diff options
author | Simon Hausmann <simon.hausmann@nokia.com> | 2009-07-13 15:45:53 (GMT) |
---|---|---|
committer | Simon Hausmann <simon.hausmann@nokia.com> | 2009-07-13 15:45:53 (GMT) |
commit | 3e5d7444b883778663d1e31e54afffae65921da3 (patch) | |
tree | d5e2963db6aa20703c28fd6477b0b493699fe462 /src | |
parent | ecffc68ab222309e30d83a55022169cef9acfd81 (diff) | |
download | Qt-3e5d7444b883778663d1e31e54afffae65921da3.zip Qt-3e5d7444b883778663d1e31e54afffae65921da3.tar.gz Qt-3e5d7444b883778663d1e31e54afffae65921da3.tar.bz2 |
Updated WebKit from /home/shausman/src/webkit/trunk to origin/qtwebkit-4.5 ( a3e05ad8acdead3b534d0cef772b85f002e80b8d )
Changes in WebKit since the last update:
++ b/LayoutTests/ChangeLog
2009-06-18 Chris Evans <scarybeasts@gmail.com>
Reviewed by Adam Barth.
Added test for bug 26454 (broken 8-digit hex entities).
https://bugs.webkit.org/show_bug.cgi?id=26454
* fast/parser/eightdigithexentity-expected.txt: Added.
* fast/parser/eightdigithexentity.html: Added.
2009-06-20 Sam Weinig <sam@webkit.org>
Reviewed by Adam Barth.
Test for https://bugs.webkit.org/show_bug.cgi?id=26554
Test writing to parent and top.
* http/tests/security/cross-frame-access-put-expected.txt:
* http/tests/security/cross-frame-access-put.html:
* http/tests/security/resources/cross-frame-iframe-for-put-test.html:
++ b/WebCore/ChangeLog
2009-06-18 Chris Evans <scarybeasts@gmail.com>
Reviewed by Adam Barth.
Fix 8-digit long hex entities. Fixes bug 26454
https://bugs.webkit.org/show_bug.cgi?id=26454
Test: fast/parser/eightdigithexentity.html
* html/HTMLTokenizer.cpp: fix off-by-ones.
2009-06-20 Sam Weinig <sam@webkit.org>
Reviewed by Adam Barth.
Fix for https://bugs.webkit.org/show_bug.cgi?id=26554
Shadowing of top and parent
* page/DOMWindow.idl:
Diffstat (limited to 'src')
-rw-r--r-- | src/3rdparty/webkit/VERSION | 4 | ||||
-rw-r--r-- | src/3rdparty/webkit/WebCore/ChangeLog | 20 | ||||
-rw-r--r-- | src/3rdparty/webkit/WebCore/generated/JSDOMWindow.cpp | 4 | ||||
-rw-r--r-- | src/3rdparty/webkit/WebCore/html/HTMLTokenizer.cpp | 8 | ||||
-rw-r--r-- | src/3rdparty/webkit/WebCore/page/DOMWindow.idl | 4 |
5 files changed, 34 insertions, 6 deletions
diff --git a/src/3rdparty/webkit/VERSION b/src/3rdparty/webkit/VERSION index 368d2b5..88f32d9 100644 --- a/src/3rdparty/webkit/VERSION +++ b/src/3rdparty/webkit/VERSION @@ -1,6 +1,6 @@ This is a snapshot of the Qt port of WebKit from - git://code.staikos.net/webkit + git://gitorious.org/qtwebkit/qtwebkit.git The commit imported was from the @@ -8,4 +8,4 @@ The commit imported was from the and has the sha1 checksum - eb4957a561d3f85d4cd5602832375c66f378b521 + a3e05ad8acdead3b534d0cef772b85f002e80b8d diff --git a/src/3rdparty/webkit/WebCore/ChangeLog b/src/3rdparty/webkit/WebCore/ChangeLog index be6922f..19bb36a 100644 --- a/src/3rdparty/webkit/WebCore/ChangeLog +++ b/src/3rdparty/webkit/WebCore/ChangeLog @@ -1,3 +1,23 @@ +2009-06-18 Chris Evans <scarybeasts@gmail.com> + + Reviewed by Adam Barth. + + Fix 8-digit long hex entities. Fixes bug 26454 + https://bugs.webkit.org/show_bug.cgi?id=26454 + + Test: fast/parser/eightdigithexentity.html + + * html/HTMLTokenizer.cpp: fix off-by-ones. + +2009-06-20 Sam Weinig <sam@webkit.org> + + Reviewed by Adam Barth. + + Fix for https://bugs.webkit.org/show_bug.cgi?id=26554 + Shadowing of top and parent + + * page/DOMWindow.idl: + 2008-12-18 Bernhard Rosenkraenzer <bero@arklinux.ch> Reviewed by Darin Adler. diff --git a/src/3rdparty/webkit/WebCore/generated/JSDOMWindow.cpp b/src/3rdparty/webkit/WebCore/generated/JSDOMWindow.cpp index c6906b6..d692150 100644 --- a/src/3rdparty/webkit/WebCore/generated/JSDOMWindow.cpp +++ b/src/3rdparty/webkit/WebCore/generated/JSDOMWindow.cpp @@ -2496,11 +2496,15 @@ void setJSDOMWindowOpener(ExecState* exec, JSObject* thisObject, JSValuePtr valu void setJSDOMWindowParent(ExecState* exec, JSObject* thisObject, JSValuePtr value) { + if (!static_cast<JSDOMWindow*>(thisObject)->allowsAccessFrom(exec)) + return; static_cast<JSDOMWindow*>(thisObject)->putDirect(Identifier(exec, "parent"), value); } void setJSDOMWindowTop(ExecState* exec, JSObject* thisObject, JSValuePtr value) { + if (!static_cast<JSDOMWindow*>(thisObject)->allowsAccessFrom(exec)) + return; static_cast<JSDOMWindow*>(thisObject)->putDirect(Identifier(exec, "top"), value); } diff --git a/src/3rdparty/webkit/WebCore/html/HTMLTokenizer.cpp b/src/3rdparty/webkit/WebCore/html/HTMLTokenizer.cpp index 6de9951..b6a5418 100644 --- a/src/3rdparty/webkit/WebCore/html/HTMLTokenizer.cpp +++ b/src/3rdparty/webkit/WebCore/html/HTMLTokenizer.cpp @@ -867,7 +867,9 @@ HTMLTokenizer::State HTMLTokenizer::parseEntity(SegmentedString& src, UChar*& de } } else { // FIXME: We should eventually colorize entities by sending them as a special token. - checkBuffer(11); + // 12 bytes required: up to 10 bytes in m_cBuffer plus the + // leading '&' and trailing ';' + checkBuffer(12); *dest++ = '&'; for (unsigned i = 0; i < cBufferPos; i++) dest[i] = m_cBuffer[i]; @@ -878,7 +880,9 @@ HTMLTokenizer::State HTMLTokenizer::parseEntity(SegmentedString& src, UChar*& de } } } else { - checkBuffer(10); + // 11 bytes required: up to 10 bytes in m_cBuffer plus the + // leading '&' + checkBuffer(11); // ignore the sequence, add it to the buffer as plaintext *dest++ = '&'; for (unsigned i = 0; i < cBufferPos; i++) diff --git a/src/3rdparty/webkit/WebCore/page/DOMWindow.idl b/src/3rdparty/webkit/WebCore/page/DOMWindow.idl index d0114e6..71c3137 100644 --- a/src/3rdparty/webkit/WebCore/page/DOMWindow.idl +++ b/src/3rdparty/webkit/WebCore/page/DOMWindow.idl @@ -121,8 +121,8 @@ module window { attribute [Replaceable, DoNotCheckDomainSecurityOnGet] DOMWindow frames; attribute [Replaceable, DoNotCheckDomainSecurityOnGet] DOMWindow opener; - attribute [Replaceable, DoNotCheckDomainSecurity] DOMWindow parent; - attribute [Replaceable, DoNotCheckDomainSecurity] DOMWindow top; + attribute [Replaceable, DoNotCheckDomainSecurityOnGet] DOMWindow parent; + attribute [Replaceable, DoNotCheckDomainSecurityOnGet] DOMWindow top; // DOM Level 2 AbstractView Interface readonly attribute Document document; |