WebKit Bugzilla
New
Browse
Search+
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
[patch]
Patch
bug-41350-20100630182019.patch (text/plain), 15.62 KB, created by
Yury Semikhatsky
on 2010-06-30 07:20:22 PDT
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
Yury Semikhatsky
Created:
2010-06-30 07:20:22 PDT
Size:
15.62 KB
patch
obsolete
>diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog >index cf8d80845d55247d533a153af4a688ef460f3025..afd6f06c4961b3438dba0b6c577106a31de98a5b 100644 >--- a/LayoutTests/ChangeLog >+++ b/LayoutTests/ChangeLog >@@ -1,3 +1,15 @@ >+2010-06-30 Yury Semikhatsky <yurys@chromium.org> >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ [v8] Web Inspector: inspected page crashes on attempt to change iframe's src attribute >+ https://bugs.webkit.org/show_bug.cgi?id=41350 >+ >+ * fast/events/popup-blocked-from-fake-user-gesture-expected.txt: Added. >+ * fast/events/popup-blocked-from-fake-user-gesture.html: Added. >+ * http/tests/inspector/change-iframe-src-expected.txt: Added. >+ * http/tests/inspector/change-iframe-src.html: Added. >+ > 2010-06-30 Sheriff Bot <webkit.review.bot@gmail.com> > > Unreviewed, rolling out r62182. >diff --git a/LayoutTests/fast/events/popup-blocked-from-fake-user-gesture-expected.txt b/LayoutTests/fast/events/popup-blocked-from-fake-user-gesture-expected.txt >new file mode 100644 >index 0000000000000000000000000000000000000000..ee26f21fe1557169fd572a66f5ffbad83837c445 >--- /dev/null >+++ b/LayoutTests/fast/events/popup-blocked-from-fake-user-gesture-expected.txt >@@ -0,0 +1,4 @@ >+Click Here >+PASS win is non-null. >+PASS win is undefined. >+ >diff --git a/LayoutTests/fast/events/popup-blocked-from-fake-user-gesture.html b/LayoutTests/fast/events/popup-blocked-from-fake-user-gesture.html >new file mode 100644 >index 0000000000000000000000000000000000000000..0e2bbd74412a77c250068657dbadab1d914ae15e >--- /dev/null >+++ b/LayoutTests/fast/events/popup-blocked-from-fake-user-gesture.html >@@ -0,0 +1,52 @@ >+<html> >+ <head> >+ <link rel="stylesheet" href="../js/resources/js-test-style.css"> >+ <script src="../js/resources/js-test-pre.js"></script> >+ </head> >+ <body> >+ <button id="test" onclick="clickHandler()">Click Here</button> >+ <div id="console"></div> >+ <script> >+ var stolenEvent; >+ var win; >+ function clickHandler1() >+ { >+ stolenEvent = window.event; >+ win = window.open("about:blank", "blank"); >+ shouldBeNonNull("win"); >+ win.close(); >+ } >+ >+ function clickHandler2() >+ { >+ window.event = stolenEvent; >+ win = window.open("about:blank", "blank"); >+ shouldBeUndefined("win"); >+ } >+ >+ clickHandler = clickHandler1; >+ >+ if (window.layoutTestController) { >+ layoutTestController.dumpAsText(); >+ layoutTestController.setCanOpenWindows(); >+ layoutTestController.setPopupBlockingEnabled(true); >+ layoutTestController.setCloseRemainingWindowsWhenComplete(true); >+ layoutTestController.waitUntilDone(); >+ >+ var button = document.getElementById("test"); >+ >+ if (window.eventSender) { >+ eventSender.mouseMoveTo(button.offsetLeft + button.offsetWidth / 2, button.offsetTop + button.offsetHeight / 2); >+ eventSender.mouseDown(); >+ eventSender.mouseUp(); >+ } >+ >+ clickHandler = clickHandler2; >+ window.event = stolenEvent; >+ button.click(); >+ >+ layoutTestController.notifyDone(); >+ } >+ </script> >+ </body> >+</html> >diff --git a/LayoutTests/http/tests/inspector/change-iframe-src-expected.txt b/LayoutTests/http/tests/inspector/change-iframe-src-expected.txt >new file mode 100644 >index 0000000000000000000000000000000000000000..4ebc9ff2d2b942a7bf7649165977f11c4f6f7b45 >--- /dev/null >+++ b/LayoutTests/http/tests/inspector/change-iframe-src-expected.txt >@@ -0,0 +1,6 @@ >+ >+Tests that Elements panel allows to change src attribute on iframes inside inspected page. See bug 41350. >+ >+Expanded DOM node: 0,HTML,1,BODY,0,IFRAME >+Iframe reloaded. >+ >diff --git a/LayoutTests/http/tests/inspector/change-iframe-src.html b/LayoutTests/http/tests/inspector/change-iframe-src.html >new file mode 100644 >index 0000000000000000000000000000000000000000..0fbb8ffcd18fd129356a1f7761f095a60727ce64 >--- /dev/null >+++ b/LayoutTests/http/tests/inspector/change-iframe-src.html >@@ -0,0 +1,103 @@ >+<html> >+<head> >+<title>Change inspected iframe's "src" attribute.</title> >+<script src="inspector-test.js"></script> >+<script> >+ >+function doit() >+{ >+ evaluateInWebInspector("frontend_changeIFrameSrc", output); >+} >+ >+function onIFrameLoad() >+{ >+ onload(); >+ onIFrameLoad = function() >+ { >+ evaluateInWebInspector("frontend_iframeReloaded", function callback(result) >+ { >+ output(result); >+ notifyDone(); >+ }); >+ var loadedTimes = 2; >+ onIFrameLoad = function() { >+ loadedTimes++; >+ output("loaded: " + loadedTimes); >+ } >+ } >+} >+ >+// Frontend functions. >+ >+function frontend_expandElementsTreeNode(elementsTreeNode, testController, callback) >+{ >+ if (elementsTreeNode.expanded) { >+ callback(); >+ return; >+ } >+ elementsTreeNode.expand(); >+ testController.runAfterPendingDispatches(function() { >+ callback(); >+ }); >+} >+ >+function frontend_expandDOMElementsTreePath(elementsTreeRoot, path, testController, callback) >+{ >+ if (!path.length) { >+ callback(elementsTreeRoot); >+ return; >+ } >+ frontend_expandElementsTreeNode(elementsTreeRoot, testController, function() { >+ var children = elementsTreeRoot.children; >+ var child = elementsTreeRoot.children[path[0]]; >+ if (!child) { >+ testController.notifyDone("Failed to expand node. Path = " + path); >+ return; >+ } >+ if (!child.representedObject) { >+ testController.notifyDone("Represented object is null. Path = " + path); >+ return; >+ } >+ var childNodeName = child.representedObject.nodeName; >+ if (childNodeName !== path[1]) { >+ testController.notifyDone("Unexpected child node name: " + childNodeName + ". Path = " + path); >+ return; >+ } >+ frontend_expandDOMElementsTreePath(child, path.slice(2), testController, callback); >+ }); >+} >+ >+function frontend_changeIFrameSrc(testController) >+{ >+ testController.waitUntilDone(); >+ // Expand the iframe body and examine it. >+ var path = [0, "HTML", 1, "BODY", 0, "IFRAME"]; >+ frontend_expandDOMElementsTreePath(WebInspector.panels.elements.treeOutline, path, testController, function(domElementsTreeNode) { >+ var domNode = domElementsTreeNode.representedObject; >+ testController.results.push("Expanded DOM node: " + path); >+ // Set focus to the iframe node and then change its src. >+ WebInspector.panels.elements.focusedDOMNode = domNode; >+ testController.runAfterPendingDispatches(function() { >+ domNode.setAttribute("src", "http://localhost:8000/inspector/resources/iframe-from-different-domain-data.html"); >+ testController.notifyDone(); >+ }); >+ }); >+} >+ >+function frontend_iframeReloaded(testController) >+{ >+ testController.results.push("Iframe reloaded."); >+ testController.notifyDone(); >+} >+ >+</script> >+</head> >+<body> >+ <iframe src="resources/iframe-from-different-domain-data.html" id="receiver" onload="onIFrameLoad();"></iframe> >+ <p> >+ Tests that Elements panel allows to change src attribute on iframes >+ inside inspected page. >+ See <a href="https://bugs.webkit.org/show_bug.cgi?id=41350">bug 41350</a>. >+ </p> >+</body> >+</html> >diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog >index 4c2e2ee6b337d65da709dc755445fe3b4f4d74ed..2bfcab3612bc75cce5e67460e2675e0771ead8c5 100644 >--- a/WebCore/ChangeLog >+++ b/WebCore/ChangeLog >@@ -1,3 +1,23 @@ >+2010-06-30 Yury Semikhatsky <yurys@chromium.org> >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ [v8] Web Inspector: inspected page crashes on attempt to change iframe's src attribute >+ https://bugs.webkit.org/show_bug.cgi?id=41350 >+ >+ Tests: fast/events/popup-blocked-from-fake-user-gesture.html >+ http/tests/inspector/change-iframe-src.html >+ >+ * bindings/v8/ScriptController.cpp: >+ (WebCore::ScriptController::processingUserGesture): use V8Proxy from the ScriptController instead of one >+ from the call stack. Get event directly from hidden property to avoid unnecessary checks. >+ * bindings/v8/V8AbstractEventListener.cpp: >+ (WebCore::V8AbstractEventListener::invokeEventHandler): >+ * bindings/v8/V8HiddenPropertyName.h: >+ * bindings/v8/custom/V8DOMWindowCustom.cpp: >+ (WebCore::V8DOMWindow::eventAccessorGetter): >+ (WebCore::V8DOMWindow::eventAccessorSetter): >+ > 2010-06-30 Antonio Gomes <tonikitoo@webkit.org> > > Reviewed by Simon Fraser. >diff --git a/WebCore/bindings/v8/ScriptController.cpp b/WebCore/bindings/v8/ScriptController.cpp >index cf2562f121b6495c0a3d6f960eaa4b3667f22385..78167362ec3f6ab45a52394f2dd623d46391d7da 100644 >--- a/WebCore/bindings/v8/ScriptController.cpp >+++ b/WebCore/bindings/v8/ScriptController.cpp >@@ -53,6 +53,7 @@ > #include "V8BindingState.h" > #include "V8DOMWindow.h" > #include "V8Event.h" >+#include "V8HiddenPropertyName.h" > #include "V8HTMLEmbedElement.h" > #include "V8IsolatedContext.h" > #include "V8NPObject.h" >@@ -160,16 +161,8 @@ void ScriptController::updatePlatformScriptObjects() > > bool ScriptController::processingUserGesture(DOMWrapperWorld*) const > { >- Frame* activeFrame = V8Proxy::retrieveFrameForEnteredContext(); >- // No script is running, so it is user-initiated unless the gesture stack >- // explicitly says it is not. >- if (!activeFrame) >- return UserGestureIndicator::getUserGestureState() != DefinitelyNotProcessingUserGesture; >- >- V8Proxy* activeProxy = activeFrame->script()->proxy(); >- > v8::HandleScope handleScope; >- v8::Handle<v8::Context> v8Context = V8Proxy::mainWorldContext(activeFrame); >+ v8::Handle<v8::Context> v8Context = m_proxy->mainWorldContext(); > // FIXME: find all cases context can be empty: > // 1) JS is disabled; > // 2) page is NULL; >@@ -179,7 +172,8 @@ bool ScriptController::processingUserGesture(DOMWrapperWorld*) const > v8::Context::Scope scope(v8Context); > > v8::Handle<v8::Object> global = v8Context->Global(); >- v8::Handle<v8::Value> jsEvent = global->Get(v8::String::NewSymbol("event")); >+ v8::Handle<v8::String> eventSymbol = V8HiddenPropertyName::event(); >+ v8::Handle<v8::Value> jsEvent = global->GetHiddenValue(eventSymbol); > Event* event = V8DOMWrapper::isValidDOMObject(jsEvent) ? V8Event::toNative(v8::Handle<v8::Object>::Cast(jsEvent)) : 0; > > // Based on code from JSC's ScriptController::processingUserGesture. >@@ -188,7 +182,7 @@ bool ScriptController::processingUserGesture(DOMWrapperWorld*) const > // Event::fromUserGesture will return false when UserGestureIndicator::processingUserGesture() returns false. > return event->fromUserGesture(); > } >- if (m_sourceURL && m_sourceURL->isNull() && !activeProxy->timerCallback()) { >+ if (m_sourceURL && m_sourceURL->isNull() && !m_proxy->timerCallback()) { > // This is the <a href="javascript:window.open('...')> case -> we let it through. > return true; > } >diff --git a/WebCore/bindings/v8/V8AbstractEventListener.cpp b/WebCore/bindings/v8/V8AbstractEventListener.cpp >index b6c53dfadae55df0f7d4f8143f8099922c965518..bda434575d3322d3ef646375a4ad581cb4aa5d43 100644 >--- a/WebCore/bindings/v8/V8AbstractEventListener.cpp >+++ b/WebCore/bindings/v8/V8AbstractEventListener.cpp >@@ -38,6 +38,7 @@ > #include "V8Binding.h" > #include "V8Event.h" > #include "V8EventListenerList.h" >+#include "V8HiddenPropertyName.h" > #include "V8Proxy.h" > #include "V8Utilities.h" > #include "WorkerContext.h" >@@ -126,7 +127,7 @@ void V8AbstractEventListener::invokeEventHandler(ScriptExecutionContext* context > return; > > // We push the event being processed into the global object, so that it can be exposed by DOMWindow's bindings. >- v8::Local<v8::String> eventSymbol = v8::String::NewSymbol("event"); >+ v8::Handle<v8::String> eventSymbol = V8HiddenPropertyName::event(); > v8::Local<v8::Value> returnValue; > > // In beforeunload/unload handlers, we want to avoid sleeps which do tight loops of calling Date.getTime(). >diff --git a/WebCore/bindings/v8/V8HiddenPropertyName.h b/WebCore/bindings/v8/V8HiddenPropertyName.h >index 0bfadd927c44ab3c54f6a21a9af4a6825548b289..2d0e8d6c44408796c775e640df953c2275593325 100644 >--- a/WebCore/bindings/v8/V8HiddenPropertyName.h >+++ b/WebCore/bindings/v8/V8HiddenPropertyName.h >@@ -41,7 +41,8 @@ namespace WebCore { > V(attributeListener) \ > V(scriptState) \ > V(sleepFunction) \ >- V(toStringString) >+ V(toStringString) \ >+ V(event) > > class V8HiddenPropertyName { > public: >diff --git a/WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp b/WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp >index e87df51ae930d40f644f409178dfd0a619a1d744..210e9747be285734e9705436a6025c8aa2886adc 100644 >--- a/WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp >+++ b/WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp >@@ -58,6 +58,7 @@ > #include "V8Database.h" > #include "V8DatabaseCallback.h" > #include "V8GCForContextDispose.h" >+#include "V8HiddenPropertyName.h" > #include "V8HTMLAudioElementConstructor.h" > #include "V8HTMLCollection.h" > #include "V8HTMLImageElementConstructor.h" >@@ -175,7 +176,7 @@ v8::Handle<v8::Value> V8DOMWindow::eventAccessorGetter(v8::Local<v8::String> nam > if (context.IsEmpty()) > return v8::Undefined(); > >- v8::Local<v8::String> eventSymbol = v8::String::NewSymbol("event"); >+ v8::Handle<v8::String> eventSymbol = V8HiddenPropertyName::event(); > v8::Handle<v8::Value> jsEvent = context->Global()->GetHiddenValue(eventSymbol); > if (jsEvent.IsEmpty()) > return v8::Undefined(); >@@ -196,7 +197,7 @@ void V8DOMWindow::eventAccessorSetter(v8::Local<v8::String> name, v8::Local<v8:: > if (context.IsEmpty()) > return; > >- v8::Local<v8::String> eventSymbol = v8::String::NewSymbol("event"); >+ v8::Handle<v8::String> eventSymbol = V8HiddenPropertyName::event(); > context->Global()->SetHiddenValue(eventSymbol, value); > } > >diff --git a/WebKit/chromium/ChangeLog b/WebKit/chromium/ChangeLog >index dcc3917c9ad3f35ea3286d3e64bdc80980d0ffb9..28fb431e0f374a3b26c9698da6e3176e0f96ca4f 100644 >--- a/WebKit/chromium/ChangeLog >+++ b/WebKit/chromium/ChangeLog >@@ -1,3 +1,13 @@ >+2010-06-30 Yury Semikhatsky <yurys@chromium.org> >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ [v8] Web Inspector: inspected page crashes on attempt to change iframe's src attribute >+ https://bugs.webkit.org/show_bug.cgi?id=41350 >+ >+ * src/WebBindings.cpp: >+ (WebKit::getEvent): >+ > 2010-06-25 Pavel Feldman <pfeldman@chromium.org> > > Reviewed by Yury Semikhatsky. >diff --git a/WebKit/chromium/src/WebBindings.cpp b/WebKit/chromium/src/WebBindings.cpp >index 2b20c0a34193e14602bcab67e401f7ca974070f4..3aaebfd6fa209650dc91421f2eb7bbf14fc15420 100644 >--- a/WebKit/chromium/src/WebBindings.cpp >+++ b/WebKit/chromium/src/WebBindings.cpp >@@ -45,6 +45,7 @@ > #include "V8DOMWrapper.h" > #include "V8Event.h" > #include "V8Helpers.h" >+#include "V8HiddenPropertyName.h" > #include "V8NPUtils.h" > #include "V8Proxy.h" > #include "V8Range.h" >@@ -208,8 +209,7 @@ void WebBindings::extractIdentifierData(const NPIdentifier& identifier, const NP > > static v8::Local<v8::Value> getEvent(const v8::Handle<v8::Context>& context) > { >- static v8::Persistent<v8::String> eventSymbol(v8::Persistent<v8::String>::New(v8::String::NewSymbol("event"))); >- return context->Global()->GetHiddenValue(eventSymbol); >+ return context->Global()->GetHiddenValue(V8HiddenPropertyName::event()); > } > > static bool getDragDataImpl(NPObject* npobj, int* eventId, WebDragData* data)
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=60118">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 41350
:
60025
| 60118