Updated WebKit from /home/shausman/src/webkit/trunk to origin/qtwebkit-4.5 ( a3e05ad8acdead3b534d0cef772b85f002e80b8d )

Changes in WebKit since the last update:

++ b/LayoutTests/ChangeLog
2009-06-18  Chris Evans  <scarybeasts@gmail.com>

        Reviewed by Adam Barth.

        Added test for bug 26454 (broken 8-digit hex entities).
        https://bugs.webkit.org/show_bug.cgi?id=26454

        * fast/parser/eightdigithexentity-expected.txt: Added.
        * fast/parser/eightdigithexentity.html: Added.

2009-06-20  Sam Weinig  <sam@webkit.org>

        Reviewed by Adam Barth.

        Test for https://bugs.webkit.org/show_bug.cgi?id=26554

        Test writing to parent and top.

        * http/tests/security/cross-frame-access-put-expected.txt:
        * http/tests/security/cross-frame-access-put.html:
        * http/tests/security/resources/cross-frame-iframe-for-put-test.html:

++ b/WebCore/ChangeLog
2009-06-18  Chris Evans  <scarybeasts@gmail.com>

        Reviewed by Adam Barth.

        Fix 8-digit long hex entities. Fixes bug 26454
        https://bugs.webkit.org/show_bug.cgi?id=26454

        Test: fast/parser/eightdigithexentity.html

        * html/HTMLTokenizer.cpp: fix off-by-ones.

2009-06-20  Sam Weinig  <sam@webkit.org>

        Reviewed by Adam Barth.

        Fix for https://bugs.webkit.org/show_bug.cgi?id=26554
        Shadowing of top and parent

        * page/DOMWindow.idl:

5 files changed, 34 insertions, 6 deletions

diff --git a/src/3rdparty/webkit/VERSION b/src/3rdparty/webkit/VERSION
index 368d2b5..88f32d9 100644
--- a/src/3rdparty/webkit/VERSION
+++ b/src/3rdparty/webkit/VERSION
@@ -1,6 +1,6 @@
 This is a snapshot of the Qt port of WebKit from
 
-        git://code.staikos.net/webkit
+        git://gitorious.org/qtwebkit/qtwebkit.git
 
 The commit imported was from the
 
@@ -8,4 +8,4 @@ The commit imported was from the
 
 and has the sha1 checksum
 
-        eb4957a561d3f85d4cd5602832375c66f378b521
+        a3e05ad8acdead3b534d0cef772b85f002e80b8d
diff --git a/src/3rdparty/webkit/WebCore/ChangeLog b/src/3rdparty/webkit/WebCore/ChangeLog
index be6922f..19bb36a 100644
--- a/src/3rdparty/webkit/WebCore/ChangeLog
+++ b/src/3rdparty/webkit/WebCore/ChangeLog
@@ -1,3 +1,23 @@
+2009-06-18  Chris Evans  <scarybeasts@gmail.com>
+
+        Reviewed by Adam Barth.
+
+        Fix 8-digit long hex entities. Fixes bug 26454
+        https://bugs.webkit.org/show_bug.cgi?id=26454
+
+        Test: fast/parser/eightdigithexentity.html
+
+        * html/HTMLTokenizer.cpp: fix off-by-ones.
+
+2009-06-20  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Adam Barth.
+
+        Fix for https://bugs.webkit.org/show_bug.cgi?id=26554
+        Shadowing of top and parent
+
+        * page/DOMWindow.idl:
+
 2008-12-18  Bernhard Rosenkraenzer <bero@arklinux.ch>
 
         Reviewed by Darin Adler.
diff --git a/src/3rdparty/webkit/WebCore/generated/JSDOMWindow.cpp b/src/3rdparty/webkit/WebCore/generated/JSDOMWindow.cpp
index c6906b6..d692150 100644
--- a/src/3rdparty/webkit/WebCore/generated/JSDOMWindow.cpp
+++ b/src/3rdparty/webkit/WebCore/generated/JSDOMWindow.cpp
@@ -2496,11 +2496,15 @@ void setJSDOMWindowOpener(ExecState* exec, JSObject* thisObject, JSValuePtr valu
 
 void setJSDOMWindowParent(ExecState* exec, JSObject* thisObject, JSValuePtr value)
 {
+    if (!static_cast<JSDOMWindow*>(thisObject)->allowsAccessFrom(exec))
+        return;
     static_cast<JSDOMWindow*>(thisObject)->putDirect(Identifier(exec, "parent"), value);
 }
 
 void setJSDOMWindowTop(ExecState* exec, JSObject* thisObject, JSValuePtr value)
 {
+    if (!static_cast<JSDOMWindow*>(thisObject)->allowsAccessFrom(exec))
+        return;
     static_cast<JSDOMWindow*>(thisObject)->putDirect(Identifier(exec, "top"), value);
 }
 
diff --git a/src/3rdparty/webkit/WebCore/html/HTMLTokenizer.cpp b/src/3rdparty/webkit/WebCore/html/HTMLTokenizer.cpp
index 6de9951..b6a5418 100644
--- a/src/3rdparty/webkit/WebCore/html/HTMLTokenizer.cpp
+++ b/src/3rdparty/webkit/WebCore/html/HTMLTokenizer.cpp
@@ -867,7 +867,9 @@ HTMLTokenizer::State HTMLTokenizer::parseEntity(SegmentedString& src, UChar*& de
                     }
                 } else {
                     // FIXME: We should eventually colorize entities by sending them as a special token.
-                    checkBuffer(11);
+                    // 12 bytes required: up to 10 bytes in m_cBuffer plus the
+                    // leading '&' and trailing ';'
+                    checkBuffer(12);
                     *dest++ = '&';
                     for (unsigned i = 0; i < cBufferPos; i++)
                         dest[i] = m_cBuffer[i];
@@ -878,7 +880,9 @@ HTMLTokenizer::State HTMLTokenizer::parseEntity(SegmentedString& src, UChar*& de
                     }
                 }
             } else {
-                checkBuffer(10);
+                // 11 bytes required: up to 10 bytes in m_cBuffer plus the
+                // leading '&'
+                checkBuffer(11);
                 // ignore the sequence, add it to the buffer as plaintext
                 *dest++ = '&';
                 for (unsigned i = 0; i < cBufferPos; i++)
diff --git a/src/3rdparty/webkit/WebCore/page/DOMWindow.idl b/src/3rdparty/webkit/WebCore/page/DOMWindow.idl
index d0114e6..71c3137 100644
--- a/src/3rdparty/webkit/WebCore/page/DOMWindow.idl
+++ b/src/3rdparty/webkit/WebCore/page/DOMWindow.idl
@@ -121,8 +121,8 @@ module window {
         attribute [Replaceable, DoNotCheckDomainSecurityOnGet] DOMWindow frames;
 
         attribute [Replaceable, DoNotCheckDomainSecurityOnGet] DOMWindow opener;
-        attribute [Replaceable, DoNotCheckDomainSecurity] DOMWindow parent;
-        attribute [Replaceable, DoNotCheckDomainSecurity] DOMWindow top;
+        attribute [Replaceable, DoNotCheckDomainSecurityOnGet] DOMWindow parent;
+        attribute [Replaceable, DoNotCheckDomainSecurityOnGet] DOMWindow top;
 
         // DOM Level 2 AbstractView Interface
         readonly attribute Document document;