[Webkit-unassigned] [Bug 21638] New: WebCore/page/FrameTree.cpp:find() dispatches form submissions to incorrect frame

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Oct 16 01:59:47 PDT 2008 

https://bugs.webkit.org/show_bug.cgi?id=21638

           Summary: WebCore/page/FrameTree.cpp:find() dispatches form
                    submissions to incorrect frame
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: All
               URL: http://dbeclipse.org/webkit/top.html
        OS/Version: All
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P2
         Component: Frames
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: webkit at johnholdsworth.com
                CC: webkit at johnholdsworth.com


Hi,

When two frames in a web application have the same name, on form submission the
frame first defined on the page is chosen as the target to load rather than the
frame "closest" to the submitting form in the frame tree. The other major
browsers: Firefox, IE etc use the closest frame. (See the URL
http://dbeclipse.org/webkit/top.html as an example - each form should submit
into its own enclosing frame)

A minor four line fix to FrameTree.cpp shown below is already available and is
about to be submitted under this bug report. 

To replicate create the following files:

top.html:
<html>
<frameset cols='50%,50%'>
<frame src='frame.html'>
<frame src='frame.html'>
</frameset>

frame.html:
<html>
<frameset rows='100,*'>
        <frame src='form.html'>
        <frame src='javascript: ""' name='out'>
</frameset>

form.html:
<html><body>
<form target=out action='http://www.google.com/search'>
Search for: <input name='q' value='webkit'>
<input type=submit value='Click me'></form>

On opening top.html both forms submit into the left hand side frame. After
applying the fix each form submits to the correct frame beneath the form. This
results in no regression according to the webkit-tests.

This fix would be useful in Web 2.0 applications, for example, those which
implement their own tabbed interface and have more than one frame with the same
name in different frames.

Patch is below:
--- WebCore/page/FrameTree.cpp  (revision 37618)
+++ WebCore/page/FrameTree.cpp  (working copy)
@@ -183,11 +183,13 @@ Frame* FrameTree::find(const AtomicStrin
     if (name == "_blank")
         return 0;

-    // Search subtree starting with this frame first.
-    for (Frame* frame = m_thisFrame; frame; frame =
frame->tree()->traverseNext(m_thisFrame))
-        if (frame->tree()->name() == name)
-            return frame;
-
+    // Search up tree starting with this frame first.
+    for (Frame* parent = m_thisFrame; parent; parent =
parent->tree()->parent())
+        for (Frame* frame = parent; frame; frame =
frame->tree()->traverseNext(parent))
+            if (frame->tree()->name() == name)
+                return frame;
+    
+       // page search may no longer be required...
     // Search the entire tree for this page next.
     Page* page = m_thisFrame->page();

Thanks for all your work.

Best Regards,

John Holdsworth


-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the webkit-unassigned mailing list