Updated WebKit to a52dbae362a295e0adfb7ee4fdc21734ae4b7b45

Reviewed-by: Andreas Kling

6 files changed, 109 insertions, 14 deletions

diff --git a/src/3rdparty/webkit/.tag b/src/3rdparty/webkit/.tag
index 764b986..f786b78 100644
--- a/src/3rdparty/webkit/.tag
+++ b/src/3rdparty/webkit/.tag
@@ -1 +1 @@
-d30a30ac4faadcb8b2e282e343c921f919fbca9b
+a52dbae362a295e0adfb7ee4fdc21734ae4b7b45
diff --git a/src/3rdparty/webkit/Source/WebCore/ChangeLog b/src/3rdparty/webkit/Source/WebCore/ChangeLog
index ea77d39..f112cba 100644
--- a/src/3rdparty/webkit/Source/WebCore/ChangeLog
+++ b/src/3rdparty/webkit/Source/WebCore/ChangeLog
@@ -1,3 +1,27 @@
+2011-06-28  Roland Steiner  <rolandsteiner@chromium.org>
+
+        Reviewed by Eric Seidel.
+
+        Bug 55930 - (CVE-2011-1440) Incorrect handling of 'display:' property within nested <ruby> tags
+        https://bugs.webkit.org/show_bug.cgi?id=55930
+
+        Don't set style type BEFORE/AFTER on anonymous wrapper block.
+        Rather, check style type on generated wrapped child.
+
+        Tests: fast/ruby/generated-after-counter-doesnt-crash.html
+               fast/ruby/generated-before-and-after-counter-doesnt-crash.html
+               fast/ruby/generated-before-counter-doesnt-crash.html
+
+        * rendering/RenderRuby.cpp:
+        (WebCore::isAnonymousRubyInlineBlock):
+        (WebCore::isRubyBeforeBlock):
+        (WebCore::isRubyAfterBlock):
+        (WebCore::rubyBeforeBlock):
+        (WebCore::rubyAfterBlock):
+        (WebCore::createAnonymousRubyInlineBlock):
+        (WebCore::RenderRubyAsInline::addChild):
+        (WebCore::RenderRubyAsBlock::addChild):
+
 2011-05-23  Matthew Delaney  <mdelaney@apple.com>
 
         Reviewed by Simon Fraser.
diff --git a/src/3rdparty/webkit/Source/WebCore/rendering/RenderRuby.cpp b/src/3rdparty/webkit/Source/WebCore/rendering/RenderRuby.cpp
index 0b51384..e0137de 100644
--- a/src/3rdparty/webkit/Source/WebCore/rendering/RenderRuby.cpp
+++ b/src/3rdparty/webkit/Source/WebCore/rendering/RenderRuby.cpp
@@ -40,33 +40,53 @@ namespace WebCore {
 
 //=== generic helper functions to avoid excessive code duplication ===
 
-static inline bool isAnonymousRubyInlineBlock(RenderObject* object)
+static inline bool isAnonymousRubyInlineBlock(const RenderObject* object)
 {
-    ASSERT(!object->parent()->isRuby()
+    ASSERT(!object
+        || !object->parent()->isRuby()
         || object->isRubyRun()
         || (object->isInline() && (object->isBeforeContent() || object->isAfterContent()))
         || (object->isAnonymous() && object->isRenderBlock() && object->style()->display() == INLINE_BLOCK));
-    return object->parent()->isRuby() && object->isRenderBlock() && !object->isRubyRun();
+
+    return object
+        && object->parent()->isRuby()
+        && object->isRenderBlock()
+        && !object->isRubyRun();
+}
+
+static inline bool isRubyBeforeBlock(const RenderObject* object)
+{
+    return isAnonymousRubyInlineBlock(object)
+        && !object->previousSibling()
+        && object->firstChild()
+        && object->firstChild()->style()->styleType() == BEFORE;
+}
+
+static inline bool isRubyAfterBlock(const RenderObject* object)
+{
+    return isAnonymousRubyInlineBlock(object)
+        && !object->nextSibling()
+        && object->firstChild()
+        && object->firstChild()->style()->styleType() == AFTER;
 }
 
 static inline RenderBlock* rubyBeforeBlock(const RenderObject* ruby)
 {
     RenderObject* child = ruby->firstChild();
-    return child && !child->isRubyRun() && child->isRenderBlock() && child->style()->styleType() == BEFORE ? static_cast<RenderBlock*>(child) : 0;
+    return isRubyBeforeBlock(child) ? static_cast<RenderBlock*>(child) : 0;
 }
 
 static inline RenderBlock* rubyAfterBlock(const RenderObject* ruby)
 {
     RenderObject* child = ruby->lastChild();
-    return child && !child->isRubyRun() && child->isRenderBlock() && child->style()->styleType() == AFTER ? static_cast<RenderBlock*>(child) : 0;
+    return isRubyAfterBlock(child) ? static_cast<RenderBlock*>(child) : 0;
 }
 
-static RenderBlock* createAnonymousRubyInlineBlock(RenderObject* ruby, PseudoId styleType)
+static RenderBlock* createAnonymousRubyInlineBlock(RenderObject* ruby)
 {
     RefPtr<RenderStyle> newStyle = RenderStyle::createAnonymousStyle(ruby->style());
     newStyle->setDisplay(INLINE_BLOCK);
-    newStyle->setStyleType(styleType);
-    
+
     RenderBlock* newBlock = new (ruby->renderArena()) RenderBlock(ruby->document() /* anonymous box */);
     newBlock->setStyle(newStyle.release());
     return newBlock;
@@ -110,7 +130,7 @@ void RenderRubyAsInline::addChild(RenderObject* child, RenderObject* beforeChild
             // Wrap non-inline content with an anonymous inline-block.
             RenderBlock* beforeBlock = rubyBeforeBlock(this);
             if (!beforeBlock) {
-                beforeBlock = createAnonymousRubyInlineBlock(this, BEFORE);
+                beforeBlock = createAnonymousRubyInlineBlock(this);
                 RenderInline::addChild(beforeBlock, firstChild());
             }
             beforeBlock->addChild(child);
@@ -125,7 +145,7 @@ void RenderRubyAsInline::addChild(RenderObject* child, RenderObject* beforeChild
             // Wrap non-inline content with an anonymous inline-block.
             RenderBlock* afterBlock = rubyAfterBlock(this);
             if (!afterBlock) {
-                afterBlock = createAnonymousRubyInlineBlock(this, AFTER);
+                afterBlock = createAnonymousRubyInlineBlock(this);
                 RenderInline::addChild(afterBlock);
             }
             afterBlock->addChild(child);
@@ -211,7 +231,7 @@ void RenderRubyAsBlock::addChild(RenderObject* child, RenderObject* beforeChild)
             // Wrap non-inline content with an anonymous inline-block.
             RenderBlock* beforeBlock = rubyBeforeBlock(this);
             if (!beforeBlock) {
-                beforeBlock = createAnonymousRubyInlineBlock(this, BEFORE);
+                beforeBlock = createAnonymousRubyInlineBlock(this);
                 RenderBlock::addChild(beforeBlock, firstChild());
             }
             beforeBlock->addChild(child);
@@ -226,7 +246,7 @@ void RenderRubyAsBlock::addChild(RenderObject* child, RenderObject* beforeChild)
             // Wrap non-inline content with an anonymous inline-block.
             RenderBlock* afterBlock = rubyAfterBlock(this);
             if (!afterBlock) {
-                afterBlock = createAnonymousRubyInlineBlock(this, AFTER);
+                afterBlock = createAnonymousRubyInlineBlock(this);
                 RenderBlock::addChild(afterBlock);
             }
             afterBlock->addChild(child);
diff --git a/src/3rdparty/webkit/Source/WebKit/qt/ChangeLog b/src/3rdparty/webkit/Source/WebKit/qt/ChangeLog
index 9a7d0e7..d702142 100644
--- a/src/3rdparty/webkit/Source/WebKit/qt/ChangeLog
+++ b/src/3rdparty/webkit/Source/WebKit/qt/ChangeLog
@@ -1,3 +1,49 @@
+2011-06-29  Alexis Menard  <alexis.menard@openbossa.org>
+
+        Reviewed by Benjamin Poulain.
+
+        [Qt] Add Qt dependencies in QtWebKit's main pro file.
+        https://bugs.webkit.org/show_bug.cgi?id=63639
+
+        syncqt, the script which generates the headers inside Qt parses
+        the main pro file of QtWebKit to check the Qt dependencies. It used
+        to be WebCore.pro but after the build reorganization QtWebKit.pro is
+        the new main pro file so we need to add the network dependency just like
+        we did in WebCore.pro.
+
+        * QtWebKit.pro:
+
+2011-06-23  Csaba Osztrogonác  <ossy@webkit.org>
+
+        Rubber-stamped by Andreas Kling.
+
+        [Qt] Fix tst_QWebFrame::setHtmlWithResource() API test
+        https://bugs.webkit.org/show_bug.cgi?id=63235
+
+        [Qt] Fix tst_QWebFrame::renderGeometry() API test
+        https://bugs.webkit.org/show_bug.cgi?id=63236
+
+        [Qt] Fix tst_QWebFrame::setUrlWithPendingLoads() API test
+        https://bugs.webkit.org/show_bug.cgi?id=63237
+
+        * tests/qwebframe/tst_qwebframe.cpp: Mark failing test cases as expected fails until real fix.
+        (tst_QWebFrame::setHtmlWithResource):
+        (tst_QWebFrame::renderGeometry):
+
+2011-06-23  Csaba Osztrogonác  <ossy@webkit.org>
+
+        Rubber-stamped by Andreas Kling.
+
+        [Qt] Fix tst_QWebPage::showModalDialog() API test
+        https://bugs.webkit.org/show_bug.cgi?id=63244
+
+        [Qt] Fix tst_QWebPage::testStopScheduledPageRefresh() API test
+        https://bugs.webkit.org/show_bug.cgi?id=63245
+
+        * tests/qwebpage/tst_qwebpage.cpp: Mark failing test cases as expected fails.
+        (tst_QWebPage::showModalDialog):
+        (tst_QWebPage::testStopScheduledPageRefresh):
+
 2011-06-28  Alexis Menard  <alexis.menard@openbossa.org>
 
         Reviewed by Andreas Kling.
diff --git a/src/3rdparty/webkit/Source/WebKit/qt/QtWebKit.pro b/src/3rdparty/webkit/Source/WebKit/qt/QtWebKit.pro
index 301aaa3..e07f699 100644
--- a/src/3rdparty/webkit/Source/WebKit/qt/QtWebKit.pro
+++ b/src/3rdparty/webkit/Source/WebKit/qt/QtWebKit.pro
@@ -28,6 +28,11 @@ include($$SOURCE_DIR/WebCore/WebCore.pri)
 prependWebCoreLib(../../WebCore)
 webkit2:prependWebKit2Lib(../../WebKit2)
 
+# This is needed for syncqt when it parses the dependencies on module's main pro file so
+# the generated includes are containing the dependencies.
+# It used to be in WebCore.pro but now that this is the main pro file it has to be here.
+QT += network
+
 isEmpty(OUTPUT_DIR): OUTPUT_DIR = ../..
 
 contains(QT_CONFIG, embedded):CONFIG += embedded
diff --git a/src/3rdparty/webkit/VERSION b/src/3rdparty/webkit/VERSION
index f9e62cc..85f9e4f 100644
--- a/src/3rdparty/webkit/VERSION
+++ b/src/3rdparty/webkit/VERSION
@@ -4,4 +4,4 @@ This is a snapshot of the Qt port of WebKit from
 
 and has the sha1 checksum
 
-        d30a30ac4faadcb8b2e282e343c921f919fbca9b
+        a52dbae362a295e0adfb7ee4fdc21734ae4b7b45