Diff
Modified: trunk/LayoutTests/ChangeLog (112693 => 112694)
--- trunk/LayoutTests/ChangeLog 2012-03-30 18:04:07 UTC (rev 112693)
+++ trunk/LayoutTests/ChangeLog 2012-03-30 18:07:27 UTC (rev 112694)
@@ -1,3 +1,13 @@
+2012-03-30 Chris Fleizach <[email protected]>
+
+ AX: Crash at WebCore::renderObjectContainsPosition(WebCore::RenderObject*, WebCore::Position const&)
+ https://bugs.webkit.org/show_bug.cgi?id=82745
+
+ Reviewed by Simon Fraser.
+
+ * platform/mac/accessibility/range-for-position-expected.txt: Added.
+ * platform/mac/accessibility/range-for-position.html: Added.
+
2012-03-30 Alexander Pavlov <[email protected]>
[Chromium] Unreviewed, rebaseline part of expectations after r112667 using garden-o-matic (224 files affected).
Added: trunk/LayoutTests/platform/mac/accessibility/range-for-position-expected.txt (0 => 112694)
--- trunk/LayoutTests/platform/mac/accessibility/range-for-position-expected.txt (rev 0)
+++ trunk/LayoutTests/platform/mac/accessibility/range-for-position-expected.txt 2012-03-30 18:07:27 UTC (rev 112694)
@@ -0,0 +1,12 @@
+
+
+This tests that an invalid position for rangeForPosition will not crash.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS textField.rangeForPosition(textField.x + 5, textField.y - 25) is '{0, 0}'
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
Added: trunk/LayoutTests/platform/mac/accessibility/range-for-position.html (0 => 112694)
--- trunk/LayoutTests/platform/mac/accessibility/range-for-position.html (rev 0)
+++ trunk/LayoutTests/platform/mac/accessibility/range-for-position.html 2012-03-30 18:07:27 UTC (rev 112694)
@@ -0,0 +1,35 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<html>
+<head>
+<script src=""
+</head>
+<body id="body">
+
+<input type="text" value="Hello Text" id="text"><br>
+<img src="" width="500" height="500" usemap=""
+<map name="map">
+<area shape="rect" coords="0, 0, 500, 500" href="" role="textbox">
+</map>
+
+<p id="description"></p>
+<div id="console"></div>
+
+<script>
+
+ description("This tests that an invalid position for rangeForPosition will not crash.");
+
+ if (window.accessibilityController) {
+
+ document.getElementById("text").focus();
+ var textField = accessibilityController.focusedElement;
+
+ // Generate a hit test onto a node that will not have a renderer (the image map).
+ // This will create an invalidate VisiblePosition and lead to a crash/assert.
+ shouldBe("textField.rangeForPosition(textField.x + 5, textField.y - 25)", "'{0, 0}'");
+ }
+
+</script>
+
+<script src=""
+</body>
+</html>
Modified: trunk/Source/WebCore/ChangeLog (112693 => 112694)
--- trunk/Source/WebCore/ChangeLog 2012-03-30 18:04:07 UTC (rev 112693)
+++ trunk/Source/WebCore/ChangeLog 2012-03-30 18:07:27 UTC (rev 112694)
@@ -1,3 +1,15 @@
+2012-03-30 Chris Fleizach <[email protected]>
+
+ AX: Crash at WebCore::renderObjectContainsPosition(WebCore::RenderObject*, WebCore::Position const&)
+ https://bugs.webkit.org/show_bug.cgi?id=82745
+
+ Reviewed by Simon Fraser.
+
+ Test: platform/mac/accessibility/range-for-position.html
+
+ * accessibility/AccessibilityRenderObject.cpp:
+ (WebCore::AccessibilityRenderObject::index):
+
2012-03-30 John Sullivan <[email protected]>
Certain emoji characters should not be displayed in user-visible URL strings.
Modified: trunk/Source/WebCore/accessibility/AccessibilityRenderObject.cpp (112693 => 112694)
--- trunk/Source/WebCore/accessibility/AccessibilityRenderObject.cpp 2012-03-30 18:04:07 UTC (rev 112693)
+++ trunk/Source/WebCore/accessibility/AccessibilityRenderObject.cpp 2012-03-30 18:07:27 UTC (rev 112694)
@@ -2731,7 +2731,7 @@
// NOTE: Consider providing this utility method as AX API
int AccessibilityRenderObject::index(const VisiblePosition& position) const
{
- if (!isTextControl())
+ if (position.isNull() || !isTextControl())
return -1;
if (renderObjectContainsPosition(m_renderer, position.deepEquivalent()))
Modified: trunk/Tools/ChangeLog (112693 => 112694)
--- trunk/Tools/ChangeLog 2012-03-30 18:04:07 UTC (rev 112693)
+++ trunk/Tools/ChangeLog 2012-03-30 18:07:27 UTC (rev 112694)
@@ -1,3 +1,27 @@
+2012-03-30 Chris Fleizach <[email protected]>
+
+ AX: Crash at WebCore::renderObjectContainsPosition(WebCore::RenderObject*, WebCore::Position const&)
+ https://bugs.webkit.org/show_bug.cgi?id=82745
+
+ Reviewed by Simon Fraser.
+
+ * DumpRenderTree/AccessibilityUIElement.cpp:
+ (rangeForPositionCallback):
+ (AccessibilityUIElement::rangeForPosition):
+ (AccessibilityUIElement::getJSClass):
+ * DumpRenderTree/AccessibilityUIElement.h:
+ (AccessibilityUIElement):
+ * DumpRenderTree/mac/AccessibilityUIElementMac.mm:
+ (AccessibilityUIElement::rangeForPosition):
+ * WebKitTestRunner/InjectedBundle/AccessibilityUIElement.cpp:
+ (WTR::AccessibilityUIElement::rangeForPosition):
+ * WebKitTestRunner/InjectedBundle/AccessibilityUIElement.h:
+ (AccessibilityUIElement):
+ * WebKitTestRunner/InjectedBundle/Bindings/AccessibilityUIElement.idl:
+ * WebKitTestRunner/InjectedBundle/mac/AccessibilityUIElementMac.mm:
+ (WTR::AccessibilityUIElement::rangeForPosition):
+ (WTR):
+
2012-03-30 David Barr <[email protected]>
Split up top-level .gitignore and .gitattributes
Modified: trunk/Tools/DumpRenderTree/AccessibilityUIElement.cpp (112693 => 112694)
--- trunk/Tools/DumpRenderTree/AccessibilityUIElement.cpp 2012-03-30 18:04:07 UTC (rev 112693)
+++ trunk/Tools/DumpRenderTree/AccessibilityUIElement.cpp 2012-03-30 18:07:27 UTC (rev 112694)
@@ -150,6 +150,18 @@
return JSValueMakeString(context, boundsDescription.get());
}
+static JSValueRef rangeForPositionCallback(JSContextRef context, JSObjectRef function, JSObjectRef thisObject, size_t argumentCount, const JSValueRef arguments[], JSValueRef* exception)
+{
+ int x = 0, y = 0;
+ if (argumentCount == 2) {
+ x = JSValueToNumber(context, arguments[0], exception);
+ y = JSValueToNumber(context, arguments[1], exception);
+ }
+
+ JSRetainPtr<JSStringRef> rangeDescription(Adopt, toAXElement(thisObject)->rangeForPosition(x, y));
+ return JSValueMakeString(context, rangeDescription.get());
+}
+
static JSValueRef stringForRangeCallback(JSContextRef context, JSObjectRef function, JSObjectRef thisObject, size_t argumentCount, const JSValueRef arguments[], JSValueRef* exception)
{
unsigned location = UINT_MAX, length = 0;
@@ -934,6 +946,7 @@
#if !PLATFORM(MAC)
JSStringRef AccessibilityUIElement::speak() { return 0; }
JSStringRef AccessibilityUIElement::rangeForLine(int line) { return 0; }
+JSStringRef AccessibilityUIElement::rangeForPosition(int, int) { return 0; }
void AccessibilityUIElement::setSelectedChild(AccessibilityUIElement*) const { }
unsigned AccessibilityUIElement::selectedChildrenCount() const { return 0; }
AccessibilityUIElement AccessibilityUIElement::selectedChildAtIndex(unsigned) const { return 0; }
@@ -1103,6 +1116,7 @@
{ "lineForIndex", lineForIndexCallback, kJSPropertyAttributeReadOnly | kJSPropertyAttributeDontDelete },
{ "rangeForLine", rangeForLineCallback, kJSPropertyAttributeReadOnly | kJSPropertyAttributeDontDelete },
{ "boundsForRange", boundsForRangeCallback, kJSPropertyAttributeReadOnly | kJSPropertyAttributeDontDelete },
+ { "rangeForPosition", rangeForPositionCallback, kJSPropertyAttributeReadOnly | kJSPropertyAttributeDontDelete },
{ "stringForRange", stringForRangeCallback, kJSPropertyAttributeReadOnly | kJSPropertyAttributeDontDelete },
{ "attributedStringForRange", attributedStringForRangeCallback, kJSPropertyAttributeReadOnly | kJSPropertyAttributeDontDelete },
{ "attributedStringRangeIsMisspelled", attributedStringRangeIsMisspelledCallback, kJSPropertyAttributeReadOnly | kJSPropertyAttributeDontDelete },
Modified: trunk/Tools/DumpRenderTree/AccessibilityUIElement.h (112693 => 112694)
--- trunk/Tools/DumpRenderTree/AccessibilityUIElement.h 2012-03-30 18:04:07 UTC (rev 112693)
+++ trunk/Tools/DumpRenderTree/AccessibilityUIElement.h 2012-03-30 18:07:27 UTC (rev 112694)
@@ -191,6 +191,7 @@
// Parameterized attributes
int lineForIndex(int);
JSStringRef rangeForLine(int);
+ JSStringRef rangeForPosition(int x, int y);
JSStringRef boundsForRange(unsigned location, unsigned length);
void setSelectedTextRange(unsigned location, unsigned length);
JSStringRef stringForRange(unsigned location, unsigned length);
Modified: trunk/Tools/DumpRenderTree/mac/AccessibilityUIElementMac.mm (112693 => 112694)
--- trunk/Tools/DumpRenderTree/mac/AccessibilityUIElementMac.mm 2012-03-30 18:04:07 UTC (rev 112693)
+++ trunk/Tools/DumpRenderTree/mac/AccessibilityUIElementMac.mm 2012-03-30 18:07:27 UTC (rev 112694)
@@ -835,14 +835,25 @@
{
BEGIN_AX_OBJC_EXCEPTIONS
id value = [m_element accessibilityAttributeValue:NSAccessibilityRangeForLineParameterizedAttribute forParameter:[NSNumber numberWithInt:line]];
- if ([value isKindOfClass:[NSValue class]]) {
+ if ([value isKindOfClass:[NSValue class]])
return [NSStringFromRange([value rangeValue]) createJSStringRef];
- }
END_AX_OBJC_EXCEPTIONS
return 0;
}
+JSStringRef AccessibilityUIElement::rangeForPosition(int x, int y)
+{
+ BEGIN_AX_OBJC_EXCEPTIONS
+ id value = [m_element accessibilityAttributeValue:NSAccessibilityRangeForPositionParameterizedAttribute forParameter:[NSValue valueWithPoint:NSMakePoint(x, y)]];
+ if ([value isKindOfClass:[NSValue class]])
+ return [NSStringFromRange([value rangeValue]) createJSStringRef];
+ END_AX_OBJC_EXCEPTIONS
+
+ return 0;
+}
+
+
JSStringRef AccessibilityUIElement::boundsForRange(unsigned location, unsigned length)
{
NSRange range = NSMakeRange(location, length);
Modified: trunk/Tools/WebKitTestRunner/InjectedBundle/AccessibilityUIElement.cpp (112693 => 112694)
--- trunk/Tools/WebKitTestRunner/InjectedBundle/AccessibilityUIElement.cpp 2012-03-30 18:04:07 UTC (rev 112693)
+++ trunk/Tools/WebKitTestRunner/InjectedBundle/AccessibilityUIElement.cpp 2012-03-30 18:07:27 UTC (rev 112694)
@@ -151,6 +151,7 @@
JSRetainPtr<JSStringRef> AccessibilityUIElement::ariaDropEffects() const { return 0; }
int AccessibilityUIElement::lineForIndex(int) { return 0; }
JSRetainPtr<JSStringRef> AccessibilityUIElement::rangeForLine(int) { return 0; }
+JSRetainPtr<JSStringRef> AccessibilityUIElement::rangeForPosition(int, int) { return 0; }
JSRetainPtr<JSStringRef> AccessibilityUIElement::boundsForRange(unsigned, unsigned) { return 0; }
void AccessibilityUIElement::setSelectedTextRange(unsigned, unsigned) { }
JSRetainPtr<JSStringRef> AccessibilityUIElement::stringForRange(unsigned, unsigned) { return 0; }
Modified: trunk/Tools/WebKitTestRunner/InjectedBundle/AccessibilityUIElement.h (112693 => 112694)
--- trunk/Tools/WebKitTestRunner/InjectedBundle/AccessibilityUIElement.h 2012-03-30 18:04:07 UTC (rev 112693)
+++ trunk/Tools/WebKitTestRunner/InjectedBundle/AccessibilityUIElement.h 2012-03-30 18:07:27 UTC (rev 112694)
@@ -194,6 +194,7 @@
// Parameterized attributes
int lineForIndex(int);
JSRetainPtr<JSStringRef> rangeForLine(int);
+ JSRetainPtr<JSStringRef> rangeForPosition(int x, int y);
JSRetainPtr<JSStringRef> boundsForRange(unsigned location, unsigned length);
void setSelectedTextRange(unsigned location, unsigned length);
JSRetainPtr<JSStringRef> stringForRange(unsigned location, unsigned length);
Modified: trunk/Tools/WebKitTestRunner/InjectedBundle/Bindings/AccessibilityUIElement.idl (112693 => 112694)
--- trunk/Tools/WebKitTestRunner/InjectedBundle/Bindings/AccessibilityUIElement.idl 2012-03-30 18:04:07 UTC (rev 112693)
+++ trunk/Tools/WebKitTestRunner/InjectedBundle/Bindings/AccessibilityUIElement.idl 2012-03-30 18:07:27 UTC (rev 112694)
@@ -132,6 +132,7 @@
DOMString parameterizedAttributeNames();
int lineForIndex(in int index);
DOMString rangeForLine(in int index);
+ DOMString rangeForPosition(in int x, in int y);
DOMString boundsForRange(in unsigned long location, in unsigned long length);
DOMString stringForRange(in unsigned long location, in unsigned long length);
DOMString attributedStringForRange(in unsigned long location, in unsigned long length);
Modified: trunk/Tools/WebKitTestRunner/InjectedBundle/mac/AccessibilityUIElementMac.mm (112693 => 112694)
--- trunk/Tools/WebKitTestRunner/InjectedBundle/mac/AccessibilityUIElementMac.mm 2012-03-30 18:04:07 UTC (rev 112693)
+++ trunk/Tools/WebKitTestRunner/InjectedBundle/mac/AccessibilityUIElementMac.mm 2012-03-30 18:07:27 UTC (rev 112694)
@@ -843,14 +843,24 @@
{
BEGIN_AX_OBJC_EXCEPTIONS
id value = [m_element accessibilityAttributeValue:NSAccessibilityRangeForLineParameterizedAttribute forParameter:[NSNumber numberWithInt:line]];
- if ([value isKindOfClass:[NSValue class]]) {
+ if ([value isKindOfClass:[NSValue class]])
return [NSStringFromRange([value rangeValue]) createJSStringRef];
- }
END_AX_OBJC_EXCEPTIONS
return 0;
}
+JSRetainPtr<JSStringRef> AccessibilityUIElement::rangeForPosition(int x, int y)
+{
+ BEGIN_AX_OBJC_EXCEPTIONS
+ id value = [m_element accessibilityAttributeValue:NSAccessibilityRangeForPositionParameterizedAttribute forParameter:[NSValue valueWithPoint:NSMakePoint(x, y)]];
+ if ([value isKindOfClass:[NSValue class]])
+ return [NSStringFromRange([value rangeValue]) createJSStringRef];
+ END_AX_OBJC_EXCEPTIONS
+
+ return 0;
+}
+
JSRetainPtr<JSStringRef> AccessibilityUIElement::boundsForRange(unsigned location, unsigned length)
{
NSRange range = NSMakeRange(location, length);
