Title: [114572] branches/chromium/1084/Source/WebCore
- Revision
- 114572
- Author
- [email protected]
- Date
- 2012-04-18 15:57:40 -0700 (Wed, 18 Apr 2012)
Log Message
Merge 113287 - Auto-size may not work on first load
https://bugs.webkit.org/show_bug.cgi?id=82989
Patch by Andrei Burago <[email protected]> on 2012-04-04
Reviewed by David Levin.
No new tests. The only known repro scenario involves using chrome with a third-party extension,
which makes making a test out of it problematic.
* dom/Document.cpp:
(WebCore::Document::implicitClose):
* page/FrameView.cpp:
(WebCore::FrameView::autoSizeIfEnabled):
[email protected]
Review URL: https://chromiumcodereview.appspot.com/10116046
Modified Paths
Diff
Modified: branches/chromium/1084/Source/WebCore/ChangeLog (114571 => 114572)
--- branches/chromium/1084/Source/WebCore/ChangeLog 2012-04-18 22:49:31 UTC (rev 114571)
+++ branches/chromium/1084/Source/WebCore/ChangeLog 2012-04-18 22:57:40 UTC (rev 114572)
@@ -1,3 +1,77 @@
+2012-04-04 Andrei Burago <[email protected]>
+
+ Auto-size may not work on first load
+ https://bugs.webkit.org/show_bug.cgi?id=82989
+
+ Reviewed by David Levin.
+
+ No new tests. The only known repro scenario involves using chrome with a third-party extension,
+ which makes making a test out of it problematic.
+
+ * dom/Document.cpp:
+ (WebCore::Document::implicitClose):
+ * page/FrameView.cpp:
+ (WebCore::FrameView::autoSizeIfEnabled):
+
+2012-04-04 Adam Barth <[email protected]>
+
+ XSSAuditor doesn't catch injected srcdoc attributes
+ https://bugs.webkit.org/show_bug.cgi?id=83238
+
+ Reviewed by Daniel Bates.
+
+ <iframe srcdoc> is an XSS injection vector because the srcdoc inherits
+ the security origin of the parent page. This patch updates the XSS
+ auditor to check whether the attribute is injected using the same
+ hueristics we use for inline event handlers.
+
+ Test: http/tests/security/xssAuditor/iframe-srcdoc.html
+
+ * html/parser/XSSAuditor.cpp:
+ (WebCore::XSSAuditor::filterIframeToken):
+ (WebCore::XSSAuditor::eraseDangerousAttributesIfInjected):
+ (WebCore::XSSAuditor::eraseAttributeIfInjected):
+ (WebCore::XSSAuditor::decodedSnippetForAttribute):
+ * html/parser/XSSAuditor.h:
+
+2012-04-04 Leo Yang <[email protected]>
+
+ [BlackBerry] Add local: protocol support in KURL for blackberry
+ https://bugs.webkit.org/show_bug.cgi?id=82695
+
+ Reviewed by Rob Buis.
+
+ BlackBerry porting is using local: protocol just as file: protocol
+ with the exception that it sandboxes the path to the application private space.
+
+ * platform/KURL.cpp:
+ (WebCore::KURL::parse):
+ (WebCore::portAllowed):
+
+2012-04-04 Simon Fraser <[email protected]>
+
+ https://bugs.webkit.org/show_bug.cgi?id=82994
+
+ Reviewed by James Robinson.
+
+ Fix an issue when removing elements with reflections from the document.
+
+ Test: compositing/reflections/remove-reflection.html
+
+ * platform/graphics/GraphicsLayer.cpp:
+ (WebCore::GraphicsLayer::willBeDestroyed):
+
+2012-04-04 Charles Wei <[email protected]>
+
+ Need using namespace std for system calls in MIMESniffing.cpp
+ https://bugs.webkit.org/show_bug.cgi?id=82706
+
+ Reviewed by Antonio Gomes.
+
+ No new tests, just fix the compile error for BlackBerry porting.
+
+ * platform/network/MIMESniffing.cpp:
+
2012-04-04 Greg Billock <[email protected]>
Switch web intents API to be vendor-prefixed
Modified: branches/chromium/1084/Source/WebCore/dom/Document.cpp (114571 => 114572)
--- branches/chromium/1084/Source/WebCore/dom/Document.cpp 2012-04-18 22:49:31 UTC (rev 114571)
+++ branches/chromium/1084/Source/WebCore/dom/Document.cpp 2012-04-18 22:57:40 UTC (rev 114572)
@@ -2338,11 +2338,11 @@
printf("onload fired at %d\n", elapsedTime());
#endif
- m_processingLoadEvent = false;
-
// An event handler may have removed the frame
- if (!frame())
+ if (!frame()) {
+ m_processingLoadEvent = false;
return;
+ }
// Make sure both the initial layout and reflow happen after the onload
// fires. This will improve onload scores, and other browsers do it.
@@ -2351,6 +2351,7 @@
if (frame()->navigationScheduler()->locationChangePending() && elapsedTime() < cLayoutScheduleThreshold) {
// Just bail out. Before or during the onload we were shifted to another page.
// The old i-Bench suite does this. When this happens don't bother painting or laying out.
+ m_processingLoadEvent = false;
view()->unscheduleRelayout();
return;
}
@@ -2370,6 +2371,8 @@
view()->layout();
}
+ m_processingLoadEvent = false;
+
// If painting and compositing layer updates were suppressed pending the load event, do these actions now.
if (renderer() && settings() && settings()->suppressesIncrementalRendering()) {
#if USE(ACCELERATED_COMPOSITING)
Modified: branches/chromium/1084/Source/WebCore/page/FrameView.cpp (114571 => 114572)
--- branches/chromium/1084/Source/WebCore/page/FrameView.cpp 2012-04-18 22:49:31 UTC (rev 114571)
+++ branches/chromium/1084/Source/WebCore/page/FrameView.cpp 2012-04-18 22:57:40 UTC (rev 114572)
@@ -148,6 +148,7 @@
, m_scrollCorner(0)
, m_shouldAutoSize(false)
, m_inAutoSize(false)
+ , m_didRunAutosize(false)
{
init();
@@ -2420,6 +2421,11 @@
if (!documentRenderBox)
return;
+ // If this is the first time we run autosize, start from small height and
+ // allow it to grow.
+ if (!m_didRunAutosize)
+ resize(frameRect().width(), m_minAutoSize.height());
+
// Do the resizing twice. The first time is basically a rough calculation using the preferred width
// which may result in a height change during the second iteration.
for (int i = 0; i < 2; i++) {
@@ -2476,6 +2482,8 @@
// during an intermediate state (and then changing back to a bigger size as the load progresses).
if (!frame()->loader()->isComplete() && (newSize.height() < size.height() || newSize.width() < size.width()))
break;
+ else if (document->processingLoadEvent())
+ newSize = newSize.expandedTo(size);
resize(newSize.width(), newSize.height());
// Force the scrollbar state to avoid the scrollbar code adding them and causing them to be needed. For example,
// a vertical scrollbar may cause text to wrap and thus increase the height (which is the only reason the scollbar is needed).
@@ -2483,6 +2491,7 @@
setHorizontalScrollbarLock(false);
setScrollbarModes(horizonalScrollbarMode, verticalScrollbarMode, true, true);
}
+ m_didRunAutosize = true;
}
void FrameView::updateOverflowStatus(bool horizontalOverflow, bool verticalOverflow)
@@ -3119,6 +3128,7 @@
m_shouldAutoSize = enable;
m_minAutoSize = minSize;
m_maxAutoSize = maxSize;
+ m_didRunAutosize = false;
setNeedsLayout();
scheduleRelayout();
Modified: branches/chromium/1084/Source/WebCore/page/FrameView.h (114571 => 114572)
--- branches/chromium/1084/Source/WebCore/page/FrameView.h 2012-04-18 22:49:31 UTC (rev 114571)
+++ branches/chromium/1084/Source/WebCore/page/FrameView.h 2012-04-18 22:57:40 UTC (rev 114572)
@@ -508,6 +508,8 @@
// If true, automatically resize the frame view around its content.
bool m_shouldAutoSize;
bool m_inAutoSize;
+ // True if autosize has been run since m_shouldAutoSize was set.
+ bool m_didRunAutosize;
// The lower bound on the size when autosizing.
IntSize m_minAutoSize;
// The upper bound on the size when autosizing.
_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes
