+2012-02-01 Ryosuke Niwa <rniwa@webkit.org>
+
+ Crash in EventHandler::updateDragAndDrop
+ https://bugs.webkit.org/show_bug.cgi?id=77569
+
+ Reviewed by Alexey Proskuryakov.
+
+ * fast/events/remove-target-with-shadow-in-drag-expected.txt: Added.
+ * fast/events/remove-target-with-shadow-in-drag.html: Added.
+
2012-02-01 Szilard Ledan <Ledan-Muntean.Szilard@stud.u-szeged.hu>
Fixed some lines in the date-constructor.js test.
--- /dev/null
+<!DOCTYPE html>
+<html>
+<body>
+<script>
+
+if (!window.layoutTestController)
+ document.writeln("This crash test needs to be ran inside DumpRenderTree");
+
+var target;
+
+function startTest() {
+ if (!window.layoutTestController)
+ return;
+
+ layoutTestController.dumpAsText();
+
+ function mouseMoveToCenterOfElement(element) {
+ eventSender.mouseMoveTo(element.offsetLeft + element.offsetWidth / 2, element.offsetTop + element.offsetHeight / 2);
+ }
+
+ var src = document.getElementById('src');
+ mouseMoveToCenterOfElement(src);
+ eventSender.mouseDown();
+ eventSender.leapForward(200);
+
+ target = document.getElementById('target');
+ eventSender.mouseMoveTo(target.offsetLeft + 5, target.offsetTop + 5);
+ eventSender.mouseUp();
+
+ document.body.innerHTML = "PASS. DRT didn't crash."
+}
+
+function trigger() {
+ document.body.removeChild(target);
+ target = null;
+ if (window.GCController)
+ GCController.collect();
+}
+
+</script>
+<img id="src" src="resources/abe.png" onload="startTest()" draggable="true" ondrag="trigger();">
+<textarea id="target" style="width: 500px; height: 500px;">Dropzone</textarea>
+</body>
+</html>
+2012-02-01 Ryosuke Niwa <rniwa@webkit.org>
+
+ Crash in EventHandler::updateDragAndDrop
+ https://bugs.webkit.org/show_bug.cgi?id=77569
+
+ Reviewed by Alexey Proskuryakov.
+
+ Test: fast/events/remove-target-with-shadow-in-drag.html
+
+ * page/EventHandler.cpp:
+ (WebCore::EventHandler::updateDragAndDrop):
+
2012-02-01 Sheriff Bot <webkit.review.bot@gmail.com>
Unreviewed, rolling out r106382.
MouseEventWithHitTestResults mev = prepareMouseEvent(request, event);
// Drag events should never go to text nodes (following IE, and proper mouseover/out dispatch)
- Node* newTarget = targetNode(mev);
+ RefPtr<Node> newTarget = targetNode(mev);
if (newTarget && newTarget->isTextNode())
newTarget = newTarget->parentNode();
if (newTarget)
//
// Moreover, this ordering conforms to section 7.9.4 of the HTML 5 spec. <http://dev.w3.org/html5/spec/Overview.html#drag-and-drop-processing-model>.
Frame* targetFrame;
- if (targetIsFrame(newTarget, targetFrame)) {
+ if (targetIsFrame(newTarget.get(), targetFrame)) {
if (targetFrame)
accept = targetFrame->eventHandler()->updateDragAndDrop(event, clipboard);
} else if (newTarget) {
// for now we don't care if event handler cancels default behavior, since there is none
dispatchDragSrcEvent(eventNames().dragEvent, event);
}
- accept = dispatchDragEvent(eventNames().dragenterEvent, newTarget, event, clipboard);
+ accept = dispatchDragEvent(eventNames().dragenterEvent, newTarget.get(), event, clipboard);
if (!accept)
- accept = findDropZone(newTarget, clipboard);
+ accept = findDropZone(newTarget.get(), clipboard);
}
if (targetIsFrame(m_dragTarget.get(), targetFrame)) {
}
} else {
Frame* targetFrame;
- if (targetIsFrame(newTarget, targetFrame)) {
+ if (targetIsFrame(newTarget.get(), targetFrame)) {
if (targetFrame)
accept = targetFrame->eventHandler()->updateDragAndDrop(event, clipboard);
} else if (newTarget) {
// for now we don't care if event handler cancels default behavior, since there is none
dispatchDragSrcEvent(eventNames().dragEvent, event);
}
- accept = dispatchDragEvent(eventNames().dragoverEvent, newTarget, event, clipboard);
+ accept = dispatchDragEvent(eventNames().dragoverEvent, newTarget.get(), event, clipboard);
if (!accept)
- accept = findDropZone(newTarget, clipboard);
+ accept = findDropZone(newTarget.get(), clipboard);
m_shouldOnlyFireDragOverEvent = false;
}
}
projects / profile / ivi / webkit-efl.git / commitdiff