html/html_baseimpl.cpp:
+        (HTMLBodyElementImpl::parseHTMLAttribute): For handlers that are
+       delcared on body but set on the document, pass NULL to avoid
+       swizzling the scope chain. It turns out that this is what browsers
+       do, and it finesses the crash.
+
 2005-03-02  David Harrison  <harrison@apple.com>
 
         Reviewed by Ken.
 2005-03-02  David Harrison  <harrison@apple.com>
 
         Reviewed by Ken.
index 9769f042d657b45f38e3bcaec4705a8742c9e894..c626b87baa10e5a82c3b22783262c283b9ce9459 100644 (file)
@@ -204,7 +204,7 @@ void JSLazyEventListener::parseCode() const
 
        // failed to parse, so let's just make this listener a no-op
        listener = Object();
 
        // failed to parse, so let's just make this listener a no-op
        listener = Object();
-      } else {
+      } else if (originalNode) {
         // Add the event's home element to the scope
         // (and the document, and the form - see KJS::HTMLElement::eventHandlerScope)
         ScopeChain scope = listener.scope();
         // Add the event's home element to the scope
         // (and the document, and the form - see KJS::HTMLElement::eventHandlerScope)
         ScopeChain scope = listener.scope();
index da633c9795499f6f49103116c9b11a62dc767dc9..5ece3b1cc95eb98b91e8b2c39a788a6b6f6d8378 100644 (file)
@@ -168,27 +168,27 @@ void HTMLBodyElementImpl::parseHTMLAttribute(HTMLAttributeImpl *attr)
     }
     case ATTR_ONLOAD:
         getDocument()->setHTMLWindowEventListener(EventImpl::LOAD_EVENT,
     }
     case ATTR_ONLOAD:
         getDocument()->setHTMLWindowEventListener(EventImpl::LOAD_EVENT,
-           getDocument()->createHTMLEventListener(attr->value().string(), this));
+           getDocument()->createHTMLEventListener(attr->value().string(), NULL));
         break;
     case ATTR_ONUNLOAD:
         getDocument()->setHTMLWindowEventListener(EventImpl::UNLOAD_EVENT,
         break;
     case ATTR_ONUNLOAD:
         getDocument()->setHTMLWindowEventListener(EventImpl::UNLOAD_EVENT,
-           getDocument()->createHTMLEventListener(attr->value().string(), this));
+           getDocument()->createHTMLEventListener(attr->value().string(), NULL));
         break;
     case ATTR_ONBLUR:
         getDocument()->setHTMLWindowEventListener(EventImpl::BLUR_EVENT,
         break;
     case ATTR_ONBLUR:
         getDocument()->setHTMLWindowEventListener(EventImpl::BLUR_EVENT,
-           getDocument()->createHTMLEventListener(attr->value().string(), this));
+           getDocument()->createHTMLEventListener(attr->value().string(), NULL));
         break;
     case ATTR_ONFOCUS:
         getDocument()->setHTMLWindowEventListener(EventImpl::FOCUS_EVENT,
         break;
     case ATTR_ONFOCUS:
         getDocument()->setHTMLWindowEventListener(EventImpl::FOCUS_EVENT,
-           getDocument()->createHTMLEventListener(attr->value().string(), this));
+           getDocument()->createHTMLEventListener(attr->value().string(), NULL));
         break;
     case ATTR_ONRESIZE:
         getDocument()->setHTMLWindowEventListener(EventImpl::RESIZE_EVENT,
         break;
     case ATTR_ONRESIZE:
         getDocument()->setHTMLWindowEventListener(EventImpl::RESIZE_EVENT,
-           getDocument()->createHTMLEventListener(attr->value().string(), this));
+           getDocument()->createHTMLEventListener(attr->value().string(), NULL));
         break;
     case ATTR_ONSCROLL:
         getDocument()->setHTMLWindowEventListener(EventImpl::SCROLL_EVENT,
         break;
     case ATTR_ONSCROLL:
         getDocument()->setHTMLWindowEventListener(EventImpl::SCROLL_EVENT,
-                                                  getDocument()->createHTMLEventListener(attr->value().string(), this));
+                                                  getDocument()->createHTMLEventListener(attr->value().string(), NULL));
         break;
     case ATTR_NOSAVE:
        break;
         break;
     case ATTR_NOSAVE:
        break;