From 73a06dfacf0ee6bc676418ba8fd8c55e66e3749e Mon Sep 17 00:00:00 2001 From: "rniwa@webkit.org" Date: Fri, 29 Jun 2012 06:38:42 +0000 Subject: [PATCH] DOMHTMLCollection::item may return a wrong element after namedItem is called https://bugs.webkit.org/show_bug.cgi?id=90240 Reviewed by Antti Koivisto. Source/WebCore: The bug was caused by namedItem updating m_cache.current without updating m_cache.position. Fixed the bug by updating both. This is similar to the bug I fixed in r121478. WebKit API Test: WebKit1.HTMLCollectionNamedItemTest * html/HTMLCollection.cpp: (WebCore::HTMLCollection::namedItem): Tools: Add a WebKit API test since namedItem is not used in the JS/V8 binding code. * TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj: * TestWebKitAPI/Tests/mac/HTMLCollectionNamedItem.html: Copied from Tools/TestWebKitAPI/Tests/mac/HTMLFormCollectionNamedItem.html. * TestWebKitAPI/Tests/mac/HTMLCollectionNamedItem.mm: Copied from Tools/TestWebKitAPI/Tests/mac/HTMLFormCollectionNamedItem.mm. (TestWebKitAPI::TEST): git-svn-id: http://svn.webkit.org/repository/webkit/trunk@121521 268f45cc-cd09-0410-ab3c-d52691b4dbfc --- Source/WebCore/ChangeLog | 15 ++++ Source/WebCore/html/HTMLCollection.cpp | 7 +- Tools/ChangeLog | 14 ++++ .../TestWebKitAPI.xcodeproj/project.pbxproj | 8 +++ .../Tests/mac/HTMLCollectionNamedItem.html | 9 +++ .../Tests/mac/HTMLCollectionNamedItem.mm | 80 ++++++++++++++++++++++ 6 files changed, 132 insertions(+), 1 deletion(-) create mode 100644 Tools/TestWebKitAPI/Tests/mac/HTMLCollectionNamedItem.html create mode 100644 Tools/TestWebKitAPI/Tests/mac/HTMLCollectionNamedItem.mm diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog index a10790b..388e309 100644 --- a/Source/WebCore/ChangeLog +++ b/Source/WebCore/ChangeLog @@ -1,3 +1,18 @@ +2012-06-28 Ryosuke Niwa + + DOMHTMLCollection::item may return a wrong element after namedItem is called + https://bugs.webkit.org/show_bug.cgi?id=90240 + + Reviewed by Antti Koivisto. + + The bug was caused by namedItem updating m_cache.current without updating m_cache.position. + Fixed the bug by updating both. This is similar to the bug I fixed in r121478. + + WebKit API Test: WebKit1.HTMLCollectionNamedItemTest + + * html/HTMLCollection.cpp: + (WebCore::HTMLCollection::namedItem): + 2012-06-28 Kentaro Hara Change argument types of Element::getAttribute*() from String to AtomicString diff --git a/Source/WebCore/html/HTMLCollection.cpp b/Source/WebCore/html/HTMLCollection.cpp index 64dfb4c..97746dc 100644 --- a/Source/WebCore/html/HTMLCollection.cpp +++ b/Source/WebCore/html/HTMLCollection.cpp @@ -263,21 +263,26 @@ Node* HTMLCollection::namedItem(const AtomicString& name) const // that are allowed a name attribute. invalidateCacheIfNeeded(); + unsigned i = 0; for (Element* e = itemAfter(0); e; e = itemAfter(e)) { if (checkForNameMatch(e, /* checkName */ false, name)) { m_cache.current = e; + m_cache.position = i; return e; } + i++; } + i = 0; for (Element* e = itemAfter(0); e; e = itemAfter(e)) { if (checkForNameMatch(e, /* checkName */ true, name)) { m_cache.current = e; + m_cache.position = i; return e; } + i++; } - m_cache.current = 0; return 0; } diff --git a/Tools/ChangeLog b/Tools/ChangeLog index d2e216f..07aff67 100644 --- a/Tools/ChangeLog +++ b/Tools/ChangeLog @@ -1,3 +1,17 @@ +2012-06-28 Ryosuke Niwa + + DOMHTMLCollection::item may return a wrong element after namedItem is called + https://bugs.webkit.org/show_bug.cgi?id=90240 + + Reviewed by Antti Koivisto. + + Add a WebKit API test since namedItem is not used in the JS/V8 binding code. + + * TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj: + * TestWebKitAPI/Tests/mac/HTMLCollectionNamedItem.html: Copied from Tools/TestWebKitAPI/Tests/mac/HTMLFormCollectionNamedItem.html. + * TestWebKitAPI/Tests/mac/HTMLCollectionNamedItem.mm: Copied from Tools/TestWebKitAPI/Tests/mac/HTMLFormCollectionNamedItem.mm. + (TestWebKitAPI::TEST): + 2012-06-28 Dirk Pranke nrwt: remove the 'google-chrome' port code diff --git a/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj b/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj index bdfb3ac..f75a207 100644 --- a/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj +++ b/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj @@ -73,6 +73,8 @@ 93F7E86F14DC8E5C00C84A99 /* NewFirstVisuallyNonEmptyLayoutFrames_Bundle.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 93F7E86E14DC8E5B00C84A99 /* NewFirstVisuallyNonEmptyLayoutFrames_Bundle.cpp */; }; 9B26FC6C159D061000CC3765 /* HTMLFormCollectionNamedItem.mm in Sources */ = {isa = PBXBuildFile; fileRef = 9B26FC6B159D061000CC3765 /* HTMLFormCollectionNamedItem.mm */; }; 9B26FCCA159D16DE00CC3765 /* HTMLFormCollectionNamedItem.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = 9B26FCB4159D15E700CC3765 /* HTMLFormCollectionNamedItem.html */; }; + 9B4F8FA4159D52B1002D9F94 /* HTMLCollectionNamedItem.mm in Sources */ = {isa = PBXBuildFile; fileRef = 9B4F8FA3159D52B1002D9F94 /* HTMLCollectionNamedItem.mm */; }; + 9B4F8FA7159D52DD002D9F94 /* HTMLCollectionNamedItem.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = 9B4F8FA6159D52CA002D9F94 /* HTMLCollectionNamedItem.html */; }; A7A966DB140ECCC8005EF9B4 /* CheckedArithmeticOperations.cpp in Sources */ = {isa = PBXBuildFile; fileRef = A7A966DA140ECCC8005EF9B4 /* CheckedArithmeticOperations.cpp */; }; B55F11A01516834F00915916 /* AttributedString.mm in Sources */ = {isa = PBXBuildFile; fileRef = B55F119F1516834F00915916 /* AttributedString.mm */; }; B55F11B71517D03300915916 /* attributedStringCustomFont.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = B55F11B01517A2C400915916 /* attributedStringCustomFont.html */; }; @@ -188,6 +190,7 @@ B55F11B71517D03300915916 /* attributedStringCustomFont.html in Copy Resources */, 76E182DF154767E600F1FADD /* auto-submitting-form.html in Copy Resources */, 5142B2731517C8C800C32B19 /* ContextMenuCanCopyURL.html in Copy Resources */, + 9B4F8FA7159D52DD002D9F94 /* HTMLCollectionNamedItem.html in Copy Resources */, 9B26FCCA159D16DE00CC3765 /* HTMLFormCollectionNamedItem.html in Copy Resources */, E1220DCA155B28AA0013E2FC /* MemoryCacheDisableWithinResourceLoadDelegate.html in Copy Resources */, 517E7E04151119C100D0B008 /* MemoryCachePruneWithinResourceLoadDelegate.html in Copy Resources */, @@ -284,6 +287,8 @@ 93F7E86E14DC8E5B00C84A99 /* NewFirstVisuallyNonEmptyLayoutFrames_Bundle.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = NewFirstVisuallyNonEmptyLayoutFrames_Bundle.cpp; sourceTree = ""; }; 9B26FC6B159D061000CC3765 /* HTMLFormCollectionNamedItem.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = HTMLFormCollectionNamedItem.mm; sourceTree = ""; }; 9B26FCB4159D15E700CC3765 /* HTMLFormCollectionNamedItem.html */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.html; path = HTMLFormCollectionNamedItem.html; sourceTree = ""; }; + 9B4F8FA3159D52B1002D9F94 /* HTMLCollectionNamedItem.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = HTMLCollectionNamedItem.mm; sourceTree = ""; }; + 9B4F8FA6159D52CA002D9F94 /* HTMLCollectionNamedItem.html */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.html; path = HTMLCollectionNamedItem.html; sourceTree = ""; }; A7A966DA140ECCC8005EF9B4 /* CheckedArithmeticOperations.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = CheckedArithmeticOperations.cpp; path = WTF/CheckedArithmeticOperations.cpp; sourceTree = ""; }; B55F119F1516834F00915916 /* AttributedString.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = AttributedString.mm; sourceTree = ""; }; B55F11B01517A2C400915916 /* attributedStringCustomFont.html */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.html; path = attributedStringCustomFont.html; sourceTree = ""; }; @@ -663,6 +668,7 @@ C07E6CAE13FD67650038B22B /* DynamicDeviceScaleFactor.mm */, 3776BC62150946BC0043A66D /* DeviceScaleFactorInDashboardRegions.mm */, 939BA91614103412001A01BD /* DeviceScaleFactorOnBack.mm */, + 9B4F8FA3159D52B1002D9F94 /* HTMLCollectionNamedItem.mm */, 9B26FC6B159D061000CC3765 /* HTMLFormCollectionNamedItem.mm */, C507E8A614C6545B005D6B3B /* InspectorBar.mm */, E1220D9F155B25480013E2FC /* MemoryCacheDisableWithinResourceLoadDelegate.mm */, @@ -687,6 +693,7 @@ 379028B814FABE49007E6B43 /* acceptsFirstMouse.html */, 5142B2721517C89100C32B19 /* ContextMenuCanCopyURL.html */, 37DC678F140D7D3A00ABCCDB /* DOMRangeOfString.html */, + 9B4F8FA6159D52CA002D9F94 /* HTMLCollectionNamedItem.html */, 9B26FCB4159D15E700CC3765 /* HTMLFormCollectionNamedItem.html */, E1220DC9155B287D0013E2FC /* MemoryCacheDisableWithinResourceLoadDelegate.html */, 517E7E031511187500D0B008 /* MemoryCachePruneWithinResourceLoadDelegate.html */, @@ -899,6 +906,7 @@ 51E93017156B13E1004C99DF /* WKPageGetScaleFactorNotZero.cpp in Sources */, 52B8CF9615868CF000281053 /* SetDocumentURI.mm in Sources */, 9B26FC6C159D061000CC3765 /* HTMLFormCollectionNamedItem.mm in Sources */, + 9B4F8FA4159D52B1002D9F94 /* HTMLCollectionNamedItem.mm in Sources */, ); runOnlyForDeploymentPostprocessing = 0; }; diff --git a/Tools/TestWebKitAPI/Tests/mac/HTMLCollectionNamedItem.html b/Tools/TestWebKitAPI/Tests/mac/HTMLCollectionNamedItem.html new file mode 100644 index 0000000..c0205b6 --- /dev/null +++ b/Tools/TestWebKitAPI/Tests/mac/HTMLCollectionNamedItem.html @@ -0,0 +1,9 @@ + + + + + + + + + diff --git a/Tools/TestWebKitAPI/Tests/mac/HTMLCollectionNamedItem.mm b/Tools/TestWebKitAPI/Tests/mac/HTMLCollectionNamedItem.mm new file mode 100644 index 0000000..50aafee --- /dev/null +++ b/Tools/TestWebKitAPI/Tests/mac/HTMLCollectionNamedItem.mm @@ -0,0 +1,80 @@ +/* + * Copyright (C) 2012 Apple Inc. All rights reserved. + * Copyright (C) 2012 Google Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS'' + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, + * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF + * THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "config.h" +#include "PlatformUtilities.h" +#include "PlatformWebView.h" +#include + +#import +#import + +@interface HTMLCollectionNamedItemTest : NSObject { +} +@end + +static bool didFinishLoad; + +@implementation HTMLCollectionNamedItemTest + +- (void)webView:(WebView *)sender didFinishLoadForFrame:(WebFrame *)frame +{ + didFinishLoad = true; +} +@end + +namespace TestWebKitAPI { + +TEST(WebKit1, HTMLCollectionNamedItemTest) +{ + RetainPtr webView(AdoptNS, [[WebView alloc] initWithFrame:NSMakeRect(0, 0, 120, 200) frameName:nil groupName:nil]); + RetainPtr testController(AdoptNS, [HTMLCollectionNamedItemTest new]); + + webView.get().frameLoadDelegate = testController.get(); + [[webView.get() mainFrame] loadRequest:[NSURLRequest requestWithURL:[[NSBundle mainBundle] + URLForResource:@"HTMLCollectionNamedItem" withExtension:@"html" subdirectory:@"TestWebKitAPI.resources"]]]; + + Util::run(&didFinishLoad); + didFinishLoad = false; + + DOMDocument *document = webView.get().mainFrameDocument; + RetainPtr collection = [[document body] children]; + + EXPECT_EQ([collection.get() length], (unsigned)4); + EXPECT_WK_STREQ([[collection.get() item:0] value], @"firstItem"); + EXPECT_WK_STREQ([[collection.get() item:1] value], @"secondItem"); + EXPECT_WK_STREQ([[collection.get() namedItem:@"idForTwoTextFields"] value], @"firstItem"); + EXPECT_WK_STREQ([[collection.get() item:1] value], @"secondItem"); + EXPECT_WK_STREQ([[collection.get() item:0] value], @"firstItem"); + + EXPECT_WK_STREQ([(DOMHTMLElement*)[collection.get() item:2] title], @"thirdItem"); + EXPECT_WK_STREQ([(DOMHTMLElement*)[collection.get() item:3] title], @"fourthItem"); + EXPECT_WK_STREQ([(DOMHTMLElement*)[collection.get() namedItem:@"nameForTwoImages"] title], @"thirdItem"); + EXPECT_WK_STREQ([(DOMHTMLElement*)[collection.get() item:3] title], @"fourthItem"); + EXPECT_WK_STREQ([(DOMHTMLElement*)[collection.get() item:2] title], @"thirdItem"); +} + +} // namespace TestWebKitAPI -- 2.7.4