Bug 70164 - Make toHTMLElement fail to compile if you try to use it on an HTMLElement*
Summary: Make toHTMLElement fail to compile if you try to use it on an HTMLElement*
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: DOM (show other bugs)
Version: 528+ (Nightly build)
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Darin Adler
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-10-14 18:05 PDT by Darin Adler
Modified: 2011-10-15 13:14 PDT (History)
1 user (show)

See Also:

Attachments
Patch (9.79 KB, patch)
2011-10-14 18:09 PDT, Darin Adler 		no flags Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Darin Adler 2011-10-14 18:05:32 PDT 
Make toHTMLElement fail to compile if you try to use it on an HTMLElement*
Comment 1 Darin Adler 2011-10-14 18:09:53 PDT 
Created attachment 111118 [details]
Patch
Comment 2 Adam Barth 2011-10-14 22:53:15 PDT 
Comment on attachment 111118 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=111118&action=review

> Source/WebCore/bindings/js/JSHTMLFrameSetElementCustom.cpp:54
> +    if (Document* document = static_cast<HTMLFrameElement*>(frameElement)->contentDocument()) {

I know this is in the original code, but it's unclear to me what makes this cast safe.  It seems like you could add non HTMLFrameElement children to an HTMLFrameSetElement via the DOM (though not with the parser).
Comment 3 WebKit Review Bot 2011-10-15 00:58:32 PDT 
Comment on attachment 111118 [details]
Patch

Clearing flags on attachment: 111118

Committed r97551: <http://trac.webkit.org/changeset/97551>
Comment 4 WebKit Review Bot 2011-10-15 00:58:36 PDT 
All reviewed patches have been landed.  Closing bug.
Comment 5 Darin Adler 2011-10-15 13:14:18 PDT 
Comment on attachment 111118 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=111118&action=review

>> Source/WebCore/bindings/js/JSHTMLFrameSetElementCustom.cpp:54
>> +    if (Document* document = static_cast<HTMLFrameElement*>(frameElement)->contentDocument()) {
> 
> I know this is in the original code, but it's unclear to me what makes this cast safe.  It seems like you could add non HTMLFrameElement children to an HTMLFrameSetElement via the DOM (though not with the parser).

I had the same question. What makes this safe is that this function is only called if canGetItemsForName returns true. This function could repeat the logic, and I considered it, but there is no need for that.