2011-01-30 Kenichi Ishibashi <bashi@google.com>
authortkent@chromium.org <tkent@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 31 Jan 2011 07:18:06 +0000 (07:18 +0000)
committertkent@chromium.org <tkent@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 31 Jan 2011 07:18:06 +0000 (07:18 +0000)
commitfc1929013018ef9b11f89acf64c114e23af5ac07
treee229414ef31ff2738662230a945f599dd2f948be
parentad0e9df13f6358c5080fcac4eec125ac865a6d60
2011-01-30  Kenichi Ishibashi  <bashi@google.com>

        Reviewed by Kent Tamura.

        Dangling form associated elements should not be registered on the document
        https://bugs.webkit.org/show_bug.cgi?id=53223

        Adds insertedIntoDocument() and remvoedFromDocument() to
        FormAssociatedElement class to register the element on the document
        if and only if it actually inserted into (removed from) the document.

        Test: fast/forms/dangling-form-element-crash.html

        * html/FormAssociatedElement.cpp:
        (WebCore::FormAssociatedElement::insertedIntoDocument): Added.
        (WebCore::FormAssociatedElement::removedFromDocument): Ditto.
        (WebCore::FormAssociatedElement::insertedIntoTree): Don't register
        the element to a document.
        (WebCore::FormAssociatedElement::removedFromTree): Don't unregister
        the element from a document.
        * html/FormAssociatedElement.h:
        * html/HTMLFormControlElement.cpp:
        (WebCore::HTMLFormControlElement::insertedIntoDocument): Added.
        (WebCore::HTMLFormControlElement::removedFromDocument): Ditto.
        * html/HTMLFormControlElement.h:
        * html/HTMLObjectElement.cpp:
        (WebCore::HTMLObjectElement::insertedIntoDocument): Calls
        FormAssociatedElement::insertedIntoDocument().
        (WebCore::HTMLObjectElement::removedFromDocument): Calls
        FormAssociatedElement::removedFromDocument().

2011-01-30  Kenichi Ishibashi  <bashi@google.com>

        Reviewed by Kent Tamura.

        Dangling form associated elements should not be registered on the document
        https://bugs.webkit.org/show_bug.cgi?id=53223

        Adds a test that ensures dangling form associated elements are not
        registered on the document.

        * fast/forms/dangling-form-element-crash-expected.txt: Added.
        * fast/forms/dangling-form-element-crash.html: Added.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@77114 268f45cc-cd09-0410-ab3c-d52691b4dbfc
LayoutTests/ChangeLog
LayoutTests/fast/forms/dangling-form-element-crash-expected.txt [new file with mode: 0644]
LayoutTests/fast/forms/dangling-form-element-crash.html [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/html/FormAssociatedElement.cpp
Source/WebCore/html/FormAssociatedElement.h
Source/WebCore/html/HTMLFormControlElement.cpp
Source/WebCore/html/HTMLFormControlElement.h
Source/WebCore/html/HTMLObjectElement.cpp