[meego-commits] 6699: Changes to devel:qt-mtf/qtwebkit
Fathi Boudra
fathi.boudra at nokia.com
Mon Aug 16 11:32:12 UTC 2010
Hi,
I have made the following changes to qtwebkit in project devel:qt-mtf. Please review and accept ASAP.
Thank You,
Fathi Boudra
[This message was auto-generated]
---
Request #6699:
submit: home:boudra:branches:devel:qt-mtf/qtwebkit(r2)(cleanup) -> devel:qt-mtf/qtwebkit
Message:
* Mon Jul 19 2010 Fathi Boudra <fathi.boudra at nokia.com> - 2.0~week32
- Update Qt WebKit to 2.0 weekly build 32
State: new 2010-08-15T23:22:57 boudra
Comment: None
changes files:
--------------
--- qtwebkit.changes
+++ qtwebkit.changes
@@ -0,0 +1,3 @@
+* Mon Jul 19 2010 Fathi Boudra <fathi.boudra at nokia.com> - 2.0~week32
+- Update Qt WebKit to 2.0 weekly build 32
+
@@ -3 +5,0 @@
-
spec files:
-----------
--- qtwebkit.spec
+++ qtwebkit.spec
@@ -1,7 +1,7 @@
-# spec file for package qtwebkit (Version 2.0 week build 27)
+# spec file for package qtwebkit (Version 2.0 week build 32)
%define upstream_short_version 2.0
-%define upstream_extra_version week27
+%define upstream_extra_version week32
Name: qtwebkit
Version: %{upstream_short_version}~%{upstream_extra_version}
other changes:
--------------
++++++ 04_enable_debug_information.patch
--- 04_enable_debug_information.patch
+++ 04_enable_debug_information.patch
@@ -4,7 +4,7 @@
--- a/WebCore/WebCore.pro
+++ b/WebCore/WebCore.pro
-@@ -2935,8 +2935,6 @@ HEADERS += $$WEBKIT_API_HEADERS
+@@ -2943,8 +2943,6 @@ HEADERS += $$WEBKIT_API_HEADERS
CONFIG(QTDIR_build) {
# Remove the following 2 lines if you want debug information in WebCore
++++++ qtwebkit-2.0-source.tar.gz
--- .tag
+++ .tag
@@ -1 +1 @@
-011a5882e269383ee251e3283d87e4e22b7a6bea
+72b1c38579ca1fdb3f242e29cd16e5bfb4925813
--- JavaScriptCore/ChangeLog
+++ JavaScriptCore/ChangeLog
@@ -1,3 +1,90 @@
+2010-07-02 Peter Varga <pvarga at inf.u-szeged.hu>
+
+ Reviewed by Oliver Hunt.
+
+ The alternativeFrameLocation value is wrong in the emitDisjunction function in
+ case of PatternTerm::TypeParentheticalAssertion. This value needs to be
+ computed from term.frameLocation instead of term.inputPosition. This mistake caused glibc
+ memory corruption in some cases.
+ Layout test added for checking of TypeParentheticalAssertion case.
+ https://bugs.webkit.org/show_bug.cgi?id=41458
+
+ * yarr/RegexInterpreter.cpp:
+ (JSC::Yarr::ByteCompiler::emitDisjunction):
+
+2010-07-03 Yong Li <yoli at rim.com>
+
+ Reviewed by Darin Adler.
+
+ Make Arguments::MaxArguments clamping work for numbers >= 0x80000000 in
+ the interpreter as well as the JIT.
+
+ https://bugs.webkit.org/show_bug.cgi?id=41351
+ rdar://problem/8142141
+
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute): Fix signed integer overflow problem
+ in op_load_varargs handling. 0xFFFFFFFF was read as -1.
+
+2010-07-04 Mark Rowe <mrowe at apple.com>
+
+ Build fix after r62456.
+
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute): Be slightly more consistent in using uint32_t to prevent
+ warnings about comparisons between signed and unsigned types, and attempts to call an overload
+ of std::min that doesn't exist.
+
+2010-07-02 Oliver Hunt <oliver at apple.com>
+
+ Reviewed by Gavin Barraclough.
+
+ Clamp the number of arguments supported by function.apply
+ https://bugs.webkit.org/show_bug.cgi?id=41351
+ <rdar://problem/8142141>
+
+ Add clamping logic to function.apply similar to that
+ enforced by firefox. We have a smaller clamp than
+ firefox as our calling convention means that stack
+ usage is proportional to argument count -- the firefox
+ limit is larger than you could actually call.
+
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute):
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ * runtime/Arguments.h:
+ (JSC::Arguments::):
+
+2010-07-01 Oliver Hunt <oliver at apple.com>
+
+ Reviewed by Geoff Garen.
+
+ Improve reentrancy logic in polymorphic cache stubs
+ <https://bugs.webkit.org/show_bug.cgi?id=41482>
+ <rdar://problem/8094380>
+
+ Make the polymorphic cache stubs handle reentrancy
+ better.
+
+ * jit/JITStubs.cpp:
+ (JSC::DEFINE_STUB_FUNCTION):
+ (JSC::getPolymorphicAccessStructureListSlot):
+
+2009-10-30 Tor Arne Vestbø <tor.arne.vestbo at nokia.com>
+
+ Reviewed by Kenneth Rohde Christiansen.
+
+ [Qt] Use the default timeout interval for JS as the HTML tokenizer delay for setHtml()
+
+ This ensures that long-running JavaScript (for example due to a modal alert() dialog),
+ will not trigger a deferred load after only 500ms (the default tokenizer delay) while
+ still giving a reasonable timeout (10 seconds) to prevent deadlock.
+
+ https://bugs.webkit.org/show_bug.cgi?id=29381
+
+ * runtime/TimeoutChecker.h: Add getter for the timeout interval
+
2010-05-18 Anders Carlsson <andersca at apple.com>
Reviewed by Sam Weinig.
--- JavaScriptCore/interpreter/Interpreter.cpp
+++ JavaScriptCore/interpreter/Interpreter.cpp
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2008, 2009 Apple Inc. All rights reserved.
+ * Copyright (C) 2008, 2009, 2010 Apple Inc. All rights reserved.
* Copyright (C) 2008 Cameron Zwarich <cwzwarich at uwaterloo.ca>
*
* Redistribution and use in source and binary forms, with or without
@@ -3454,9 +3454,10 @@
int argsOffset = vPC[2].u.operand;
JSValue arguments = callFrame->r(argsOffset).jsValue();
- int32_t argCount = 0;
+ uint32_t argCount = 0;
if (!arguments) {
argCount = (uint32_t)(callFrame->argumentCount()) - 1;
+ argCount = min<uint32_t>(argCount, Arguments::MaxArguments);
int32_t sizeDelta = argsOffset + argCount + RegisterFile::CallFrameHeaderSize;
Register* newEnd = callFrame->registers() + sizeDelta;
if (!registerFile->grow(newEnd) || ((newEnd - callFrame->registers()) != sizeDelta)) {
@@ -3464,9 +3465,9 @@
goto vm_throw;
}
ASSERT(!callFrame->callee()->isHostFunction());
- int32_t expectedParams = callFrame->callee()->jsExecutable()->parameterCount();
- int32_t inplaceArgs = min(argCount, expectedParams);
- int32_t i = 0;
+ uint32_t expectedParams = callFrame->callee()->jsExecutable()->parameterCount();
+ uint32_t inplaceArgs = min(argCount, expectedParams);
+ uint32_t i = 0;
Register* argStore = callFrame->registers() + argsOffset;
// First step is to copy the "expected" parameters from their normal location relative to the callframe
@@ -3483,6 +3484,7 @@
if (asObject(arguments)->classInfo() == &Arguments::info) {
Arguments* args = asArguments(arguments);
argCount = args->numProvidedArguments(callFrame);
+ argCount = min<uint32_t>(argCount, Arguments::MaxArguments);
int32_t sizeDelta = argsOffset + argCount + RegisterFile::CallFrameHeaderSize;
Register* newEnd = callFrame->registers() + sizeDelta;
if (!registerFile->grow(newEnd) || ((newEnd - callFrame->registers()) != sizeDelta)) {
@@ -3493,6 +3495,7 @@
} else if (isJSArray(&callFrame->globalData(), arguments)) {
JSArray* array = asArray(arguments);
argCount = array->length();
+ argCount = min<uint32_t>(argCount, Arguments::MaxArguments);
int32_t sizeDelta = argsOffset + argCount + RegisterFile::CallFrameHeaderSize;
Register* newEnd = callFrame->registers() + sizeDelta;
if (!registerFile->grow(newEnd) || ((newEnd - callFrame->registers()) != sizeDelta)) {
@@ -3503,6 +3506,7 @@
} else if (asObject(arguments)->inherits(&JSArray::info)) {
JSObject* argObject = asObject(arguments);
argCount = argObject->get(callFrame, callFrame->propertyNames().length).toUInt32(callFrame);
+ argCount = min<uint32_t>(argCount, Arguments::MaxArguments);
int32_t sizeDelta = argsOffset + argCount + RegisterFile::CallFrameHeaderSize;
Register* newEnd = callFrame->registers() + sizeDelta;
if (!registerFile->grow(newEnd) || ((newEnd - callFrame->registers()) != sizeDelta)) {
@@ -3510,7 +3514,7 @@
goto vm_throw;
}
Register* argsBuffer = callFrame->registers() + argsOffset;
- for (int32_t i = 0; i < argCount; ++i) {
+ for (uint32_t i = 0; i < argCount; ++i) {
argsBuffer[i] = asObject(arguments)->get(callFrame, i);
CHECK_FOR_EXCEPTION();
}
--- JavaScriptCore/jit/JITStubs.cpp
+++ JavaScriptCore/jit/JITStubs.cpp
@@ -1330,17 +1330,18 @@
if (stubInfo->accessType == access_get_by_id_self) {
ASSERT(!stubInfo->stubRoutine);
polymorphicStructureList = new PolymorphicAccessStructureList(CodeLocationLabel(), stubInfo->u.getByIdSelf.baseObjectStructure);
- stubInfo->initGetByIdSelfList(polymorphicStructureList, 2);
+ stubInfo->initGetByIdSelfList(polymorphicStructureList, 1);
} else {
polymorphicStructureList = stubInfo->u.getByIdSelfList.structureList;
listIndex = stubInfo->u.getByIdSelfList.listSize;
- stubInfo->u.getByIdSelfList.listSize++;
}
+ if (listIndex < POLYMORPHIC_LIST_CACHE_SIZE) {
+ stubInfo->u.getByIdSelfList.listSize++;
+ JIT::compileGetByIdSelfList(callFrame->scopeChain()->globalData, codeBlock, stubInfo, polymorphicStructureList, listIndex, asCell(baseValue)->structure(), ident, slot, slot.cachedOffset());
- JIT::compileGetByIdSelfList(callFrame->scopeChain()->globalData, codeBlock, stubInfo, polymorphicStructureList, listIndex, asCell(baseValue)->structure(), ident, slot, slot.cachedOffset());
-
- if (listIndex == (POLYMORPHIC_LIST_CACHE_SIZE - 1))
- ctiPatchCallByReturnAddress(codeBlock, STUB_RETURN_ADDRESS, FunctionPtr(cti_op_get_by_id_generic));
+ if (listIndex == (POLYMORPHIC_LIST_CACHE_SIZE - 1))
+ ctiPatchCallByReturnAddress(codeBlock, STUB_RETURN_ADDRESS, FunctionPtr(cti_op_get_by_id_generic));
+ }
} else
ctiPatchCallByReturnAddress(callFrame->codeBlock(), STUB_RETURN_ADDRESS, FunctionPtr(cti_op_get_by_id_generic));
return JSValue::encode(result);
@@ -1365,13 +1366,14 @@
case access_get_by_id_proto_list:
prototypeStructureList = stubInfo->u.getByIdProtoList.structureList;
listIndex = stubInfo->u.getByIdProtoList.listSize;
- stubInfo->u.getByIdProtoList.listSize++;
+ if (listIndex < POLYMORPHIC_LIST_CACHE_SIZE)
+ stubInfo->u.getByIdProtoList.listSize++;
break;
default:
ASSERT_NOT_REACHED();
}
- ASSERT(listIndex < POLYMORPHIC_LIST_CACHE_SIZE);
+ ASSERT(listIndex <= POLYMORPHIC_LIST_CACHE_SIZE);
return prototypeStructureList;
}
@@ -1446,21 +1448,24 @@
int listIndex;
PolymorphicAccessStructureList* prototypeStructureList = getPolymorphicAccessStructureListSlot(stubInfo, listIndex);
+ if (listIndex < POLYMORPHIC_LIST_CACHE_SIZE) {
+ JIT::compileGetByIdProtoList(callFrame->scopeChain()->globalData, callFrame, codeBlock, stubInfo, prototypeStructureList, listIndex, structure, slotBaseObject->structure(), propertyName, slot, offset);
- JIT::compileGetByIdProtoList(callFrame->scopeChain()->globalData, callFrame, codeBlock, stubInfo, prototypeStructureList, listIndex, structure, slotBaseObject->structure(), propertyName, slot, offset);
-
- if (listIndex == (POLYMORPHIC_LIST_CACHE_SIZE - 1))
- ctiPatchCallByReturnAddress(codeBlock, STUB_RETURN_ADDRESS, FunctionPtr(cti_op_get_by_id_proto_list_full));
+ if (listIndex == (POLYMORPHIC_LIST_CACHE_SIZE - 1))
+ ctiPatchCallByReturnAddress(codeBlock, STUB_RETURN_ADDRESS, FunctionPtr(cti_op_get_by_id_proto_list_full));
+ }
} else if (size_t count = normalizePrototypeChain(callFrame, baseValue, slot.slotBase(), propertyName, offset)) {
ASSERT(!asCell(baseValue)->structure()->isDictionary());
int listIndex;
PolymorphicAccessStructureList* prototypeStructureList = getPolymorphicAccessStructureListSlot(stubInfo, listIndex);
+
+ if (listIndex < POLYMORPHIC_LIST_CACHE_SIZE) {
+ StructureChain* protoChain = structure->prototypeChain(callFrame);
+ JIT::compileGetByIdChainList(callFrame->scopeChain()->globalData, callFrame, codeBlock, stubInfo, prototypeStructureList, listIndex, structure, protoChain, count, propertyName, slot, offset);
- StructureChain* protoChain = structure->prototypeChain(callFrame);
- JIT::compileGetByIdChainList(callFrame->scopeChain()->globalData, callFrame, codeBlock, stubInfo, prototypeStructureList, listIndex, structure, protoChain, count, propertyName, slot, offset);
-
- if (listIndex == (POLYMORPHIC_LIST_CACHE_SIZE - 1))
- ctiPatchCallByReturnAddress(codeBlock, STUB_RETURN_ADDRESS, FunctionPtr(cti_op_get_by_id_proto_list_full));
+ if (listIndex == (POLYMORPHIC_LIST_CACHE_SIZE - 1))
+ ctiPatchCallByReturnAddress(codeBlock, STUB_RETURN_ADDRESS, FunctionPtr(cti_op_get_by_id_proto_list_full));
+ }
} else
ctiPatchCallByReturnAddress(codeBlock, STUB_RETURN_ADDRESS, FunctionPtr(cti_op_get_by_id_proto_fail));
@@ -2129,6 +2134,7 @@
if (!arguments) {
int providedParams = callFrame->registers()[RegisterFile::ArgumentCount].i() - 1;
argCount = providedParams;
+ argCount = min(argCount, static_cast<uint32_t>(Arguments::MaxArguments));
int32_t sizeDelta = argsOffset + argCount + RegisterFile::CallFrameHeaderSize;
Register* newEnd = callFrame->registers() + sizeDelta;
if (!registerFile->grow(newEnd) || ((newEnd - callFrame->registers()) != sizeDelta)) {
@@ -2164,6 +2170,7 @@
if (asObject(arguments)->classInfo() == &Arguments::info) {
Arguments* argsObject = asArguments(arguments);
argCount = argsObject->numProvidedArguments(callFrame);
+ argCount = min(argCount, static_cast<uint32_t>(Arguments::MaxArguments));
int32_t sizeDelta = argsOffset + argCount + RegisterFile::CallFrameHeaderSize;
Register* newEnd = callFrame->registers() + sizeDelta;
if (!registerFile->grow(newEnd) || ((newEnd - callFrame->registers()) != sizeDelta)) {
@@ -2174,6 +2181,7 @@
} else if (isJSArray(&callFrame->globalData(), arguments)) {
JSArray* array = asArray(arguments);
argCount = array->length();
+ argCount = min(argCount, static_cast<uint32_t>(Arguments::MaxArguments));
int32_t sizeDelta = argsOffset + argCount + RegisterFile::CallFrameHeaderSize;
Register* newEnd = callFrame->registers() + sizeDelta;
if (!registerFile->grow(newEnd) || ((newEnd - callFrame->registers()) != sizeDelta)) {
@@ -2184,6 +2192,7 @@
} else if (asObject(arguments)->inherits(&JSArray::info)) {
JSObject* argObject = asObject(arguments);
argCount = argObject->get(callFrame, callFrame->propertyNames().length).toUInt32(callFrame);
+ argCount = min(argCount, static_cast<uint32_t>(Arguments::MaxArguments));
int32_t sizeDelta = argsOffset + argCount + RegisterFile::CallFrameHeaderSize;
Register* newEnd = callFrame->registers() + sizeDelta;
if (!registerFile->grow(newEnd) || ((newEnd - callFrame->registers()) != sizeDelta)) {
--- JavaScriptCore/runtime/Arguments.h
+++ JavaScriptCore/runtime/Arguments.h
@@ -55,6 +55,10 @@
class Arguments : public JSObject {
public:
+ // Use an enum because otherwise gcc insists on doing a memory
+ // read.
+ enum { MaxArguments = 0x10000 };
+
enum NoParametersType { NoParameters };
Arguments(CallFrame*);
--- JavaScriptCore/runtime/JSArray.cpp
+++ JavaScriptCore/runtime/JSArray.cpp
@@ -948,10 +948,10 @@
void JSArray::copyToRegisters(ExecState* exec, Register* buffer, uint32_t maxSize)
{
- ASSERT(m_storage->m_length == maxSize);
+ ASSERT(m_storage->m_length >= maxSize);
UNUSED_PARAM(maxSize);
JSValue* vector = m_storage->m_vector;
- unsigned vectorEnd = min(m_storage->m_length, m_vectorLength);
+ unsigned vectorEnd = min(maxSize, m_vectorLength);
unsigned i = 0;
for (; i < vectorEnd; ++i) {
JSValue& v = vector[i];
@@ -960,7 +960,7 @@
buffer[i] = v;
}
- for (; i < m_storage->m_length; ++i)
+ for (; i < maxSize; ++i)
buffer[i] = get(exec, i);
}
--- JavaScriptCore/runtime/TimeoutChecker.h
+++ JavaScriptCore/runtime/TimeoutChecker.h
@@ -40,6 +40,7 @@
TimeoutChecker();
void setTimeoutInterval(unsigned timeoutInterval) { m_timeoutInterval = timeoutInterval; }
+ unsigned timeoutInterval() const { return m_timeoutInterval; }
unsigned ticksUntilNextCheck() { return m_ticksUntilNextCheck; }
--- JavaScriptCore/yarr/RegexInterpreter.cpp
+++ JavaScriptCore/yarr/RegexInterpreter.cpp
@@ -1554,7 +1554,7 @@
}
case PatternTerm::TypeParentheticalAssertion: {
- unsigned alternativeFrameLocation = term.inputPosition + RegexStackSpaceForBackTrackInfoParentheticalAssertion;
+ unsigned alternativeFrameLocation = term.frameLocation + RegexStackSpaceForBackTrackInfoParentheticalAssertion;
atomParentheticalAssertionBegin(term.parentheses.subpatternId, term.invertOrCapture, term.frameLocation, alternativeFrameLocation);
emitDisjunction(term.parentheses.disjunction, currentCountAlreadyChecked, 0);
--- WebCore/ChangeLog
+++ WebCore/ChangeLog
@@ -1,3 +1,296 @@
+2010-08-10 Tor Arne Vestbø <tor.arne.vestbo at nokia.com>
+
+ Reviewed by Simon Hausmann.
+
+ Make sure NPAPI plugins get an initial setNPWindow on Mac
+
+ https://bugs.webkit.org/show_bug.cgi?id=43782
+
+ * plugins/mac/PluginViewMac.mm:
+
+2010-06-14 Andreas Kling <andreas.kling at nokia.com>
+
+ Reviewed by Tor Arne Vestbø.
+
+ [Qt] Stack overflow when converting navigator object to QVariant
+ https://bugs.webkit.org/show_bug.cgi?id=40572
+
+ Protect against infinite recursion in JSValue->QVariant conversion.
+ This fixes a crash when trying to convert MimeType objects (they
+ recurse infinitely and on-the-fly via the enabledPlugin property.)
+
+ * bridge/qt/qt_runtime.cpp:
+ (JSC::Bindings::convertValueToQVariant):
+
+2010-03-30 Kent Tamura <tkent at chromium.org>
+
+ Reviewed by Brady Eidson.
+
+ REGRESSION (r56439) - Crash when a renderer for a file upload control
+ with a selected file is recreated
+ https://bugs.webkit.org/show_bug.cgi?id=36723
+
+ RenderFileUploadControl::chooseIconForFiles was called before
+ m_fileChooser was initialized.
+
+ * platform/FileChooser.cpp:
+ (WebCore::FileChooser::FileChooser): Introduce m_isInitializing flag to
+ avoid FileChooserClient::repaint() call.
+ (WebCore::FileChooser::loadIcon):
+ (WebCore::FileChooser::iconLoaded):
+ * platform/FileChooser.h: Add a FielChooser parameter to
+ FileChooserClient::chooseIconForFiles().
+ * rendering/RenderFileUploadControl.cpp:
+ (WebCore::RenderFileUploadControl::chooseIconForFiles):
+ (WebCore::RenderFileUploadControl::paintObject): Add an assertion.
+ * rendering/RenderFileUploadControl.h:
+
+2010-07-06 Nikolas Zimmermann <nzimmermann at rim.com>
+
+ Reviewed by Dirk Schulze.
+
+ <use> on <font-face> causes crashes, if SVGUseElement gets detached
+ https://bugs.webkit.org/show_bug.cgi?id=41621
+
+ Do not call removeFromMappedElementSheet() from the SVGFontFaceElement destructor,
+ as that can potentially cause the element to be reattached while destructing.
+
+ In order to fix the crash in the testcase, the order of calling the base-class detach
+ method in SVGUseElement and the instance/shadow tree destruction has to be reversed,
+ matching the order in removedFromDocument().
+
+ Test: svg/custom/use-font-face-crash.svg
+
+ * svg/SVGFontFaceElement.cpp:
+ (WebCore::SVGFontFaceElement::~SVGFontFaceElement): Remove removeFromMappedElementSheet() call.
+ * svg/SVGUseElement.cpp:
+ (WebCore::SVGUseElement::detach): Reverse order of calling base-class detach method and instance/shadow tree destruction.
+
+2010-07-06 Nikolas Zimmermann <nzimmermann at rim.com>
+
+ Reviewed by Darin Adler.
+
+ <use> on <font-face> causes crashes, if SVGUseElement gets detached
+ https://bugs.webkit.org/show_bug.cgi?id=41621
+
+ Do not call removeFromMappedElementSheet() from the destructor, as the call to document()->updateStyleSelector() that can potentially
+ cause the element to be reattached while destructing. It's not needed at all, because removedFromDocument() is called before destruction,
+ which already calls removeFromMappedElementSheet() - at this point it's still safe to update the style selector.
+
+ The crash is reproducable when using <use> on <font-face>.
+
+ Test: svg/custom/use-font-face-crash.svg
+
+ * svg/SVGFontFaceElement.cpp:
+ (WebCore::SVGFontFaceElement::~SVGFontFaceElement):
+
+2010-07-05 Nikolas Zimmermann <nzimmermann at rim.com>
+
+ Reviewed by Darin Adler.
+
+ Memory corruption with SVG <use> element
+ https://bugs.webkit.org/show_bug.cgi?id=40994
+
+ Fix race condition in svgAttributeChanged. Never call svgAttributeChanged() from attributeChanged()
+ when we're synchronizing SVG attributes. It leads to either unnecessary extra work being done or
+ crashes. Especially together with <polyline>/<polygon> which always synchronize the SVGAnimatedPoints
+ datastructure with the points attribute, no matter if there are changes are not. This should be
+ furhter optimized, but this fix is sane and fixes the root of the evil races.
+
+ Test: svg/custom/use-property-synchronization-crash.svg
+
+ * svg/SVGElement.cpp:
+ (WebCore::SVGElement::attributeChanged):
+
+2010-06-11 Abhishek Arya <inferno at chromium.org>
+
+ Reviewed by David Hyatt.
+
+ Don't process floats if parent node is not a RenderBlock.
+ https://bugs.webkit.org/show_bug.cgi?id=40033
+
+ Test: svg/text/clear-floats-crash.svg
+
+ * rendering/RenderBlock.cpp:
+ (WebCore::RenderBlock::clearFloats):
+
+2010-06-23 Nikolas Zimmermann <nzimmermann at rim.com>
+
+ Reviewed by Eric Seidel.
+
+ Reproducible crash in com.apple.WebCore 0x01ed3784 WebCore::RenderLineBoxList::appendLineBox(WebCore::InlineFlowBox*) + 36
+ https://bugs.webkit.org/show_bug.cgi?id=40953
+
+ REGRESSION (r58209-58231): Memory corruption with invalid SVG
+ https://bugs.webkit.org/show_bug.cgi?id=40173
+
+ Fix several crashes, all related to <foreignObject> and/or invalid SVG documents.
+ - Only allow <svg> nodes, as direct children of a <foreignObject>, not any other "partial" SVG content.
+ - Assure to create RenderSVGRoot objects for <svg> nodes in <foreignObject>, treat them as "outermost SVG elements".
+ - Never allow any partial SVG content to appear in any document. Only <svg> elements are allowed.
+
+ Tests: svg/custom/bug45331.svg
+ svg/foreignObject/disallowed-svg-nodes-as-direct-children.svg
+ svg/foreignObject/no-crash-with-svg-content-in-html-document.svg
+ svg/foreignObject/svg-document-as-direct-child.svg
+ svg/foreignObject/svg-document-in-html-document.svg
+ svg/foreignObject/text-tref-02-b.svg
+
+ * dom/Element.cpp: Added childShouldCreateRenderer, with ENABLE(SVG) guards.
+ (WebCore::Element::childShouldCreateRenderer): Only create a renderer for a SVG child, if we're a SVG element, or if the child is a <svg> element.
+ * dom/Element.h: Added childShouldCreateRenderer, with ENABLE(SVG) guards.
+ * svg/SVGForeignObjectElement.cpp:
+ (WebCore::SVGForeignObjectElement::childShouldCreateRenderer): Disallow arbitary SVG content, only <svg> elements are allowed as direct children of a <foreignObject>
+ * svg/SVGSVGElement.cpp:
+ (WebCore::SVGSVGElement::isOutermostSVG): Be sure to create RenderSVGRoot objects for <svg> elements inside <foreignObject>
+
+2010-06-10 Abhishek Arya <inferno at chromium.org>
+
+ Reviewed by Dave Hyatt.
+
+ Do not render CSS Styles :first-letter and :first-line in a SVG text element context.
+ https://bugs.webkit.org/show_bug.cgi?id=40031
+
+ Test: svg/text/text-style-invalid.svg
+
+ * rendering/RenderSVGText.cpp:
+ (WebCore::RenderSVGText::firstLineBlock):
+ (WebCore::RenderSVGText::updateFirstLetter):
+ * rendering/RenderSVGText.h:
+
+2010-07-01 Justin Schuh <jschuh at chromium.org>
+
+ Reviewed by Dan Bernstein.
+
+ Prevent crash on counter destruction
+ https://bugs.webkit.org/show_bug.cgi?id=40032
+
+ Added counter destruction to RenderWidget::destroy()
+
+ Test: fast/css/counters/destroy-counter-crash.html
+
+ * rendering/RenderWidget.cpp:
+ (WebCore::RenderWidget::destroy):
+
+2010-06-29 Dan Bernstein <mitz at apple.com>
+
+ Reviewed by Darin Adler.
+
+ <rdar://problem/7975842> Certain text is repeated after using splitText()
+
+ Tests: fast/text/setData-dirty-lines.html
+ fast/text/splitText-dirty-lines.html
+
+ * dom/CharacterData.cpp:
+ (WebCore::CharacterData::setData): Call RenderText::setTextWithOffset() rather than
+ setText(), because only the former correctly dirties line boxes.
+ * dom/Text.cpp:
+ (WebCore::Text::splitText): Ditto.
+
+2010-06-25 Dan Bernstein <mitz at apple.com>
+
+ Reviewed by Sam Weinig.
+
+ <rdar://problem/8000667> Certain text is repeated before and after a line break
+
+ Test: fast/text/bidi-explicit-embedding-past-end.html
+
+ * platform/text/BidiResolver.h:
+ (WebCore::::createBidiRunsForLine): Committing explicit embedding past the end of the range
+ creates BidiRuns up to the end of the range, so at that point, we can stop iterating.
+
+2010-06-10 Tony Chang <tony at chromium.org>
+
+ Reviewed by Kent Tamura.
+
+ crash when focus is changed while trying to focus next element
+ https://bugs.webkit.org/show_bug.cgi?id=40407
+
+ Test: fast/events/focus-change-crash.html
+
+ * dom/Element.cpp:
+ (WebCore::Element::focus):
+
+2010-07-01 Andreas Kling <andreas.kling at nokia.com>
+
+ Reviewed by Tor Arne Vestbø.
+
+ [Qt] Clamp color stops passed to QGradient to 1.0
+ [https://bugs.webkit.org/show_bug.cgi?id=41484
+
+ Fixes an issue where color stops would be silently dropped from radial gradients.
+
+ * platform/graphics/qt/GradientQt.cpp:
+ (WebCore::Gradient::platformGradient):
+
+2010-07-07 Tor Arne Vestbø <tor.arne.vestbo at nokia.com>
+
+ Reviewed by Darin Adler.
+
+ Prevent assertion/duplicate loads for non-deferred subtitute-data loads
+
+ https://bugs.webkit.org/show_bug.cgi?id=30879
+
+ MainResourceLoader uses the member m_initialRequest to store requests for future
+ deferred loads. When doing the actual load in handleDataLoadNow(), we therefore
+ have to clear this request so that subsequent entries into the loader will not
+ start yet another load.
+
+ This can happen as a result of a PageGroupLoadDeferrer going out of scope when
+ returning from Chrome::runJavaScriptAlert(), which calls setDeferredLoading(false),
+ but only in the case of using both substitute-data and non-deferred main resource
+ load together. That's why two new DRT functions were added:
+
+ * queueLoadHTMLString()
+ * setDeferMainResourceLoad()
+
+ The change adds DRT hooks for Mac, Win and Qt for these two functions. For Mac
+ and Win the hook uses new SPI in WebDataSource. For Qt a new static member was
+ added to the FrameLoaderClientQt and accessed though DumpRenderTreeSupportQt.
+
+ Test: fast/loader/non-deferred-substitute-load.html
+
+ * loader/MainResourceLoader.cpp:
+ (WebCore::MainResourceLoader::handleDataLoadNow):
+
+2010-07-16 Antonio Gomes <tonikitoo at webkit.org>
+
+ Reviewed by Simon Fraser.
+
+ Spatial navigation: do not consider outline for focusable element boundaries
+ https://bugs.webkit.org/show_bug.cgi?id=42474
+
+ Test: fast/events/spatial-navigation/snav-zero-margin-content.html
+
+ Currently in WebCore::renderRectRelativeToRootDocument function, we are calling
+ RenderObject::absoluteClippedOverflowRect to obtain the rect boundary of a given
+ renderer/element. This method deals with outline, which is out of elements boundary.
+ It makes spatial navigation to fail on common sites like google.gom: "Web, Images, Map, etc"
+ are inaccessible.
+
+ Patch replaces RenderObject::absoluteClippedOverflowRect by Node::getRect,
+ which returns only the absolute bounding box rect of the Element.
+
+ * page/SpatialNavigation.cpp:
+ (WebCore::renderRectRelativeToRootDocument):
+ (WebCore::checkNegativeCoordsForNode):
+
+2010-07-21 Kristian Amlie <kristian.amlie at nokia.com>
+
+ Reviewed by Kenneth Rohde Christiansen.
+
+ Added automatic sqlite extraction for Symbian to QtWebKit.
+
+ Also added sqlite detection in case sqlite is not present in the SDK.
+ This is possible if WebKit is compiled standalone.
+
+ The inclusion part is a consequence of commit c578c6c1d6d in the Qt
+ repository. It will not work on Qt versions < 4.7.1, but that is ok,
+ since the only build system it will affect is marked as experimental
+ in the whole 4.7 series.
+
+ * WebCore.pro:
+
2010-05-14 Abhishek Arya <inferno at chromium.org>
Reviewed by David Hyatt.
--- WebCore/WebCore.pro
+++ WebCore/WebCore.pro
@@ -117,8 +117,16 @@
QMAKE_LIBDIR_POST += $$split(TMPPATH,";")
}
-# Assume that symbian OS always comes with sqlite
-symbian:!CONFIG(QTDIR_build): CONFIG += system-sqlite
+symbian {
+ !CONFIG(QTDIR_build) {
+ # Test if symbian OS comes with sqlite
+ exists($${EPOCROOT}epoc32/release/armv5/lib/sqlite3.dso):CONFIG *= system-sqlite
+ } else:!symbian-abld:!symbian-sbsv2 {
+ # When bundled with Qt, all Symbian build systems extract their own sqlite files if
+ # necessary, but on non-mmp based ones we need to specify this ourselves.
+ include($$QT_SOURCE_TREE/src/plugins/sqldrivers/sqlite_symbian/sqlite_symbian.pri)
+ }
+}
--- WebCore/bridge/qt/qt_runtime.cpp
+++ WebCore/bridge/qt/qt_runtime.cpp
@@ -162,9 +162,11 @@
return String; // I don't know.
}
-QVariant convertValueToQVariant(ExecState* exec, JSValue value, QMetaType::Type hint, int *distance, HashSet<JSObject*>* visitedObjects)
+QVariant convertValueToQVariant(ExecState* exec, JSValue value, QMetaType::Type hint, int *distance, HashSet<JSObject*>* visitedObjects, int recursionLimit)
{
- if (!value)
+ --recursionLimit;
+
+ if (!value || !recursionLimit)
return QVariant();
JSObject* object = 0;
@@ -344,7 +346,7 @@
while(it != properties.end()) {
if (object->propertyIsEnumerable(exec, *it)) {
JSValue val = object->get(exec, *it);
- QVariant v = convertValueToQVariant(exec, val, QMetaType::Void, &objdist, visitedObjects);
+ QVariant v = convertValueToQVariant(exec, val, QMetaType::Void, &objdist, visitedObjects, recursionLimit);
if (objdist >= 0) {
UString ustring = (*it).ustring();
QString id = QString((const QChar*)ustring.rep()->characters(), ustring.size());
@@ -368,7 +370,7 @@
qConvDebug() << "converting a " << len << " length Array";
for (int i = 0; i < len; ++i) {
JSValue val = rtarray->getConcreteArray()->valueAt(exec, i);
- result.append(convertValueToQVariant(exec, val, QMetaType::Void, &objdist, visitedObjects));
+ result.append(convertValueToQVariant(exec, val, QMetaType::Void, &objdist, visitedObjects, recursionLimit));
if (objdist == -1) {
qConvDebug() << "Failed converting element at index " << i;
break; // Failed converting a list entry, so fail the array
@@ -387,7 +389,7 @@
qConvDebug() << "converting a " << len << " length Array";
for (int i = 0; i < len; ++i) {
JSValue val = array->get(exec, i);
- result.append(convertValueToQVariant(exec, val, QMetaType::Void, &objdist, visitedObjects));
+ result.append(convertValueToQVariant(exec, val, QMetaType::Void, &objdist, visitedObjects, recursionLimit));
if (objdist == -1) {
qConvDebug() << "Failed converting element at index " << i;
break; // Failed converting a list entry, so fail the array
@@ -401,7 +403,7 @@
// Make a single length array
int objdist;
qConvDebug() << "making a single length variantlist";
- QVariant var = convertValueToQVariant(exec, value, QMetaType::Void, &objdist, visitedObjects);
+ QVariant var = convertValueToQVariant(exec, value, QMetaType::Void, &objdist, visitedObjects, recursionLimit);
if (objdist != -1) {
QVariantList result;
result << var;
@@ -645,7 +647,7 @@
for (int i = 0; i < len; ++i) {
JSValue val = rtarray->getConcreteArray()->valueAt(exec, i);
int itemdist = -1;
- QVariant item = convertValueToQVariant(exec, val, QMetaType::QObjectStar, &itemdist, visitedObjects);
+ QVariant item = convertValueToQVariant(exec, val, QMetaType::QObjectStar, &itemdist, visitedObjects, recursionLimit);
if (itemdist >= 0)
result.append(item.value<QObject*>());
else
@@ -664,7 +666,7 @@
for (int i = 0; i < len; ++i) {
JSValue val = array->get(exec, i);
int itemdist = -1;
- QVariant item = convertValueToQVariant(exec, val, QMetaType::QObjectStar, &itemdist, visitedObjects);
+ QVariant item = convertValueToQVariant(exec, val, QMetaType::QObjectStar, &itemdist, visitedObjects, recursionLimit);
if (itemdist >= 0)
result.append(item.value<QObject*>());
else
@@ -679,7 +681,7 @@
// Make a single length array
QObjectList result;
int itemdist = -1;
- QVariant item = convertValueToQVariant(exec, value, QMetaType::QObjectStar, &itemdist, visitedObjects);
+ QVariant item = convertValueToQVariant(exec, value, QMetaType::QObjectStar, &itemdist, visitedObjects, recursionLimit);
if (itemdist >= 0) {
result.append(item.value<QObject*>());
dist = 10;
@@ -696,7 +698,7 @@
for (int i = 0; i < len; ++i) {
JSValue val = rtarray->getConcreteArray()->valueAt(exec, i);
int itemdist = -1;
- QVariant item = convertValueToQVariant(exec, val, QMetaType::Int, &itemdist, visitedObjects);
+ QVariant item = convertValueToQVariant(exec, val, QMetaType::Int, &itemdist, visitedObjects, recursionLimit);
if (itemdist >= 0)
result.append(item.value<int>());
else
@@ -715,7 +717,7 @@
for (int i = 0; i < len; ++i) {
JSValue val = array->get(exec, i);
int itemdist = -1;
- QVariant item = convertValueToQVariant(exec, val, QMetaType::Int, &itemdist, visitedObjects);
+ QVariant item = convertValueToQVariant(exec, val, QMetaType::Int, &itemdist, visitedObjects, recursionLimit);
if (itemdist >= 0)
result.append(item.value<int>());
else
@@ -730,7 +732,7 @@
// Make a single length array
QList<int> result;
int itemdist = -1;
- QVariant item = convertValueToQVariant(exec, value, QMetaType::Int, &itemdist, visitedObjects);
+ QVariant item = convertValueToQVariant(exec, value, QMetaType::Int, &itemdist, visitedObjects, recursionLimit);
if (itemdist >= 0) {
result.append(item.value<int>());
dist = 10;
@@ -757,7 +759,7 @@
}
// And then recurse with the autodetect flag
- ret = convertValueToQVariant(exec, value, QMetaType::Void, distance, visitedObjects);
+ ret = convertValueToQVariant(exec, value, QMetaType::Void, distance, visitedObjects, recursionLimit);
dist = 10;
}
break;
@@ -777,8 +779,9 @@
QVariant convertValueToQVariant(ExecState* exec, JSValue value, QMetaType::Type hint, int *distance)
{
+ const int recursionLimit = 200;
HashSet<JSObject*> visitedObjects;
- return convertValueToQVariant(exec, value, hint, distance, &visitedObjects);
+ return convertValueToQVariant(exec, value, hint, distance, &visitedObjects, recursionLimit);
}
JSValue convertQVariantToValue(ExecState* exec, PassRefPtr<RootObject> root, const QVariant& variant)
--- WebCore/dom/CharacterData.cpp
+++ WebCore/dom/CharacterData.cpp
@@ -46,15 +46,15 @@
int oldLength = length();
RefPtr<StringImpl> oldStr = m_data;
m_data = dataImpl;
-
+
if ((!renderer() || !rendererIsNeeded(renderer()->style())) && attached()) {
detach();
attach();
} else if (renderer())
- toRenderText(renderer())->setText(m_data);
-
+ toRenderText(renderer())->setTextWithOffset(m_data, 0, oldLength);
+
dispatchModifiedEvent(oldStr.get());
-
+
document()->textRemoved(this, 0, oldLength);
}
--- WebCore/dom/Element.cpp
+++ WebCore/dom/Element.cpp
@@ -1311,8 +1311,12 @@
return;
}
- if (Page* page = doc->page())
+ RefPtr<Node> protect;
+ if (Page* page = doc->page()) {
+ // Focus and change event handlers can cause us to lose our last ref.
+ protect = this;
page->focusController()->setFocusedNode(this, doc->frame());
+ }
// Setting the focused node above might have invalidated the layout due to scripts.
doc->updateLayoutIgnorePendingStylesheets();
@@ -1535,4 +1539,15 @@
return rareData()->m_idAttributeName;
}
+#if ENABLE(SVG)
+bool Element::childShouldCreateRenderer(Node* child) const
+{
+ // Only create renderers for SVG elements whose parents are SVG elements, or for proper <svg xmlns="svgNS"> subdocuments.
+ if (child->isSVGElement())
+ return child->hasTagName(SVGNames::svgTag) || isSVGElement();
+
+ return Node::childShouldCreateRenderer(child);
+}
+#endif
+
} // namespace WebCore
--- WebCore/dom/Element.h
+++ WebCore/dom/Element.h
@@ -270,6 +270,10 @@
virtual void dispatchFormControlChangeEvent() { }
+#if ENABLE(SVG)
+ virtual bool childShouldCreateRenderer(Node*) const;
+#endif
+
protected:
Element(const QualifiedName&, Document*, ConstructionType);
--- WebCore/dom/Text.cpp
+++ WebCore/dom/Text.cpp
@@ -77,7 +77,7 @@
document()->textNodeSplit(this);
if (renderer())
- toRenderText(renderer())->setText(dataImpl());
+ toRenderText(renderer())->setTextWithOffset(dataImpl(), 0, oldStr->length());
return newText.release();
}
--- WebCore/loader/MainResourceLoader.cpp
+++ WebCore/loader/MainResourceLoader.cpp
@@ -464,6 +464,10 @@
KURL url = m_substituteData.responseURL();
if (url.isEmpty())
url = m_initialRequest.url();
+
+ // Clear the initial request here so that subsequent entries into the
+ // loader will not think there's still a deferred load left to do.
+ m_initialRequest = ResourceRequest();
ResourceResponse response(url, m_substituteData.mimeType(), m_substituteData.content()->size(), m_substituteData.textEncoding(), "");
didReceiveResponse(response);
--- WebCore/page/SpatialNavigation.cpp
+++ WebCore/page/SpatialNavigation.cpp
@@ -102,14 +102,9 @@
// FIXME: This function does not behave correctly with transformed frames.
static IntRect renderRectRelativeToRootDocument(RenderObject* render)
{
- ASSERT(render);
+ ASSERT(render && render->node());
- IntRect rect(render->absoluteClippedOverflowRect());
-
- if (rect.isEmpty()) {
- Element* e = static_cast<Element*>(render->node());
- rect = e->getRect();
- }
+ IntRect rect = render->node()->getRect();
// In cases when the |render|'s associated node is in a scrollable inner
// document, we only consider its scrollOffset if it is not offscreen.
@@ -516,7 +511,7 @@
{
ASSERT(node || node->renderer());
- if (curRect.x() > 0 && curRect.y() > 0)
+ if (curRect.x() >= 0 && curRect.y() >= 0)
return true;
bool canBeScrolled = false;
--- WebCore/platform/FileChooser.cpp
+++ WebCore/platform/FileChooser.cpp
@@ -39,9 +39,11 @@
inline FileChooser::FileChooser(FileChooserClient* client, const Vector<String>& initialFilenames)
: m_client(client)
+ , m_isInitializing(true)
{
m_filenames = initialFilenames;
loadIcon();
+ m_isInitializing = false;
}
PassRefPtr<FileChooser> FileChooser::create(FileChooserClient* client, const Vector<String>& initialFilenames)
@@ -79,13 +81,13 @@
void FileChooser::loadIcon()
{
if (m_filenames.size() && m_client)
- m_client->chooseIconForFiles(m_filenames);
+ m_client->chooseIconForFiles(this, m_filenames);
}
void FileChooser::iconLoaded(PassRefPtr<Icon> icon)
{
m_icon = icon;
- if (m_icon && m_client)
+ if (!m_isInitializing && m_icon && m_client)
m_client->repaint();
}
--- WebCore/platform/FileChooser.h
+++ WebCore/platform/FileChooser.h
@@ -35,6 +35,7 @@
namespace WebCore {
+class FileChooser;
class Font;
class Icon;
@@ -44,7 +45,7 @@
virtual void repaint() = 0;
virtual bool allowsMultipleFiles() = 0;
virtual String acceptTypes() = 0;
- virtual void chooseIconForFiles(const Vector<String>&) = 0;
+ virtual void chooseIconForFiles(FileChooser*, const Vector<String>&) = 0;
virtual ~FileChooserClient();
};
@@ -79,6 +80,7 @@
FileChooserClient* m_client;
Vector<String> m_filenames;
RefPtr<Icon> m_icon;
+ bool m_isInitializing;
};
} // namespace WebCore
--- WebCore/platform/graphics/qt/GradientQt.cpp
+++ WebCore/platform/graphics/qt/GradientQt.cpp
@@ -65,7 +65,7 @@
lastStop = stopIterator->stop;
if (m_radial && m_r0)
lastStop = m_r0 / m_r1 + lastStop * (1.0f - m_r0 / m_r1);
- m_gradient->setColorAt(lastStop, stopColor);
+ m_gradient->setColorAt(qMin(lastStop, qreal(1.0f)), stopColor);
// Keep the lastStop as orginal value, since the following stopColor depend it
lastStop = stopIterator->stop;
++stopIterator;
--- WebCore/platform/text/BidiResolver.h
+++ WebCore/platform/text/BidiResolver.h
@@ -806,35 +806,33 @@
break;
}
- if (pastEnd) {
- if (eor == current) {
- if (!reachedEndOfLine) {
- eor = endOfLine;
- switch (m_status.eor) {
- case LeftToRight:
- case RightToLeft:
- case ArabicNumber:
- m_direction = m_status.eor;
- break;
- case EuropeanNumber:
- m_direction = m_status.lastStrong == LeftToRight ? LeftToRight : EuropeanNumber;
- break;
- default:
- ASSERT(false);
- }
- appendRun();
+ if (pastEnd && eor == current) {
+ if (!reachedEndOfLine) {
+ eor = endOfLine;
+ switch (m_status.eor) {
+ case LeftToRight:
+ case RightToLeft:
+ case ArabicNumber:
+ m_direction = m_status.eor;
+ break;
+ case EuropeanNumber:
+ m_direction = m_status.lastStrong == LeftToRight ? LeftToRight : EuropeanNumber;
+ break;
+ default:
+ ASSERT(false);
}
- current = end;
- m_status = stateAtEnd.m_status;
- sor = stateAtEnd.sor;
- eor = stateAtEnd.eor;
- last = stateAtEnd.last;
- reachedEndOfLine = stateAtEnd.reachedEndOfLine;
- lastBeforeET = stateAtEnd.lastBeforeET;
- emptyRun = stateAtEnd.emptyRun;
- m_direction = OtherNeutral;
- break;
+ appendRun();
}
+ current = end;
+ m_status = stateAtEnd.m_status;
+ sor = stateAtEnd.sor;
+ eor = stateAtEnd.eor;
+ last = stateAtEnd.last;
+ reachedEndOfLine = stateAtEnd.reachedEndOfLine;
+ lastBeforeET = stateAtEnd.lastBeforeET;
+ emptyRun = stateAtEnd.emptyRun;
+ m_direction = OtherNeutral;
+ break;
}
// set m_status.last as needed.
@@ -887,8 +885,21 @@
}
increment();
- if (!m_currentExplicitEmbeddingSequence.isEmpty())
+ if (!m_currentExplicitEmbeddingSequence.isEmpty()) {
commitExplicitEmbedding();
+ if (pastEnd) {
+ current = end;
+ m_status = stateAtEnd.m_status;
+ sor = stateAtEnd.sor;
+ eor = stateAtEnd.eor;
+ last = stateAtEnd.last;
+ reachedEndOfLine = stateAtEnd.reachedEndOfLine;
+ lastBeforeET = stateAtEnd.lastBeforeET;
+ emptyRun = stateAtEnd.emptyRun;
+ m_direction = OtherNeutral;
+ break;
+ }
+ }
if (emptyRun && (dirCurrent == RightToLeftEmbedding
|| dirCurrent == LeftToRightEmbedding
--- WebCore/plugins/mac/PluginViewMac.mm
+++ WebCore/plugins/mac/PluginViewMac.mm
@@ -227,7 +227,10 @@
#endif
}
- show();
+ updatePluginWidget();
+
+ if (!m_plugin->quirks().contains(PluginQuirkDeferFirstSetWindowCall))
+ setNPWindowIfNeeded();
// TODO: Implement null timer throttling depending on plugin activation
m_nullEventTimer.set(new Timer<PluginView>(this, &PluginView::nullEventTimerFired));
--- WebCore/rendering/RenderBlock.cpp
+++ WebCore/rendering/RenderBlock.cpp
@@ -2981,6 +2981,12 @@
m_floatingObjects->clear();
}
+ // We should not process floats if the parent node is not a RenderBlock. Otherwise, we will add
+ // floats in an invalid context. This will cause a crash arising from a bad cast on the parent.
+ // See <rdar://problem/8049753>, where float property is applied on a text node in a SVG.
+ if (!parent() || !parent()->isRenderBlock())
+ return;
+
// Attempt to locate a previous sibling with overhanging floats. We skip any elements that are
// out of flow (like floating/positioned elements), and we also skip over any objects that may have shifted
// to avoid floats.
--- WebCore/rendering/RenderFileUploadControl.cpp
+++ WebCore/rendering/RenderFileUploadControl.cpp
@@ -114,10 +114,10 @@
return static_cast<HTMLInputElement*>(node())->accept();
}
-void RenderFileUploadControl::chooseIconForFiles(const Vector<String>& filenames)
+void RenderFileUploadControl::chooseIconForFiles(FileChooser* chooser, const Vector<String>& filenames)
{
if (Chrome* chromePointer = chrome())
- chromePointer->chooseIconForFiles(filenames, m_fileChooser);
+ chromePointer->chooseIconForFiles(filenames, chooser);
}
void RenderFileUploadControl::click()
@@ -195,6 +195,7 @@
{
if (style()->visibility() != VISIBLE)
return;
+ ASSERT(m_fileChooser);
// Push a clip.
if (paintInfo.phase == PaintPhaseForeground || paintInfo.phase == PaintPhaseChildBlockBackgrounds) {
--- WebCore/rendering/RenderFileUploadControl.h
+++ WebCore/rendering/RenderFileUploadControl.h
@@ -63,7 +63,7 @@
void repaint() { RenderBlock::repaint(); }
bool allowsMultipleFiles();
String acceptTypes();
- void chooseIconForFiles(const Vector<String>&);
+ void chooseIconForFiles(FileChooser*, const Vector<String>&);
Chrome* chrome() const;
int maxFilenameWidth() const;
--- WebCore/rendering/RenderSVGText.cpp
+++ WebCore/rendering/RenderSVGText.cpp
@@ -225,6 +225,19 @@
return repaintRect;
}
+// Fix for <rdar://problem/8048875>. We should not render :first-line CSS Style
+// in a SVG text element context.
+RenderBlock* RenderSVGText::firstLineBlock() const
+{
+ return 0;
+}
+
+// Fix for <rdar://problem/8048875>. We should not render :first-letter CSS Style
+// in a SVG text element context.
+void RenderSVGText::updateFirstLetter()
+{
+}
+
}
#endif // ENABLE(SVG)
--- WebCore/rendering/RenderSVGText.h
+++ WebCore/rendering/RenderSVGText.h
@@ -72,6 +72,9 @@
virtual RootInlineBox* createRootInlineBox();
+ virtual RenderBlock* firstLineBlock() const;
+ virtual void updateFirstLetter();
+
AffineTransform m_localTransform;
};
--- WebCore/rendering/RenderWidget.cpp
+++ WebCore/rendering/RenderWidget.cpp
@@ -27,6 +27,7 @@
#include "AnimationController.h"
#include "GraphicsContext.h"
#include "HitTestResult.h"
+#include "RenderCounter.h"
#include "RenderView.h"
#include "RenderWidgetProtector.h"
@@ -114,6 +115,9 @@
if (RenderView* v = view())
v->removeWidget(this);
+ if (m_hasCounterNodeMap)
+ RenderCounter::destroyCounterNodes(this);
+
if (AXObjectCache::accessibilityEnabled()) {
document()->axObjectCache()->childrenChanged(this->parent());
document()->axObjectCache()->remove(this);
--- WebCore/svg/SVGElement.cpp
+++ WebCore/svg/SVGElement.cpp
@@ -304,6 +304,15 @@
return;
StyledElement::attributeChanged(attr, preserveDecls);
+
+ // When an animated SVG property changes through SVG DOM, svgAttributeChanged() is called, not attributeChanged().
+ // Next time someone tries to access the XML attributes, the synchronization code starts. During that synchronization
+ // SVGAnimatedPropertySynchronizer may call NamedNodeMap::removeAttribute(), which in turn calls attributeChanged().
+ // At this point we're not allowed to call svgAttributeChanged() again - it may lead to extra work being done, or crashes
+ // see bug https://bugs.webkit.org/show_bug.cgi?id=40994.
+ if (m_synchronizingSVGAttributes)
+ return;
+
svgAttributeChanged(attr->name());
}
--- WebCore/svg/SVGFontFaceElement.cpp
+++ WebCore/svg/SVGFontFaceElement.cpp
@@ -59,7 +59,6 @@
SVGFontFaceElement::~SVGFontFaceElement()
{
- removeFromMappedElementSheet();
}
static int cssPropertyIdForSVGAttributeName(const QualifiedName& attrName)
--- WebCore/svg/SVGForeignObjectElement.cpp
+++ WebCore/svg/SVGForeignObjectElement.cpp
@@ -125,6 +125,10 @@
bool SVGForeignObjectElement::childShouldCreateRenderer(Node* child) const
{
+ // Disallow arbitary SVG content. Only allow proper <svg xmlns="svgNS"> subdocuments.
+ if (child->isSVGElement())
+ return child->hasTagName(SVGNames::svgTag);
+
// Skip over SVG rules which disallow non-SVG kids
return StyledElement::childShouldCreateRenderer(child);
}
--- WebCore/svg/SVGSVGElement.cpp
+++ WebCore/svg/SVGSVGElement.cpp
@@ -538,6 +538,10 @@
if (!parentNode())
return true;
+ // We act like an outermost SVG element, if we're a direct child of a <foreignObject> element.
+ if (parentNode()->hasTagName(SVGNames::foreignObjectTag))
+ return true;
+
// This is true whenever this is the outermost SVG, even if there are HTML elements outside it
return !parentNode()->isSVGElement();
}
--- WebCore/svg/SVGUseElement.cpp
+++ WebCore/svg/SVGUseElement.cpp
@@ -572,8 +572,8 @@
void SVGUseElement::detach()
{
- SVGStyledTransformableElement::detach();
m_targetElementInstance = 0;
+ SVGStyledTransformableElement::detach();
}
static bool isDirectReference(Node* n)
--- WebKit/qt/Api/qwebframe.cpp
+++ WebKit/qt/Api/qwebframe.cpp
@@ -959,6 +959,10 @@
The \a html is loaded immediately; external objects are loaded asynchronously.
+ If a script in the \a html runs longer than the default script timeout (currently 10 seconds),
+ for example due to being blocked by a modal JavaScript alert dialog, this method will return
+ as soon as possible after the timeout and any subsequent \a html will be loaded asynchronously.
+
When using this method WebKit assumes that external resources such as JavaScript programs or style
sheets are encoded in UTF-8 unless otherwise specified. For example, the encoding of an external
script can be specified through the charset attribute of the HTML script tag. It is also possible
--- WebKit/qt/Api/qwebpage.cpp
+++ WebKit/qt/Api/qwebpage.cpp
@@ -3616,7 +3616,7 @@
firstPartTemp += QString::fromLatin1("Sun Solaris");
#elif defined Q_OS_ULTRIX
firstPartTemp += QString::fromLatin1("DEC Ultrix");
-#elif defined Q_WS_S60
+#elif defined Q_OS_SYMBIAN
firstPartTemp += QLatin1Char(' ');
QSysInfo::S60Version s60Version = QSysInfo::s60Version();
switch (s60Version) {
--- WebKit/qt/ChangeLog
+++ WebKit/qt/ChangeLog
@@ -1,3 +1,136 @@
+2010-08-05 David Leong <david.leong at nokia.com>
+
+ Reviewed by Simon Hausmann.
+
+ [Qt] Input mode states are not reset after entering a password field
+ https://bugs.webkit.org/show_bug.cgi?id=43530
+
+ Input mode hints are not reset if clicking on password <input> elements then
+ clicking on <textarea> elements
+
+ * WebCoreSupport/EditorClientQt.cpp:
+ (WebCore::EditorClientQt::setInputMethodState):
+ * tests/qwebview/resources/input_types.html:
+ * tests/qwebview/tst_qwebview.cpp:
+ (tst_QWebView::focusInputTypes):
+
+
+2010-07-27 Simon Hausmann <simon.hausmann at nokia.com>
+
+ Reviewed by Tor Arne Vestbø.
+
+ [Qt] Incorrect input method hints
+ https://bugs.webkit.org/show_bug.cgi?id=43037
+
+ Properly set or reset all input method hints when
+ activating input fields.
+
+ * WebCoreSupport/EditorClientQt.cpp:
+ (WebCore::EditorClientQt::setInputMethodState):
+ * tests/qwebview/tst_qwebview.cpp:
+ (tst_QWebView::focusInputTypes): Extended unit test to verify that we
+ reset hints.
+
+2009-10-30 Tor Arne Vestbø <tor.arne.vestbo at nokia.com>
+
+ Reviewed by Kenneth Rohde Christiansen.
+
+ [Qt] Use the default timeout interval for JS as the HTML tokenizer delay for setHtml()
+
+ This ensures that long-running JavaScript (for example due to a modal alert() dialog),
+ will not trigger a deferred load after only 500ms (the default tokenizer delay) while
+ still giving a reasonable timeout (10 seconds) to prevent deadlock.
+
+ https://bugs.webkit.org/show_bug.cgi?id=29381
+
+ * Api/qwebframe.cpp: Document the behaviour
+ * WebCoreSupport/FrameLoaderClientQt.cpp: set the custom tokenizer delay for substitute loads
+ * tests/qwebframe/tst_qwebframe.cpp: Add test
+
+2010-07-07 Tor Arne Vestbø <tor.arne.vestbo at nokia.com>
+
+ Reviewed by Darin Adler.
+
+ Prevent assertion/duplicate loads for non-deferred subtitute-data loads
+
+ https://bugs.webkit.org/show_bug.cgi?id=30879
+
+ MainResourceLoader uses the member m_initialRequest to store requests for future
+ deferred loads. When doing the actual load in handleDataLoadNow(), we therefore
+ have to clear this request so that subsequent entries into the loader will not
+ start yet another load.
+
+ This can happen as a result of a PageGroupLoadDeferrer going out of scope when
+ returning from Chrome::runJavaScriptAlert(), which calls setDeferredLoading(false),
+ but only in the case of using both substitute-data and non-deferred main resource
+ load together. That's why two new DRT functions were added:
+
+ * queueLoadHTMLString()
+ * setDeferMainResourceLoad()
+
+ The change adds DRT hooks for Mac, Win and Qt for these two functions. For Mac
+ and Win the hook uses new SPI in WebDataSource. For Qt a new static member was
+ added to the FrameLoaderClientQt and accessed though DumpRenderTreeSupportQt.
+
+ * WebCoreSupport/DumpRenderTreeSupportQt.cpp:
+ (DumpRenderTreeSupportQt::setDeferMainResourceDataLoad):
+ * WebCoreSupport/DumpRenderTreeSupportQt.h:
+ * WebCoreSupport/FrameLoaderClientQt.cpp:
+ (WebCore::FrameLoaderClientQt::createDocumentLoader):
+ * WebCoreSupport/FrameLoaderClientQt.h:
+
+2010-07-23 David Boddie <dboddie at trolltech.com>
+
+ Reviewed by Simon Hausmann.
+
+ Doc: Fixed incorrect QML property type.
+
+ * declarative/qdeclarativewebview.cpp:
+
+2010-07-23 Simon Hausmann <simon.hausmann at nokia.com>
+
+ [Qt] Build fix for Qt apps
+
+ Add webkit to QT_CONFIG. qconfig.pri will read qt_webkit_version.pri and
+ that's how it will pick up webkit in QT_CONFIG.
+
+ * qt_webkit_version.pri:
+
+2010-07-09 Kent Hansen <kent.hansen at nokia.com>
+
+ Reviewed by Kenneth Rohde Christiansen.
+
+ [Qt] Skip test that never terminates on maemo5
+
+ Due to https://bugs.webkit.org/show_bug.cgi?id=38538
+ the tst_QWebPage::infiniteLoopJS() autotest never terminates.
+ Skip the test so that the test case may run to completion.
+
+ Patch by Dominik Holland <dominik.holland at nokia.com>
+
+ * tests/qwebpage/tst_qwebpage.cpp:
+ (tst_QWebPage::infiniteLoopJS):
+
+2010-07-09 Simon Hausmann <simon.hausmann at nokia.com>
+
+ Unreviewed trivial Symbian build fix.
+
+ [Qt] Fix the Symbian build when compiling without S60
+
+ Use Q_OS_SYMBIAN instead of Q_WS_S60 for the user agent
+ determination.
+
+ * Api/qwebpage.cpp:
+ (QWebPage::userAgentForUrl):
+
+2010-07-09 Kristian Amlie <kristian.amlie at nokia.com>
+
+ Reviewed by Simon Hausmann.
+
+ [Qt] Fixed Qt symbian/linux-armcc mkspec when configured with -qtlibinfix.
+
+ * declarative/declarative.pro: Use QT_LIBINFIX.
+
2010-06-01 Raine Makelainen <raine.makelainen at nokia.com>
Reviewed by Simon Hausmann.
--- WebKit/qt/WebCoreSupport/EditorClientQt.cpp
+++ WebKit/qt/WebCoreSupport/EditorClientQt.cpp
@@ -599,6 +599,13 @@
QWebPageClient* webPageClient = m_page->d->client;
if (webPageClient) {
#if QT_VERSION >= 0x040600
+ // Make sure to reset input method hint
+ webPageClient->setInputMethodHint(Qt::ImhDialableCharactersOnly, false);
+ webPageClient->setInputMethodHint(Qt::ImhDigitsOnly, false);
+ webPageClient->setInputMethodHint(Qt::ImhEmailCharactersOnly, false);
+ webPageClient->setInputMethodHint(Qt::ImhUrlCharactersOnly, false);
+ webPageClient->setInputMethodHint(Qt::ImhHiddenText, false);
+
HTMLInputElement* inputElement = 0;
Frame* frame = m_page->d->page->focusController()->focusedOrMainFrame();
if (frame && frame->document() && frame->document()->focusedNode())
@@ -606,20 +613,18 @@
inputElement = static_cast<HTMLInputElement*>(frame->document()->focusedNode());
if (inputElement) {
- if (!active) {
- // Setting the Qt::WA_InputMethodEnabled attribute true and Qt::ImhHiddenText flag
- // for password fields. The Qt platform is responsible for determining which widget
- // will receive input method events for password fields.
- active = inputElement->isPasswordField();
- webPageClient->setInputMethodHint(Qt::ImhHiddenText, active);
- } else {
- // Set input method hints for "number", "tel", "email", and "url" input elements.
- webPageClient->setInputMethodHint(Qt::ImhDialableCharactersOnly, inputElement->isTelephoneField());
- webPageClient->setInputMethodHint(Qt::ImhDigitsOnly, inputElement->isNumberField());
- webPageClient->setInputMethodHint(Qt::ImhEmailCharactersOnly, inputElement->isEmailField());
- webPageClient->setInputMethodHint(Qt::ImhUrlCharactersOnly, inputElement->isUrlField());
- webPageClient->setInputMethodHint(Qt::ImhHiddenText, inputElement->isPasswordField());
- }
+ // Set input method hints for "number", "tel", "email", "url" and "password" input elements.
+ webPageClient->setInputMethodHint(Qt::ImhDialableCharactersOnly, inputElement->isTelephoneField());
+ webPageClient->setInputMethodHint(Qt::ImhDigitsOnly, inputElement->isNumberField());
+ webPageClient->setInputMethodHint(Qt::ImhEmailCharactersOnly, inputElement->isEmailField());
+ webPageClient->setInputMethodHint(Qt::ImhUrlCharactersOnly, inputElement->isUrlField());
+ // Setting the Qt::WA_InputMethodEnabled attribute true and Qt::ImhHiddenText flag
+ // for password fields. The Qt platform is responsible for determining which widget
+ // will receive input method events for password fields.
+ bool isPasswordField = inputElement->isPasswordField();
+ webPageClient->setInputMethodHint(Qt::ImhHiddenText, isPasswordField);
+ if (isPasswordField)
+ active = true;
}
#if defined(Q_WS_MAEMO_5) || defined(Q_OS_SYMBIAN)
--- WebKit/qt/WebCoreSupport/FrameLoaderClientQt.cpp
+++ WebKit/qt/WebCoreSupport/FrameLoaderClientQt.cpp
@@ -38,6 +38,7 @@
#include "FrameTree.h"
#include "FrameView.h"
#include "DocumentLoader.h"
+#include "JSDOMWindowBase.h"
#include "MIMETypeRegistry.h"
#include "ResourceResponse.h"
#include "Page.h"
@@ -141,6 +142,8 @@
namespace WebCore
{
+bool FrameLoaderClientQt::deferMainResourceDataLoad = true;
+
FrameLoaderClientQt::FrameLoaderClientQt()
: m_frame(0)
, m_webFrame(0)
@@ -812,8 +815,15 @@
WTF::PassRefPtr<WebCore::DocumentLoader> FrameLoaderClientQt::createDocumentLoader(const WebCore::ResourceRequest& request, const SubstituteData& substituteData)
{
RefPtr<DocumentLoader> loader = DocumentLoader::create(request, substituteData);
- if (substituteData.isValid())
+ if (!deferMainResourceDataLoad || substituteData.isValid()) {
loader->setDeferMainResourceDataLoad(false);
+ // Use the default timeout interval for JS as the HTML tokenizer delay. This ensures
+ // that long-running JavaScript will still allow setHtml() to be synchronous, while
+ // still giving a reasonable timeout to prevent deadlock.
+ double delay = JSDOMWindowBase::commonJSGlobalData()->timeoutChecker.timeoutInterval() / 1000.0f;
+ m_frame->page()->setCustomHTMLTokenizerTimeDelay(delay);
+ } else
+ m_frame->page()->setCustomHTMLTokenizerTimeDelay(-1);
return loader.release();
}
--- WebKit/qt/WebCoreSupport/FrameLoaderClientQt.h
+++ WebKit/qt/WebCoreSupport/FrameLoaderClientQt.h
@@ -211,6 +211,8 @@
QString chooseFile(const QString& oldFile);
+ static bool deferMainResourceDataLoad;
+
private:
Frame *m_frame;
QWebFrame *m_webFrame;
--- WebKit/qt/declarative/declarative.pro
+++ WebKit/qt/declarative/declarative.pro
@@ -30,6 +30,7 @@
TARGET.EPOCALLOWDLLDATA=1
TARGET.CAPABILITY = All -Tcb
load(armcc_warnings)
+ TARGET = $$TARGET$${QT_LIBINFIX}
}
include(../../../WebKit.pri)
--- WebKit/qt/declarative/qdeclarativewebview.cpp
+++ WebKit/qt/declarative/qdeclarativewebview.cpp
@@ -612,7 +612,7 @@
#endif // QT_NO_ACTION
/*!
- \qmlproperty real WebView::title
+ \qmlproperty string WebView::title
This property holds the title of the web page currently viewed
By default, this property contains an empty string.
--- WebKit/qt/qt_webkit_version.pri
+++ WebKit/qt/qt_webkit_version.pri
@@ -2,3 +2,4 @@
QT_WEBKIT_MAJOR_VERSION = 4
QT_WEBKIT_MINOR_VERSION = 7
QT_WEBKIT_PATCH_VERSION = 0
+QT_CONFIG *= webkit
--- WebKit/qt/tests/qwebframe/tst_qwebframe.cpp
+++ WebKit/qt/tests/qwebframe/tst_qwebframe.cpp
@@ -598,6 +598,7 @@
void setHtml();
void setHtmlWithResource();
void setHtmlWithBaseURL();
+ void setHtmlWithJSAlert();
void ipv6HostEncoding();
void metaData();
#if !defined(Q_WS_MAEMO_5)
@@ -2485,6 +2486,33 @@
QCOMPARE(m_view->page()->history()->count(), 0);
}
+class MyPage : public QWebPage
+{
+public:
+ MyPage() : QWebPage(), alerts(0) {}
+ int alerts;
+
+protected:
+ virtual void javaScriptAlert(QWebFrame*, const QString& msg)
+ {
+ alerts++;
+ QCOMPARE(msg, QString("foo"));
+ // Should not be enough to trigger deferred loading, since we've upped the HTML
+ // tokenizer delay in the Qt frameloader. See HTMLTokenizer::continueProcessing()
+ QTest::qWait(1000);
+ }
+};
+
+void tst_QWebFrame::setHtmlWithJSAlert()
+{
+ QString html("<html><head></head><body><script>alert('foo');</script><p>hello world</p></body></html>");
+ MyPage page;
+ m_view->setPage(&page);
+ page.mainFrame()->setHtml(html);
+ QCOMPARE(page.alerts, 1);
+ QCOMPARE(m_view->page()->mainFrame()->toHtml(), html);
+}
+
class TestNetworkManager : public QNetworkAccessManager
{
public:
--- WebKit/qt/tests/qwebpage/tst_qwebpage.cpp
+++ WebKit/qt/tests/qwebpage/tst_qwebpage.cpp
@@ -219,6 +219,9 @@
void tst_QWebPage::infiniteLoopJS()
{
+#ifdef Q_WS_MAEMO_5
+ QSKIP("Test never terminates on Maemo 5 : https://bugs.webkit.org/show_bug.cgi?id=38538", SkipAll);
+#endif
JSTestPage* newPage = new JSTestPage(m_view);
m_view->setPage(newPage);
m_view->setHtml(QString("<html><bodytest</body></html>"), QUrl());
--- WebKit/qt/tests/qwebview/resources/input_types.html
+++ WebKit/qt/tests/qwebview/resources/input_types.html
@@ -4,5 +4,6 @@
<input type='tel' style='position: absolute; left: 10px; top: 100px; height: 50px; width: 100px;'/><br>
<input type='number' style='position: absolute; left: 10px; top: 150px; height: 50px; width: 100px;'/><br>
<input type='email' style='position: absolute; left: 10px; top: 200px; height: 50px; width: 100px;'/><br>
-<input type='url' style='position: absolute; left: 10px; top: 250px; height: 50px; width: 100px;'/><br>"
-</body></html>
\ No newline at end of file
+<input type='url' style='position: absolute; left: 10px; top: 250px; height: 50px; width: 100px;'/><br>
+<textarea style='position: absolute; left: 10px; top: 310px; height: 50px; width: 100px;' rows="2" cols="20">blah blah blah blah</textarea><br>
+</body></html>
--- WebKit/qt/tests/qwebview/tst_qwebview.cpp
+++ WebKit/qt/tests/qwebview/tst_qwebview.cpp
@@ -264,26 +264,58 @@
#else
QVERIFY(webView->inputMethodHints() == Qt::ImhNone);
#endif
+ QVERIFY(webView->testAttribute(Qt::WA_InputMethodEnabled));
// 'password' field
webView->fireMouseClick(QPoint(20, 60));
- QVERIFY(webView->inputMethodHints() & Qt::ImhHiddenText);
+ QVERIFY(webView->inputMethodHints() == Qt::ImhHiddenText);
+ QVERIFY(webView->testAttribute(Qt::WA_InputMethodEnabled));
// 'tel' field
webView->fireMouseClick(QPoint(20, 110));
- QVERIFY(webView->inputMethodHints() & Qt::ImhDialableCharactersOnly);
+ QVERIFY(webView->inputMethodHints() == Qt::ImhDialableCharactersOnly);
+ QVERIFY(webView->testAttribute(Qt::WA_InputMethodEnabled));
// 'number' field
webView->fireMouseClick(QPoint(20, 160));
- QVERIFY(webView->inputMethodHints() & Qt::ImhDigitsOnly);
+ QVERIFY(webView->inputMethodHints() == Qt::ImhDigitsOnly);
+ QVERIFY(webView->testAttribute(Qt::WA_InputMethodEnabled));
// 'email' field
webView->fireMouseClick(QPoint(20, 210));
- QVERIFY(webView->inputMethodHints() & Qt::ImhEmailCharactersOnly);
+ QVERIFY(webView->inputMethodHints() == Qt::ImhEmailCharactersOnly);
+ QVERIFY(webView->testAttribute(Qt::WA_InputMethodEnabled));
// 'url' field
webView->fireMouseClick(QPoint(20, 260));
- QVERIFY(webView->inputMethodHints() & Qt::ImhUrlCharactersOnly);
+ QVERIFY(webView->inputMethodHints() == Qt::ImhUrlCharactersOnly);
+ QVERIFY(webView->testAttribute(Qt::WA_InputMethodEnabled));
+
+ // 'password' field
+ webView->fireMouseClick(QPoint(20, 60));
+ QVERIFY(webView->inputMethodHints() == Qt::ImhHiddenText);
+ QVERIFY(webView->testAttribute(Qt::WA_InputMethodEnabled));
+
+ // 'text' type
+ webView->fireMouseClick(QPoint(20, 10));
+#if defined(Q_WS_MAEMO_5) || defined(Q_WS_MAEMO_6) || defined(Q_OS_SYMBIAN)
+ QVERIFY(webView->inputMethodHints() & Qt::ImhNoAutoUppercase);
+ QVERIFY(webView->inputMethodHints() & Qt::ImhNoPredictiveText);
+#else
+ QVERIFY(webView->inputMethodHints() == Qt::ImhNone);
+#endif
+ QVERIFY(webView->testAttribute(Qt::WA_InputMethodEnabled));
+
+ // 'password' field
+ webView->fireMouseClick(QPoint(20, 60));
+ QVERIFY(webView->inputMethodHints() == Qt::ImhHiddenText);
+ QVERIFY(webView->testAttribute(Qt::WA_InputMethodEnabled));
+
+ qWarning("clicking on text area");
+ // 'text area' field
+ webView->fireMouseClick(QPoint(20, 320));
+ QVERIFY(webView->inputMethodHints() == Qt::ImhNone);
+ QVERIFY(webView->testAttribute(Qt::WA_InputMethodEnabled));
delete webView;
--- WebKitTools/QtTestBrowser/main.cpp
+++ WebKitTools/QtTestBrowser/main.cpp
@@ -848,7 +848,7 @@
showInspectorAction->connect(m_inspector, SIGNAL(visibleChanged(bool)), SLOT(setChecked(bool)));
#if QT_VERSION >= QT_VERSION_CHECK(4, 6, 0)
- QAction* touchMockAction = toolsMenu->addAction("Toggle multitouch mocking", this, SLOT(setTouchMocking(bool)));
+ QAction* touchMockAction = toolsMenu->addAction("Toggle touch mocking", this, SLOT(setTouchMocking(bool)));
touchMockAction->setCheckable(true);
touchMockAction->setShortcut(QKeySequence(Qt::CTRL | Qt::ALT | Qt::Key_T));
#endif
More information about the MeeGo-commits
mailing list