[webkit-changes] [131500] trunk

Tue, 16 Oct 2012 14:16:20 -0700

Title: [131500] trunk
Revision
131500
Author
[email protected]
Date
2012-10-16 14:17:37 -0700 (Tue, 16 Oct 2012)

Log Message

Document::adoptNode shouldn't special-case <iframe>
https://bugs.webkit.org/show_bug.cgi?id=99247

Reviewed by Ryosuke Niwa.

Source/WebCore:

The special case was added in http://trac.webkit.org/changeset/75293 to
fix a bug with magic iframes. Originally, I planned to remove this
special case, but further investigation reveals that other browsers
throw exceptions for other frame owner elements as well. Now we treat
all frame owner elements the same way.

Test: fast/frames/adopt-object-into-itself.html

* dom/Document.cpp:
(WebCore::Document::adoptNode):

LayoutTests:

Test that adopting an object element into itself also throws an
exception.

* fast/frames/adopt-object-into-itself-expected.txt: Added.
* fast/frames/adopt-object-into-itself.html: Added.

Modified Paths

Added Paths

Diff

Modified: trunk/LayoutTests/ChangeLog (131499 => 131500)


--- trunk/LayoutTests/ChangeLog	2012-10-16 21:05:15 UTC (rev 131499)
+++ trunk/LayoutTests/ChangeLog	2012-10-16 21:17:37 UTC (rev 131500)
@@ -1,3 +1,16 @@
+2012-10-16  Adam Barth  <[email protected]>
+
+        Document::adoptNode shouldn't special-case <iframe>
+        https://bugs.webkit.org/show_bug.cgi?id=99247
+
+        Reviewed by Ryosuke Niwa.
+
+        Test that adopting an object element into itself also throws an
+        exception.
+
+        * fast/frames/adopt-object-into-itself-expected.txt: Added.
+        * fast/frames/adopt-object-into-itself.html: Added.
+
 2012-10-16  Dana Jansens  <[email protected]>
 
         lots-of-objects.html is flaky crashing on the webkit.org mac bot.

Added: trunk/LayoutTests/fast/frames/adopt-object-into-itself-expected.txt (0 => 131500)


--- trunk/LayoutTests/fast/frames/adopt-object-into-itself-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/fast/frames/adopt-object-into-itself-expected.txt	2012-10-16 21:17:37 UTC (rev 131500)
@@ -0,0 +1,2 @@
+ALERT: Error: HIERARCHY_REQUEST_ERR: DOM Exception 3
+

Added: trunk/LayoutTests/fast/frames/adopt-object-into-itself.html (0 => 131500)


--- trunk/LayoutTests/fast/frames/adopt-object-into-itself.html	                        (rev 0)
+++ trunk/LayoutTests/fast/frames/adopt-object-into-itself.html	2012-10-16 21:17:37 UTC (rev 131500)
@@ -0,0 +1,14 @@
+<script>
+if (window.testRunner)
+    testRunner.dumpAsText();
+
+function test() {
+    try {
+        var frame = document.getElementById("f");
+        var childNode = frame.contentDocument.adoptNode(frame);
+    } catch(ex) {
+        alert(ex);
+    }
+}
+</script>
+<object id="f" _onload_="test();" data=""

Modified: trunk/Source/WebCore/ChangeLog (131499 => 131500)


--- trunk/Source/WebCore/ChangeLog	2012-10-16 21:05:15 UTC (rev 131499)
+++ trunk/Source/WebCore/ChangeLog	2012-10-16 21:17:37 UTC (rev 131500)
@@ -1,3 +1,21 @@
+2012-10-16  Adam Barth  <[email protected]>
+
+        Document::adoptNode shouldn't special-case <iframe>
+        https://bugs.webkit.org/show_bug.cgi?id=99247
+
+        Reviewed by Ryosuke Niwa.
+
+        The special case was added in http://trac.webkit.org/changeset/75293 to
+        fix a bug with magic iframes. Originally, I planned to remove this
+        special case, but further investigation reveals that other browsers
+        throw exceptions for other frame owner elements as well. Now we treat
+        all frame owner elements the same way.
+
+        Test: fast/frames/adopt-object-into-itself.html
+
+        * dom/Document.cpp:
+        (WebCore::Document::adoptNode):
+
 2012-10-16  Dominik Röttsches  <[email protected]>
 
         Init timeout flag in ResourceErrorMac

Modified: trunk/Source/WebCore/dom/Document.cpp (131499 => 131500)


--- trunk/Source/WebCore/dom/Document.cpp	2012-10-16 21:05:15 UTC (rev 131499)
+++ trunk/Source/WebCore/dom/Document.cpp	2012-10-16 21:17:37 UTC (rev 131500)
@@ -1050,10 +1050,9 @@
             return 0;
         }
 
-        // FIXME: What about <frame> and <object>?
-        if (source->hasTagName(iframeTag)) {
-            HTMLIFrameElement* iframe = static_cast<HTMLIFrameElement*>(source.get());
-            if (frame() && frame()->tree()->isDescendantOf(iframe->contentFrame())) {
+        if (source->isFrameOwnerElement()) {
+            HTMLFrameOwnerElement* frameOwnerElement = toFrameOwnerElement(source.get());
+            if (frame() && frame()->tree()->isDescendantOf(frameOwnerElement->contentFrame())) {
                 ec = HIERARCHY_REQUEST_ERR;
                 return 0;
             }

_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to