From 3e5d7444b883778663d1e31e54afffae65921da3 Mon Sep 17 00:00:00 2001 From: Simon Hausmann Date: Mon, 13 Jul 2009 17:45:53 +0200 Subject: Updated WebKit from /home/shausman/src/webkit/trunk to origin/qtwebkit-4.5 ( a3e05ad8acdead3b534d0cef772b85f002e80b8d ) Changes in WebKit since the last update: ++ b/LayoutTests/ChangeLog 2009-06-18 Chris Evans Reviewed by Adam Barth. Added test for bug 26454 (broken 8-digit hex entities). https://bugs.webkit.org/show_bug.cgi?id=26454 * fast/parser/eightdigithexentity-expected.txt: Added. * fast/parser/eightdigithexentity.html: Added. 2009-06-20 Sam Weinig Reviewed by Adam Barth. Test for https://bugs.webkit.org/show_bug.cgi?id=26554 Test writing to parent and top. * http/tests/security/cross-frame-access-put-expected.txt: * http/tests/security/cross-frame-access-put.html: * http/tests/security/resources/cross-frame-iframe-for-put-test.html: ++ b/WebCore/ChangeLog 2009-06-18 Chris Evans Reviewed by Adam Barth. Fix 8-digit long hex entities. Fixes bug 26454 https://bugs.webkit.org/show_bug.cgi?id=26454 Test: fast/parser/eightdigithexentity.html * html/HTMLTokenizer.cpp: fix off-by-ones. 2009-06-20 Sam Weinig Reviewed by Adam Barth. Fix for https://bugs.webkit.org/show_bug.cgi?id=26554 Shadowing of top and parent * page/DOMWindow.idl: --- src/3rdparty/webkit/VERSION | 4 ++-- src/3rdparty/webkit/WebCore/ChangeLog | 20 ++++++++++++++++++++ .../webkit/WebCore/generated/JSDOMWindow.cpp | 4 ++++ src/3rdparty/webkit/WebCore/html/HTMLTokenizer.cpp | 8 ++++++-- src/3rdparty/webkit/WebCore/page/DOMWindow.idl | 4 ++-- 5 files changed, 34 insertions(+), 6 deletions(-) diff --git a/src/3rdparty/webkit/VERSION b/src/3rdparty/webkit/VERSION index 368d2b5..88f32d9 100644 --- a/src/3rdparty/webkit/VERSION +++ b/src/3rdparty/webkit/VERSION @@ -1,6 +1,6 @@ This is a snapshot of the Qt port of WebKit from - git://code.staikos.net/webkit + git://gitorious.org/qtwebkit/qtwebkit.git The commit imported was from the @@ -8,4 +8,4 @@ The commit imported was from the and has the sha1 checksum - eb4957a561d3f85d4cd5602832375c66f378b521 + a3e05ad8acdead3b534d0cef772b85f002e80b8d diff --git a/src/3rdparty/webkit/WebCore/ChangeLog b/src/3rdparty/webkit/WebCore/ChangeLog index be6922f..19bb36a 100644 --- a/src/3rdparty/webkit/WebCore/ChangeLog +++ b/src/3rdparty/webkit/WebCore/ChangeLog @@ -1,3 +1,23 @@ +2009-06-18 Chris Evans + + Reviewed by Adam Barth. + + Fix 8-digit long hex entities. Fixes bug 26454 + https://bugs.webkit.org/show_bug.cgi?id=26454 + + Test: fast/parser/eightdigithexentity.html + + * html/HTMLTokenizer.cpp: fix off-by-ones. + +2009-06-20 Sam Weinig + + Reviewed by Adam Barth. + + Fix for https://bugs.webkit.org/show_bug.cgi?id=26554 + Shadowing of top and parent + + * page/DOMWindow.idl: + 2008-12-18 Bernhard Rosenkraenzer Reviewed by Darin Adler. diff --git a/src/3rdparty/webkit/WebCore/generated/JSDOMWindow.cpp b/src/3rdparty/webkit/WebCore/generated/JSDOMWindow.cpp index c6906b6..d692150 100644 --- a/src/3rdparty/webkit/WebCore/generated/JSDOMWindow.cpp +++ b/src/3rdparty/webkit/WebCore/generated/JSDOMWindow.cpp @@ -2496,11 +2496,15 @@ void setJSDOMWindowOpener(ExecState* exec, JSObject* thisObject, JSValuePtr valu void setJSDOMWindowParent(ExecState* exec, JSObject* thisObject, JSValuePtr value) { + if (!static_cast(thisObject)->allowsAccessFrom(exec)) + return; static_cast(thisObject)->putDirect(Identifier(exec, "parent"), value); } void setJSDOMWindowTop(ExecState* exec, JSObject* thisObject, JSValuePtr value) { + if (!static_cast(thisObject)->allowsAccessFrom(exec)) + return; static_cast(thisObject)->putDirect(Identifier(exec, "top"), value); } diff --git a/src/3rdparty/webkit/WebCore/html/HTMLTokenizer.cpp b/src/3rdparty/webkit/WebCore/html/HTMLTokenizer.cpp index 6de9951..b6a5418 100644 --- a/src/3rdparty/webkit/WebCore/html/HTMLTokenizer.cpp +++ b/src/3rdparty/webkit/WebCore/html/HTMLTokenizer.cpp @@ -867,7 +867,9 @@ HTMLTokenizer::State HTMLTokenizer::parseEntity(SegmentedString& src, UChar*& de } } else { // FIXME: We should eventually colorize entities by sending them as a special token. - checkBuffer(11); + // 12 bytes required: up to 10 bytes in m_cBuffer plus the + // leading '&' and trailing ';' + checkBuffer(12); *dest++ = '&'; for (unsigned i = 0; i < cBufferPos; i++) dest[i] = m_cBuffer[i]; @@ -878,7 +880,9 @@ HTMLTokenizer::State HTMLTokenizer::parseEntity(SegmentedString& src, UChar*& de } } } else { - checkBuffer(10); + // 11 bytes required: up to 10 bytes in m_cBuffer plus the + // leading '&' + checkBuffer(11); // ignore the sequence, add it to the buffer as plaintext *dest++ = '&'; for (unsigned i = 0; i < cBufferPos; i++) diff --git a/src/3rdparty/webkit/WebCore/page/DOMWindow.idl b/src/3rdparty/webkit/WebCore/page/DOMWindow.idl index d0114e6..71c3137 100644 --- a/src/3rdparty/webkit/WebCore/page/DOMWindow.idl +++ b/src/3rdparty/webkit/WebCore/page/DOMWindow.idl @@ -121,8 +121,8 @@ module window { attribute [Replaceable, DoNotCheckDomainSecurityOnGet] DOMWindow frames; attribute [Replaceable, DoNotCheckDomainSecurityOnGet] DOMWindow opener; - attribute [Replaceable, DoNotCheckDomainSecurity] DOMWindow parent; - attribute [Replaceable, DoNotCheckDomainSecurity] DOMWindow top; + attribute [Replaceable, DoNotCheckDomainSecurityOnGet] DOMWindow parent; + attribute [Replaceable, DoNotCheckDomainSecurityOnGet] DOMWindow top; // DOM Level 2 AbstractView Interface readonly attribute Document document; -- cgit v0.12