summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--third_party/WebKit/LayoutTests/ChangeLog15
-rw-r--r--third_party/WebKit/LayoutTests/fast/tokenizer/external-script-document-open-expected.txt3
-rw-r--r--third_party/WebKit/LayoutTests/fast/tokenizer/external-script-document-open.html2
-rw-r--r--third_party/WebKit/LayoutTests/fast/tokenizer/resources/external-script-document-open.js4
-rw-r--r--third_party/WebKit/LayoutTests/fast/tokenizer/resources/write-external-script-open.js2
-rw-r--r--third_party/WebKit/LayoutTests/fast/tokenizer/write-external-script-open-expected.txt3
-rw-r--r--third_party/WebKit/LayoutTests/fast/tokenizer/write-external-script-open.html11
-rw-r--r--third_party/WebKit/LayoutTests/fast/tokenizer/write-inline-script-open-expected.txt3
-rw-r--r--third_party/WebKit/LayoutTests/fast/tokenizer/write-inline-script-open.html11
-rw-r--r--third_party/WebKit/WebCore/ChangeLog18
-rw-r--r--third_party/WebKit/WebCore/dom/Document.cpp2
-rw-r--r--third_party/WebKit/WebCore/dom/xml_tokenizer.h1
-rw-r--r--third_party/WebKit/WebCore/html/HTMLTokenizer.cpp5
-rw-r--r--third_party/WebKit/WebCore/html/HTMLTokenizer.h1
-rw-r--r--third_party/WebKit/WebCore/kcanvas/device/quartz/KCanvasFilterQuartz.mm5
15 files changed, 78 insertions, 8 deletions
diff --git a/third_party/WebKit/LayoutTests/ChangeLog b/third_party/WebKit/LayoutTests/ChangeLog
index 029b7d3..3f0f5c6 100644
--- a/third_party/WebKit/LayoutTests/ChangeLog
+++ b/third_party/WebKit/LayoutTests/ChangeLog
@@ -1,3 +1,18 @@
+2006-03-20 Eric Seidel <eseidel@apple.com>
+
+ Reviewed by mjs.
+
+ Test for: <rdar://problem/4483882> REGRESSION (417.8-TOT): crash at yourmovies.com.au in WebCore::HTMLTokenizer::reset() + 92 (7818)
+
+ * fast/tokenizer/external-script-document-open-expected.txt: Added.
+ * fast/tokenizer/external-script-document-open.html: Added.
+ * fast/tokenizer/resources/external-script-document-open.js: Added.
+ * fast/tokenizer/resources/write-external-script-open.js: Added.
+ * fast/tokenizer/write-external-script-open-expected.txt: Added.
+ * fast/tokenizer/write-external-script-open.html: Added.
+ * fast/tokenizer/write-inline-script-open-expected.txt: Added.
+ * fast/tokenizer/write-inline-script-open.html: Added.
+
2006-03-20 Maciej Stachowiak <mjs@apple.com>
Reviewed by Adele.
diff --git a/third_party/WebKit/LayoutTests/fast/tokenizer/external-script-document-open-expected.txt b/third_party/WebKit/LayoutTests/fast/tokenizer/external-script-document-open-expected.txt
new file mode 100644
index 0000000..334f595
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/fast/tokenizer/external-script-document-open-expected.txt
@@ -0,0 +1,3 @@
+SUCCESS (1 of 2)
+
+SUCCESS (2 of 2)
diff --git a/third_party/WebKit/LayoutTests/fast/tokenizer/external-script-document-open.html b/third_party/WebKit/LayoutTests/fast/tokenizer/external-script-document-open.html
new file mode 100644
index 0000000..d6b403b
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/fast/tokenizer/external-script-document-open.html
@@ -0,0 +1,2 @@
+<p>SUCCESS (1 of 2)</p>
+<script type="text/javascript" src="resources/external-script-document-open.js"></script>
diff --git a/third_party/WebKit/LayoutTests/fast/tokenizer/resources/external-script-document-open.js b/third_party/WebKit/LayoutTests/fast/tokenizer/resources/external-script-document-open.js
new file mode 100644
index 0000000..418aa94
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/fast/tokenizer/resources/external-script-document-open.js
@@ -0,0 +1,4 @@
+if (window.layoutTestController)
+ layoutTestController.dumpAsText();
+document.open()
+document.write("SUCCESS (2 of 2)");
diff --git a/third_party/WebKit/LayoutTests/fast/tokenizer/resources/write-external-script-open.js b/third_party/WebKit/LayoutTests/fast/tokenizer/resources/write-external-script-open.js
new file mode 100644
index 0000000..1fc67e5
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/fast/tokenizer/resources/write-external-script-open.js
@@ -0,0 +1,2 @@
+document.open();
+document.write('<br>SUCCESS (2 of 2)<br>');
diff --git a/third_party/WebKit/LayoutTests/fast/tokenizer/write-external-script-open-expected.txt b/third_party/WebKit/LayoutTests/fast/tokenizer/write-external-script-open-expected.txt
new file mode 100644
index 0000000..b50027d
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/fast/tokenizer/write-external-script-open-expected.txt
@@ -0,0 +1,3 @@
+SUCCESS (1 of 2)
+SUCCESS (2 of 2)
+
diff --git a/third_party/WebKit/LayoutTests/fast/tokenizer/write-external-script-open.html b/third_party/WebKit/LayoutTests/fast/tokenizer/write-external-script-open.html
new file mode 100644
index 0000000..9c968db
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/fast/tokenizer/write-external-script-open.html
@@ -0,0 +1,11 @@
+<body onload="test()">
+FAILURE
+<script>
+if (window.layoutTestController)
+ layoutTestController.dumpAsText();
+function test()
+{
+ document.write("SUCCESS (1 of 2)<script src='resources/write-external-script-open.js'></scr" + "ipt>");
+}
+</script>
+</body>
diff --git a/third_party/WebKit/LayoutTests/fast/tokenizer/write-inline-script-open-expected.txt b/third_party/WebKit/LayoutTests/fast/tokenizer/write-inline-script-open-expected.txt
new file mode 100644
index 0000000..b50027d
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/fast/tokenizer/write-inline-script-open-expected.txt
@@ -0,0 +1,3 @@
+SUCCESS (1 of 2)
+SUCCESS (2 of 2)
+
diff --git a/third_party/WebKit/LayoutTests/fast/tokenizer/write-inline-script-open.html b/third_party/WebKit/LayoutTests/fast/tokenizer/write-inline-script-open.html
new file mode 100644
index 0000000..83d5b67
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/fast/tokenizer/write-inline-script-open.html
@@ -0,0 +1,11 @@
+<body onload="test()">
+FAILURE
+<script>
+if (window.layoutTestController)
+ layoutTestController.dumpAsText();
+function test()
+{
+ document.write("SUCCESS (1 of 2)<script>document.open(); document.write('<br>SUCCESS (2 of 2)<br>');</scr" + "ipt>");
+}
+</script>
+</body>
diff --git a/third_party/WebKit/WebCore/ChangeLog b/third_party/WebKit/WebCore/ChangeLog
index 14907a3..8c58d50 100644
--- a/third_party/WebKit/WebCore/ChangeLog
+++ b/third_party/WebKit/WebCore/ChangeLog
@@ -1,3 +1,21 @@
+2006-03-20 Eric Seidel <eseidel@apple.com>
+
+ Reviewed by mjs.
+
+ Fix tokenizer crash when document.open() is called from an external script:
+ <rdar://problem/4483882> REGRESSION (417.8-TOT): crash at yourmovies.com.au in WebCore::HTMLTokenizer::reset() + 92 (7818)
+
+ * dom/Document.cpp:
+ (WebCore::Document::open): Check to make sure the current tokenizer isn't executing a script
+ * dom/xml_tokenizer.h:
+ (WebCore::Tokenizer::executingScript): Add a way for others to know if scripts are executing.
+ * html/HTMLTokenizer.cpp:
+ (WebCore::HTMLTokenizer::scriptExecution): Wire into existing m_executingScript member var.
+ * html/HTMLTokenizer.h:
+ (WebCore::HTMLTokenizer::executingScript):
+ * kcanvas/device/quartz/KCanvasFilterQuartz.mm:
+ (WebCore::KCanvasFilterQuartz::prepareFilter): Unrelated code cleanup.
+
2006-03-20 Justin Garcia <justin.garcia@apple.com>
Reviewed by darin
diff --git a/third_party/WebKit/WebCore/dom/Document.cpp b/third_party/WebKit/WebCore/dom/Document.cpp
index 9153794..671bc11 100644
--- a/third_party/WebKit/WebCore/dom/Document.cpp
+++ b/third_party/WebKit/WebCore/dom/Document.cpp
@@ -1064,7 +1064,7 @@ Tokenizer *Document::createTokenizer()
void Document::open()
{
- if (frame() && frame()->isLoadingMainResource())
+ if ((frame() && frame()->isLoadingMainResource()) || (tokenizer() && tokenizer()->executingScript()))
return;
implicitOpen();
diff --git a/third_party/WebKit/WebCore/dom/xml_tokenizer.h b/third_party/WebKit/WebCore/dom/xml_tokenizer.h
index 72d49d2..590c00a 100644
--- a/third_party/WebKit/WebCore/dom/xml_tokenizer.h
+++ b/third_party/WebKit/WebCore/dom/xml_tokenizer.h
@@ -51,6 +51,7 @@ public:
virtual bool isWaitingForScripts() const = 0;
virtual void stopParsing() { m_parserStopped = true; }
virtual bool processingData() const { return false; }
+ virtual int executingScript() const { return 0; }
protected:
// The tokenizer has buffers, so parsing may continue even after
diff --git a/third_party/WebKit/WebCore/html/HTMLTokenizer.cpp b/third_party/WebKit/WebCore/html/HTMLTokenizer.cpp
index 78a7e57..3662a3b 100644
--- a/third_party/WebKit/WebCore/html/HTMLTokenizer.cpp
+++ b/third_party/WebKit/WebCore/html/HTMLTokenizer.cpp
@@ -490,11 +490,10 @@ HTMLTokenizer::State HTMLTokenizer::scriptExecution(const DeprecatedString& str,
// because we want to prepend to pendingSrc rather than appending
// if there's no previous prependingSrc
if (state.loadingExtScript()) {
- if (currentPrependingSrc) {
+ if (currentPrependingSrc)
currentPrependingSrc->append(prependingSrc);
- } else {
+ else
pendingSrc.prepend(prependingSrc);
- }
} else {
m_state = state;
write(prependingSrc, false);
diff --git a/third_party/WebKit/WebCore/html/HTMLTokenizer.h b/third_party/WebKit/WebCore/html/HTMLTokenizer.h
index b5a1186..25b7b95 100644
--- a/third_party/WebKit/WebCore/html/HTMLTokenizer.h
+++ b/third_party/WebKit/WebCore/html/HTMLTokenizer.h
@@ -95,6 +95,7 @@ public:
virtual bool isWaitingForScripts() const;
virtual void stopParsing();
virtual bool processingData() const;
+ virtual int executingScript() const { return m_executingScript; }
private:
class State;
diff --git a/third_party/WebKit/WebCore/kcanvas/device/quartz/KCanvasFilterQuartz.mm b/third_party/WebKit/WebCore/kcanvas/device/quartz/KCanvasFilterQuartz.mm
index ed4a7c1..189f8e9 100644
--- a/third_party/WebKit/WebCore/kcanvas/device/quartz/KCanvasFilterQuartz.mm
+++ b/third_party/WebKit/WebCore/kcanvas/device/quartz/KCanvasFilterQuartz.mm
@@ -81,12 +81,9 @@ KCanvasFilterQuartz::~KCanvasFilterQuartz()
void KCanvasFilterQuartz::prepareFilter(const FloatRect &bbox)
{
- if (bbox.isEmpty() || !KRenderingDeviceQuartz::filtersEnabled())
+ if (bbox.isEmpty() || !KRenderingDeviceQuartz::filtersEnabled() || m_effects.isEmpty())
return;
- if (m_effects.isEmpty())
- return;
-
CGContextRef cgContext = static_cast<KRenderingDeviceQuartz*>(renderingDevice())->currentCGContext();
// get a CIContext, and CGLayer for drawing in.
generated by cgit v1.1 at 2025-03-21 13:13:25 +0000