[webkit-changes] cvs commit: WebCore/layout-tests/fast/parser
remove-parser-current-node-expected.txt
remove-parser-current-node.html
Darin
darin at opensource.apple.com
Thu Sep 1 16:40:36 PDT 2005
darin 05/09/01 16:40:36
Modified: . ChangeLog
khtml/html htmlparser.cpp
Added: layout-tests/fast/parser
remove-parser-current-node-expected.txt
remove-parser-current-node.html
Log:
Reviewed by Maciej.
- fixed <rdar://problem/3524912> repro crash in KHTMLParser::parseToken, due to parser's current element being destroyed (www.gnnetcom.dk)
Test cases added:
* layout-tests/fast/parser/remove-parser-current-node.html: Added.
* layout-tests/fast/parser/remove-parser-current-node-expected.txt: Added.
* khtml/html/htmlparser.cpp: Changed block stack to hold a SharedPtr to the
nodes in the stack -- needed because they might be destroyed by JavaScript.
(HTMLParser::insertNode): Don't call attach() on the new node if the parent
node isn't also attached. This happens when the parent node is no longer in
the DOM tree because it was removed by JavaScript.
(HTMLParser::popNestedHeaderTag): Updated since node is now a SharedPtr.
(HTMLParser::handleResidualStyleCloseTagAcrossBlocks): Ditto.
(HTMLParser::popOneBlock): Ditto.
Revision Changes Path
1.73 +19 -0 WebCore/ChangeLog
Index: ChangeLog
===================================================================
RCS file: /cvs/root/WebCore/ChangeLog,v
retrieving revision 1.72
retrieving revision 1.73
diff -u -r1.72 -r1.73
--- ChangeLog 1 Sep 2005 18:57:53 -0000 1.72
+++ ChangeLog 1 Sep 2005 23:40:35 -0000 1.73
@@ -1,3 +1,22 @@
+2005-09-01 Darin Adler <darin at apple.com>
+
+ Reviewed by Maciej.
+
+ - fixed <rdar://problem/3524912> repro crash in KHTMLParser::parseToken, due to parser's current element being destroyed (www.gnnetcom.dk)
+
+ Test cases added:
+ * layout-tests/fast/parser/remove-parser-current-node.html: Added.
+ * layout-tests/fast/parser/remove-parser-current-node-expected.txt: Added.
+
+ * khtml/html/htmlparser.cpp: Changed block stack to hold a SharedPtr to the
+ nodes in the stack -- needed because they might be destroyed by JavaScript.
+ (HTMLParser::insertNode): Don't call attach() on the new node if the parent
+ node isn't also attached. This happens when the parent node is no longer in
+ the DOM tree because it was removed by JavaScript.
+ (HTMLParser::popNestedHeaderTag): Updated since node is now a SharedPtr.
+ (HTMLParser::handleResidualStyleCloseTagAcrossBlocks): Ditto.
+ (HTMLParser::popOneBlock): Ditto.
+
2005-09-01 Eric Seidel <eseidel at apple.com>
Reviewed by sullivan.
1.110 +10 -10 WebCore/khtml/html/htmlparser.cpp
Index: htmlparser.cpp
===================================================================
RCS file: /cvs/root/WebCore/khtml/html/htmlparser.cpp,v
retrieving revision 1.109
retrieving revision 1.110
diff -u -r1.109 -r1.110
--- htmlparser.cpp 31 Aug 2005 04:55:11 -0000 1.109
+++ htmlparser.cpp 1 Sep 2005 23:40:35 -0000 1.110
@@ -92,7 +92,7 @@
AtomicString tagName;
int level;
bool strayTableContent;
- NodeImpl* node;
+ SharedPtr<NodeImpl> node;
HTMLStackElem* next;
};
@@ -280,17 +280,17 @@
NodeImpl *newNode = current->addChild(n);
if (newNode) {
// don't push elements without end tags (e.g., <img>) on the stack
+ bool parentAttached = current->attached();
if (tagPriority > 0 && !flat) {
pushBlock(localName, tagPriority);
if (newNode == current)
popBlock(localName);
else
setCurrent(newNode);
- if (!n->attached() && HTMLWidget)
+ if (parentAttached && !n->attached() && HTMLWidget)
n->attach();
- }
- else {
- if (!n->attached() && HTMLWidget)
+ } else {
+ if (parentAttached && !n->attached() && HTMLWidget)
n->attach();
if (n->maintainsState()) {
doc()->registerMaintainsState(n);
@@ -882,7 +882,7 @@
}
if (currNode && !isInline(currNode))
return;
- currNode = curr->node;
+ currNode = curr->node.get();
}
}
@@ -990,9 +990,9 @@
if (!curr || !maxElem || !isAffectedByResidualStyle(maxElem->tagName)) return;
- NodeImpl* residualElem = prev->node;
- NodeImpl* blockElem = prevMaxElem ? prevMaxElem->node : current;
- NodeImpl* parentElem = elem->node;
+ NodeImpl* residualElem = prev->node.get();
+ NodeImpl* blockElem = prevMaxElem ? prevMaxElem->node.get() : current;
+ NodeImpl* parentElem = elem->node.get();
// Check to see if the reparenting that is going to occur is allowed according to the DOM.
// FIXME: We should either always allow it or perform an additional fixup instead of
@@ -1274,7 +1274,7 @@
}
blockStack = Elem->next;
- setCurrent(Elem->node);
+ setCurrent(Elem->node.get());
if (Elem->strayTableContent)
inStrayTableContent--;
1.1 WebCore/layout-tests/fast/parser/remove-parser-current-node-expected.txt
Index: remove-parser-current-node-expected.txt
===================================================================
If you can read this text, and the browser didn't crash, then we successfully removed the parser's current node.
1.1 WebCore/layout-tests/fast/parser/remove-parser-current-node.html
Index: remove-parser-current-node.html
===================================================================
<script>if (window.layoutTestController) layoutTestController.dumpAsText();</script>
<body id="body">
<p>
<script>document.getElementById("body").innerHTML = "If you can read this text, and the browser didn't crash, then we successfully removed the parser's current node.";</script>
<table>
</table>
</body>
More information about the webkit-changes
mailing list