[webkit-changes] cvs commit: WebCore/khtml/rendering render_frames.cpp

Timothy thatcher at opensource.apple.com
Sat Nov 12 15:37:16 PST 2005


thatcher    05/11/12 15:37:16

  Modified:    .        Tag: Safari-2-0-branch ChangeLog
               khtml/rendering Tag: Safari-2-0-branch render_frames.cpp
  Log:
          Merged fix from TOT to Safari-2-0-branch
  
      2005-11-11  Eric Seidel  <eseidel at apple.com>
  
          Reviewed by mjs.
  
          Unfortunately both the Render and DOM trees will actually preform
          the load on <embed> <object> and <iframe> tags depending on the
          circumstances.  The <iframe> code path was missing a recursion
          check in the render tree.  I fixed that.  And improved the
          recursion checking for all tags.
          <rdar://problem/4187169> High CPU usage/hang occurs with Safari after loading cbsnews.com (also at cbs.com)
  
          * khtml/rendering/render_frames.cpp:
          (isURLAllowed): added, to prevent recursive loops
          (mapClassIdToServiceType): added, to simplify code
          (RenderPartObject::updateWidget): updated, to use above functions.
  
  Revision  Changes    Path
  No                   revision
  
  
  No                   revision
  
  
  1.1.2.58  +20 -0     WebCore/ChangeLog
  
  Index: ChangeLog
  ===================================================================
  RCS file: /cvs/root/WebCore/ChangeLog,v
  retrieving revision 1.1.2.57
  retrieving revision 1.1.2.58
  diff -u -r1.1.2.57 -r1.1.2.58
  --- ChangeLog	12 Nov 2005 01:57:10 -0000	1.1.2.57
  +++ ChangeLog	12 Nov 2005 23:37:09 -0000	1.1.2.58
  @@ -1,3 +1,23 @@
  +2005-11-12  Timothy Hatcher  <timothy at apple.com>
  +
  +        Merged fix from TOT to Safari-2-0-branch
  +
  +    2005-11-11  Eric Seidel  <eseidel at apple.com>
  +
  +        Reviewed by mjs.
  +
  +        Unfortunately both the Render and DOM trees will actually preform
  +        the load on <embed> <object> and <iframe> tags depending on the
  +        circumstances.  The <iframe> code path was missing a recursion
  +        check in the render tree.  I fixed that.  And improved the
  +        recursion checking for all tags.
  +        <rdar://problem/4187169> High CPU usage/hang occurs with Safari after loading cbsnews.com (also at cbs.com)
  +
  +        * khtml/rendering/render_frames.cpp:
  +        (isURLAllowed): added, to prevent recursive loops
  +        (mapClassIdToServiceType): added, to simplify code
  +        (RenderPartObject::updateWidget): updated, to use above functions.
  +
   2005-11-11  Timothy Hatcher  <timothy at apple.com>
   
           Merged fix from TOT to Safari-2-0-branch
  
  
  
  No                   revision
  
  
  No                   revision
  
  
  1.66.8.3  +57 -46    WebCore/khtml/rendering/render_frames.cpp
  
  Index: render_frames.cpp
  ===================================================================
  RCS file: /cvs/root/WebCore/khtml/rendering/render_frames.cpp,v
  retrieving revision 1.66.8.2
  retrieving revision 1.66.8.3
  diff -u -r1.66.8.2 -r1.66.8.3
  --- render_frames.cpp	10 Nov 2005 23:40:53 -0000	1.66.8.2
  +++ render_frames.cpp	12 Nov 2005 23:37:15 -0000	1.66.8.3
  @@ -664,6 +664,53 @@
       m_hasFallbackContent = false;
   }
   
  +static bool isURLAllowed(DOM::DocumentImpl *doc, const QString &url)
  +{
  +    KURL newURL(doc->completeURL(url));
  +    newURL.setRef(QString::null);
  +    
  +    if (doc->part()->topLevelFrameCount() >= 200)
  +	return false;
  +
  +    // We allow one level of self-reference because some sites depend on that.
  +    // But we don't allow more than one.
  +    bool foundSelfReference = false;
  +    for (KHTMLPart *part = doc->part(); part; part = part->parentPart()) {
  +        KURL partURL = part->url();
  +        partURL.setRef(QString::null);
  +        if (partURL == newURL) {
  +            if (foundSelfReference)
  +                return false;
  +            foundSelfReference = true;
  +        }
  +    }
  +    return true;
  +}
  +
  +static inline void mapClassIdToServiceType(const QString &classId, QString &serviceType)
  +{
  +    // It is ActiveX, but the nsplugin system handling
  +    // should also work, that's why we don't override the
  +    // serviceType with application/x-activex-handler
  +    // but let the KTrader in khtmlpart::createPart() detect
  +    // the user's preference: launch with activex viewer or
  +    // with nspluginviewer (Niko)
  +    if (classId.contains("D27CDB6E-AE6D-11cf-96B8-444553540000"))
  +        serviceType = "application/x-shockwave-flash";
  +    else if (classId.contains("CFCDAA03-8BE4-11cf-B84B-0020AFBBCCFA"))
  +        serviceType = "audio/x-pn-realaudio-plugin";
  +    else if (classId.contains("02BF25D5-8C17-4B23-BC80-D3488ABDDC6B"))
  +        serviceType = "video/quicktime";
  +    else if (classId.contains("166B1BCA-3F9C-11CF-8075-444553540000"))
  +        serviceType = "application/x-director";
  +    else if (classId.contains("6BF52A52-394A-11d3-B153-00C04F79FAA6"))
  +        serviceType = "application/x-mplayer2";
  +    else if (!classId.isEmpty())
  +        // We have a clsid, means this is activex (Niko)
  +        serviceType = "application/x-activex-handler";
  +    // TODO: add more plugins here
  +}
  +
   void RenderPartObject::updateWidget()
   {
     QString url;
  @@ -773,46 +820,14 @@
         }
         
         // If we still don't have a type, try to map from a specific CLASSID to a type.
  -      if (serviceType.isEmpty() && !o->classId.isEmpty()) {
  -          // It is ActiveX, but the nsplugin system handling
  -          // should also work, that's why we don't override the
  -          // serviceType with application/x-activex-handler
  -          // but let the KTrader in khtmlpart::createPart() detect
  -          // the user's preference: launch with activex viewer or
  -          // with nspluginviewer (Niko)          
  -          if (o->classId.contains("D27CDB6E-AE6D-11cf-96B8-444553540000")) {
  -              serviceType = "application/x-shockwave-flash";
  -          } else if (o->classId.contains("CFCDAA03-8BE4-11cf-B84B-0020AFBBCCFA")) {
  -              serviceType = "audio/x-pn-realaudio-plugin";
  -          } else if (o->classId.contains("02BF25D5-8C17-4B23-BC80-D3488ABDDC6B")) {
  -              serviceType = "video/quicktime";
  -          } else if (o->classId.contains("166B1BCA-3F9C-11CF-8075-444553540000")) {
  -              serviceType = "application/x-director";
  -          } else if (o->classId.contains("6BF52A52-394A-11d3-B153-00C04F79FAA6")) {
  -              serviceType = "application/x-mplayer2";
  -          } else {
  -              // We have a clsid, means this is activex (Niko)
  -              serviceType = "application/x-activex-handler";
  -          }
  -          // TODO: add more plugins here
  -      }
  +      if (serviceType.isEmpty() && !o->classId.isEmpty())
  +          mapClassIdToServiceType(o->classId, serviceType);
         
         // If no URL and type, abort.
  -      if (url.isEmpty() && serviceType.isEmpty()) {
  -#ifdef DEBUG_LAYOUT
  -          kdDebug() << "RenderPartObject::close - empty url and serverType" << endl;
  -#endif
  +      if (url.isEmpty() && serviceType.isEmpty())
             return;
  -      }
  -      // Avoid infinite recursion. If the plug-in's URL is the same as the part's URL, infinite frames may be created.
  -      if (!url.isEmpty() && part->completeURL(url) == part->baseURL()) {
  +      if (!isURLAllowed(document(), url))
             return;
  -      }
  -            
  -#if !APPLE_CHANGES      
  -      params.append( QString::fromLatin1("__KHTML__CLASSID=\"%1\"").arg( o->classId ) );
  -      params.append( QString::fromLatin1("__KHTML__CODEBASE=\"%1\"").arg( o->getAttribute(ATTR_CODEBASE).string() ) );
  -#endif
   
         // Find out if we support fallback content.
         m_hasFallbackContent = false;
  @@ -830,16 +845,11 @@
         url = o->url;
         serviceType = o->serviceType;
   
  -      if ( url.isEmpty() && serviceType.isEmpty() ) {
  -#ifdef DEBUG_LAYOUT
  -          kdDebug() << "RenderPartObject::close - empty url and serverType" << endl;
  -#endif
  +      if (url.isEmpty() && serviceType.isEmpty())
             return;
  -      }
  -      // Avoid infinite recursion. If the plug-in's URL is the same as the part's URL, infinite frames may be created.
  -      if (!url.isEmpty() && part->completeURL(url) == part->baseURL()) {
  +      if (!isURLAllowed(document(), url))
             return;
  -      }
  +      
         // add all attributes set on the embed object
         NamedAttrMapImpl* a = o->attributes();
         if (a) {
  @@ -854,9 +864,10 @@
         assert(element()->id() == ID_IFRAME);
         HTMLIFrameElementImpl *o = static_cast<HTMLIFrameElementImpl *>(element());
         url = o->url.string();
  -      if (url.isEmpty()) {
  +      if (!isURLAllowed(document(), url))
  +          return;
  +      if (url.isEmpty())
   	  url = "about:blank";
  -      }
         KHTMLView *v = static_cast<KHTMLView *>(m_view);
         bool requestSucceeded = v->part()->requestFrame( this, url, o->name.string(), QStringList(), QStringList(), true );
         if (requestSucceeded && url == "about:blank") {
  
  
  



More information about the webkit-changes mailing list