[webkit-changes] [102793] trunk

Wed, 14 Dec 2011 09:48:33 -0800

Title: [102793] trunk
Revision
102793
Author
[email protected]
Date
2011-12-14 09:48:26 -0800 (Wed, 14 Dec 2011)

Log Message

Web Inspector: DatabaseTableView should escape table name.
https://bugs.webkit.org/show_bug.cgi?id=74503

Reviewed by Pavel Feldman.

Source/WebCore:

Test: inspector/database-table-name-excaping.html

* inspector/front-end/DatabaseTableView.js:
(WebInspector.DatabaseTableView.prototype._escapeTableName):
(WebInspector.DatabaseTableView.prototype.update):

LayoutTests:

* inspector/database-table-name-excaping-expected.txt: Added.
* inspector/database-table-name-excaping.html: Added.

Modified Paths

Added Paths

Diff

Modified: trunk/LayoutTests/ChangeLog (102792 => 102793)


--- trunk/LayoutTests/ChangeLog	2011-12-14 17:41:37 UTC (rev 102792)
+++ trunk/LayoutTests/ChangeLog	2011-12-14 17:48:26 UTC (rev 102793)
@@ -1,3 +1,13 @@
+2011-12-14  Vsevolod Vlasov  <[email protected]>
+
+        Web Inspector: DatabaseTableView should escape table name.
+        https://bugs.webkit.org/show_bug.cgi?id=74503
+
+        Reviewed by Pavel Feldman.
+
+        * inspector/database-table-name-excaping-expected.txt: Added.
+        * inspector/database-table-name-excaping.html: Added.
+
 2011-12-14  João Paulo Rechi Vita  <[email protected]>
 
         [Qt] [Gardening] editing/pasteboard/4242293-1.html now passes.

Added: trunk/LayoutTests/inspector/database-table-name-excaping-expected.txt (0 => 102793)


--- trunk/LayoutTests/inspector/database-table-name-excaping-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/inspector/database-table-name-excaping-expected.txt	2011-12-14 17:48:26 UTC (rev 102793)
@@ -0,0 +1,6 @@
+Tests how table names are escaped in database table view.
+
+Bug 74422
+Original value: table-name-with-dashes-and-"quotes"
+Escaped value: table-name-with-dashes-and-""quotes""
+
Property changes on: trunk/LayoutTests/inspector/database-table-name-excaping-expected.txt
___________________________________________________________________

Added: svn:eol-style

Added: trunk/LayoutTests/inspector/database-table-name-excaping.html (0 => 102793)


--- trunk/LayoutTests/inspector/database-table-name-excaping.html	                        (rev 0)
+++ trunk/LayoutTests/inspector/database-table-name-excaping.html	2011-12-14 17:48:26 UTC (rev 102793)
@@ -0,0 +1,20 @@
+<html>
+<head>
+<script src=""
+<script>
+
+function test()
+{
+    var tableName = "table-name-with-dashes-and-\"quotes\"";
+    var escapedTableName = WebInspector.DatabaseTableView.prototype._escapeTableName(tableName, "", true);
+    InspectorTest.addResult("Original value: " + tableName);
+    InspectorTest.addResult("Escaped value: " + escapedTableName);
+    InspectorTest.completeTest();
+}
+</script>
+</head>
+<body _onload_="runTest()">
+ <p>Tests how table names are escaped in database table view.</p>
+<a href="" 74422</a>
+</body>
+</html>
Property changes on: trunk/LayoutTests/inspector/database-table-name-excaping.html
___________________________________________________________________

Added: svn:eol-style

Modified: trunk/Source/WebCore/ChangeLog (102792 => 102793)


--- trunk/Source/WebCore/ChangeLog	2011-12-14 17:41:37 UTC (rev 102792)
+++ trunk/Source/WebCore/ChangeLog	2011-12-14 17:48:26 UTC (rev 102793)
@@ -1,3 +1,16 @@
+2011-12-14  Vsevolod Vlasov  <[email protected]>
+
+        Web Inspector: DatabaseTableView should escape table name.
+        https://bugs.webkit.org/show_bug.cgi?id=74503
+
+        Reviewed by Pavel Feldman.
+
+        Test: inspector/database-table-name-excaping.html
+
+        * inspector/front-end/DatabaseTableView.js:
+        (WebInspector.DatabaseTableView.prototype._escapeTableName):
+        (WebInspector.DatabaseTableView.prototype.update):
+
 2011-12-14  Philippe Normand  <[email protected]>
 
         [GStreamer] padTemplate leak in webkitwebaudiosrc

Modified: trunk/Source/WebCore/inspector/front-end/DatabaseTableView.js (102792 => 102793)


--- trunk/Source/WebCore/inspector/front-end/DatabaseTableView.js	2011-12-14 17:41:37 UTC (rev 102792)
+++ trunk/Source/WebCore/inspector/front-end/DatabaseTableView.js	2011-12-14 17:48:26 UTC (rev 102793)
@@ -52,9 +52,18 @@
         return [this.refreshButton.element];
     },
 
+    /**
+     * @param {string} tableName
+     * @return {string}
+     */
+    _escapeTableName: function(tableName)
+    {
+        return tableName.replace(/\"/g, "\"\"");
+    },
+    
     update: function()
     {
-        this.database.executeSql("SELECT * FROM " + this.tableName, this._queryFinished.bind(this), this._queryError.bind(this));
+        this.database.executeSql("SELECT * FROM \"" + this._escapeTableName(this.tableName) + "\"", this._queryFinished.bind(this), this._queryError.bind(this));
     },
 
     _queryFinished: function(columnNames, values)

_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes

Reply via email to