diff options
5 files changed, 77 insertions, 1 deletions
diff --git a/third_party/WebKit/LayoutTests/ChangeLog b/third_party/WebKit/LayoutTests/ChangeLog index ecd9ffa..0d33baf 100644 --- a/third_party/WebKit/LayoutTests/ChangeLog +++ b/third_party/WebKit/LayoutTests/ChangeLog @@ -1,3 +1,13 @@ +2007-03-29 Mitz Pettel <mitz@webkit.org> + + Reviewed by Darin. + + - test for http://bugs.webkit.org/show_bug.cgi?id=13166 + REGRESSION (2005-10-16 - 2005-10-19): Ampersands showing up in the last column of the Gmail contacts table + + * fast/tokenizer/write-partial-entity-expected.txt: Added. + * fast/tokenizer/write-partial-entity.html: Added. + 2007-03-29 Justin Garcia <justin.garcia@apple.com> Reviewed by john diff --git a/third_party/WebKit/LayoutTests/fast/tokenizer/write-partial-entity-expected.txt b/third_party/WebKit/LayoutTests/fast/tokenizer/write-partial-entity-expected.txt new file mode 100644 index 0000000..9931f3d --- /dev/null +++ b/third_party/WebKit/LayoutTests/fast/tokenizer/write-partial-entity-expected.txt @@ -0,0 +1,20 @@ +Test for http://bugs.webkit.org/show_bug.cgi?id=13166 REGRESSION (2005-10-16 - 2005-10-19): Ampersands showing up in the last column of the Gmail contacts table. + +The following lines should all say “1 < 2”. They should not contain ampersands. + +1 < 2 +1 < 2 +1 < 2 +1 < 2 +1 < 2 +1 < 2 +1 < 2 +1 < 2 +1 < 2 +1 < 2 +1 < 2 +1 < 2 +1 < 2 +1 < 2 +1 < 2 + diff --git a/third_party/WebKit/LayoutTests/fast/tokenizer/write-partial-entity.html b/third_party/WebKit/LayoutTests/fast/tokenizer/write-partial-entity.html new file mode 100644 index 0000000..9ccd3b4 --- /dev/null +++ b/third_party/WebKit/LayoutTests/fast/tokenizer/write-partial-entity.html @@ -0,0 +1,33 @@ +<html> +<head> + <title></title> + <script> + if (window.layoutTestController) + layoutTestController.dumpAsText(); + </script> +</head> +<body> + <p> + Test for <i><a href="http://bugs.webkit.org/show_bug.cgi?id=13166">http://bugs.webkit.org/show_bug.cgi?id=13166</a> + REGRESSION (2005-10-16 - 2005-10-19): Ampersands showing up in the last column of the Gmail contacts table</i>. + </p> + <p> + The following lines should all say “1 < 2”. They should not contain ampersands. + </p> + 1 <script>document.write("<")</script>; 2<br> + 1 <script>document.write("&l")</script>t; 2<br> + 1 <script>document.write("&")</script>lt; 2<br> + 1 <script>document.write("&")</script>#x3c; 2<br> + 1 <script>document.write("&#")</script>x3c; 2<br> + 1 <script>document.write("&#x")</script>3c; 2<br> + 1 <script>document.write("")</script>c; 2<br> + 1 <script>document.write("<")</script>; 2<br> + 1 <script>document.write("<")</script> 2<br> + 1 <script>document.write("&")</script>#x3c; 2<br> + 1 <script>document.write("&")</script>#60; 2<br> + 1 <script>document.write("&#")</script>60; 2<br> + 1 <script>document.write("")</script>0; 2<br> + 1 <script>document.write("<")</script>; 2<br> + 1 <script>document.write("<")</script> 2<br> +</body> +</html> diff --git a/third_party/WebKit/WebCore/ChangeLog b/third_party/WebKit/WebCore/ChangeLog index ecb0c36..7ad47f0 100644 --- a/third_party/WebKit/WebCore/ChangeLog +++ b/third_party/WebKit/WebCore/ChangeLog @@ -1,3 +1,16 @@ +2007-03-29 Mitz Pettel <mitz@webkit.org> + + Reviewed by Darin. + + - fix http://bugs.webkit.org/show_bug.cgi?id=13166 + REGRESSION (2005-10-16 - 2005-10-19): Ampersands showing up in the last column of the Gmail contacts table + + Test: fast/tokenizer/write-partial-entity.html + + * html/HTMLTokenizer.cpp: + (WebCore::HTMLTokenizer::parseTag): Reordered to avoid resetting the buffer position + after script execution which can write to the buffer. + 2007-03-29 Justin Garcia <justin.garcia@apple.com> Reviewed by john diff --git a/third_party/WebKit/WebCore/html/HTMLTokenizer.cpp b/third_party/WebKit/WebCore/html/HTMLTokenizer.cpp index 82d7071..ca3a845 100644 --- a/third_party/WebKit/WebCore/html/HTMLTokenizer.cpp +++ b/third_party/WebKit/WebCore/html/HTMLTokenizer.cpp @@ -1161,6 +1161,7 @@ HTMLTokenizer::State HTMLTokenizer::parseTag(SegmentedString &src, State state) } RefPtr<Node> n = processToken(); + m_cBufferPos = cBufferPos; if (n) { if ((tagName == preTag || tagName == listingTag) && !inViewSourceMode()) { if (beginTag) @@ -1225,7 +1226,6 @@ HTMLTokenizer::State HTMLTokenizer::parseTag(SegmentedString &src, State state) } if (tagName == plaintextTag) state.setInPlainText(beginTag); - m_cBufferPos = cBufferPos; return state; // Finished parsing tag! } } // end switch |