[webkit-changes] cvs commit: WebCore/khtml/rendering
render_frames.cpp
Timothy
thatcher at opensource.apple.com
Sat Nov 12 15:36:04 PST 2005
thatcher 05/11/12 15:36:03
Modified: . Tag: Safari-1-3-branch ChangeLog
khtml/rendering Tag: Safari-1-3-branch render_frames.cpp
Log:
Merged fix from TOT to Safari-1-3-branch
2005-11-11 Eric Seidel <eseidel at apple.com>
Reviewed by mjs.
Unfortunately both the Render and DOM trees will actually preform
the load on <embed> <object> and <iframe> tags depending on the
circumstances. The <iframe> code path was missing a recursion
check in the render tree. I fixed that. And improved the
recursion checking for all tags.
<rdar://problem/4187169> High CPU usage/hang occurs with Safari after loading cbsnews.com (also at cbs.com)
* khtml/rendering/render_frames.cpp:
(isURLAllowed): added, to prevent recursive loops
(mapClassIdToServiceType): added, to simplify code
(RenderPartObject::updateWidget): updated, to use above functions.
Revision Changes Path
No revision
No revision
1.335.2.17 +20 -0 WebCore/ChangeLog
Index: ChangeLog
===================================================================
RCS file: /cvs/root/WebCore/ChangeLog,v
retrieving revision 1.335.2.16
retrieving revision 1.335.2.17
diff -u -r1.335.2.16 -r1.335.2.17
--- ChangeLog 12 Nov 2005 01:57:40 -0000 1.335.2.16
+++ ChangeLog 12 Nov 2005 23:35:55 -0000 1.335.2.17
@@ -1,3 +1,23 @@
+2005-11-12 Timothy Hatcher <timothy at apple.com>
+
+ Merged fix from TOT to Safari-1-3-branch
+
+ 2005-11-11 Eric Seidel <eseidel at apple.com>
+
+ Reviewed by mjs.
+
+ Unfortunately both the Render and DOM trees will actually preform
+ the load on <embed> <object> and <iframe> tags depending on the
+ circumstances. The <iframe> code path was missing a recursion
+ check in the render tree. I fixed that. And improved the
+ recursion checking for all tags.
+ <rdar://problem/4187169> High CPU usage/hang occurs with Safari after loading cbsnews.com (also at cbs.com)
+
+ * khtml/rendering/render_frames.cpp:
+ (isURLAllowed): added, to prevent recursive loops
+ (mapClassIdToServiceType): added, to simplify code
+ (RenderPartObject::updateWidget): updated, to use above functions.
+
2005-11-11 Timothy Hatcher <timothy at apple.com>
Merged fix from TOT to Safari-1-3-branch
No revision
No revision
1.66.6.1 +57 -46 WebCore/khtml/rendering/render_frames.cpp
Index: render_frames.cpp
===================================================================
RCS file: /cvs/root/WebCore/khtml/rendering/render_frames.cpp,v
retrieving revision 1.66
retrieving revision 1.66.6.1
diff -u -r1.66 -r1.66.6.1
--- render_frames.cpp 2 Mar 2005 01:38:17 -0000 1.66
+++ render_frames.cpp 12 Nov 2005 23:36:02 -0000 1.66.6.1
@@ -683,6 +683,53 @@
setInline(true);
}
+static bool isURLAllowed(DOM::DocumentImpl *doc, const QString &url)
+{
+ KURL newURL(doc->completeURL(url));
+ newURL.setRef(QString::null);
+
+ if (doc->part()->topLevelFrameCount() >= 200)
+ return false;
+
+ // We allow one level of self-reference because some sites depend on that.
+ // But we don't allow more than one.
+ bool foundSelfReference = false;
+ for (KHTMLPart *part = doc->part(); part; part = part->parentPart()) {
+ KURL partURL = part->url();
+ partURL.setRef(QString::null);
+ if (partURL == newURL) {
+ if (foundSelfReference)
+ return false;
+ foundSelfReference = true;
+ }
+ }
+ return true;
+}
+
+static inline void mapClassIdToServiceType(const QString &classId, QString &serviceType)
+{
+ // It is ActiveX, but the nsplugin system handling
+ // should also work, that's why we don't override the
+ // serviceType with application/x-activex-handler
+ // but let the KTrader in khtmlpart::createPart() detect
+ // the user's preference: launch with activex viewer or
+ // with nspluginviewer (Niko)
+ if (classId.contains("D27CDB6E-AE6D-11cf-96B8-444553540000"))
+ serviceType = "application/x-shockwave-flash";
+ else if (classId.contains("CFCDAA03-8BE4-11cf-B84B-0020AFBBCCFA"))
+ serviceType = "audio/x-pn-realaudio-plugin";
+ else if (classId.contains("02BF25D5-8C17-4B23-BC80-D3488ABDDC6B"))
+ serviceType = "video/quicktime";
+ else if (classId.contains("166B1BCA-3F9C-11CF-8075-444553540000"))
+ serviceType = "application/x-director";
+ else if (classId.contains("6BF52A52-394A-11d3-B153-00C04F79FAA6"))
+ serviceType = "application/x-mplayer2";
+ else if (!classId.isEmpty())
+ // We have a clsid, means this is activex (Niko)
+ serviceType = "application/x-activex-handler";
+ // TODO: add more plugins here
+}
+
void RenderPartObject::updateWidget()
{
QString url;
@@ -790,46 +837,14 @@
}
// If we still don't have a type, try to map from a specific CLASSID to a type.
- if (serviceType.isEmpty() && !o->classId.isEmpty()) {
- // It is ActiveX, but the nsplugin system handling
- // should also work, that's why we don't override the
- // serviceType with application/x-activex-handler
- // but let the KTrader in khtmlpart::createPart() detect
- // the user's preference: launch with activex viewer or
- // with nspluginviewer (Niko)
- if (o->classId.contains("D27CDB6E-AE6D-11cf-96B8-444553540000")) {
- serviceType = "application/x-shockwave-flash";
- } else if (o->classId.contains("CFCDAA03-8BE4-11cf-B84B-0020AFBBCCFA")) {
- serviceType = "audio/x-pn-realaudio-plugin";
- } else if (o->classId.contains("02BF25D5-8C17-4B23-BC80-D3488ABDDC6B")) {
- serviceType = "video/quicktime";
- } else if (o->classId.contains("166B1BCA-3F9C-11CF-8075-444553540000")) {
- serviceType = "application/x-director";
- } else if (o->classId.contains("6BF52A52-394A-11d3-B153-00C04F79FAA6")) {
- serviceType = "application/x-mplayer2";
- } else {
- // We have a clsid, means this is activex (Niko)
- serviceType = "application/x-activex-handler";
- }
- // TODO: add more plugins here
- }
+ if (serviceType.isEmpty() && !o->classId.isEmpty())
+ mapClassIdToServiceType(o->classId, serviceType);
// If no URL and type, abort.
- if (url.isEmpty() && serviceType.isEmpty()) {
-#ifdef DEBUG_LAYOUT
- kdDebug() << "RenderPartObject::close - empty url and serverType" << endl;
-#endif
+ if (url.isEmpty() && serviceType.isEmpty())
return;
- }
- // Avoid infinite recursion. If the plug-in's URL is the same as the part's URL, infinite frames may be created.
- if (!url.isEmpty() && part->completeURL(url) == part->baseURL()) {
+ if (!isURLAllowed(document(), url))
return;
- }
-
-#if !APPLE_CHANGES
- params.append( QString::fromLatin1("__KHTML__CLASSID=\"%1\"").arg( o->classId ) );
- params.append( QString::fromLatin1("__KHTML__CODEBASE=\"%1\"").arg( o->getAttribute(ATTR_CODEBASE).string() ) );
-#endif
part->requestObject( this, url, serviceType, paramNames, paramValues );
} else if ( element()->id() == ID_EMBED ) {
@@ -838,16 +853,11 @@
url = o->url;
serviceType = o->serviceType;
- if ( url.isEmpty() && serviceType.isEmpty() ) {
-#ifdef DEBUG_LAYOUT
- kdDebug() << "RenderPartObject::close - empty url and serverType" << endl;
-#endif
+ if (url.isEmpty() && serviceType.isEmpty())
return;
- }
- // Avoid infinite recursion. If the plug-in's URL is the same as the part's URL, infinite frames may be created.
- if (!url.isEmpty() && part->completeURL(url) == part->baseURL()) {
+ if (!isURLAllowed(document(), url))
return;
- }
+
// add all attributes set on the embed object
NamedAttrMapImpl* a = o->attributes();
if (a) {
@@ -862,9 +872,10 @@
assert(element()->id() == ID_IFRAME);
HTMLIFrameElementImpl *o = static_cast<HTMLIFrameElementImpl *>(element());
url = o->url.string();
- if (url.isEmpty()) {
+ if (!isURLAllowed(document(), url))
+ return;
+ if (url.isEmpty())
url = "about:blank";
- }
KHTMLView *v = static_cast<KHTMLView *>(m_view);
bool requestSucceeded = v->part()->requestFrame( this, url, o->name.string(), QStringList(), QStringList(), true );
if (requestSucceeded && url == "about:blank") {
More information about the webkit-changes
mailing list