diff options
| author | Simon Hausmann <simon.hausmann@nokia.com> | 2009-07-13 22:00:20 +0200 |
|---|---|---|
| committer | Simon Hausmann <simon.hausmann@nokia.com> | 2009-07-13 22:00:20 +0200 |
| commit | f23fa541a04abd1ddc36815a285ec824d5b5c5e0 (patch) | |
| tree | 3d1002cb8367e8635bc0a0f78724661cbf75a8cb /src/3rdparty/webkit/WebCore/plugins | |
| parent | fd302ab05face6c592944187fb594c1f55d62c5d (diff) | |
Updated WebKit from /home/shausman/src/webkit/trunk to qtwebkit-4.6-snapshot-13072009 ( b2abc0c271880b8135507861056af497f895adf5 )
Changes in WebKit/qt since the last update:
++ b/WebKit/qt/ChangeLog
2009-07-13 Simon Hausmann <simon.hausmann@nokia.com>
Reviewed by Ariya Hidayat.
Fix qdoc warnings for QWebPage::shouldInterruptJavaScript() and mention
how to re-implement it.
* Api/qwebpage.cpp:
2009-07-13 Simon Hausmann <hausmann@webkit.org>
Reviewed by Ariya Hidayat.
Fix crash with plugins when the plugin stream is cancelled.
Similar to r26667 handle the case where didReceiveResponse on the
plugin view results in failure to set up the stream and
setMainDocumentError being called instead. This will set the
m_pluginView back to 0 and we need check for it before calling
didReceiveData.
This was triggered by consecutive execution of
LayoutTests/plugins/return-error-from-new-stream-callback-in-full-frame-plugin.html
followed by LayoutTests/scrollbars/scrollbar-crash-on-refresh.html
* WebCoreSupport/FrameLoaderClientQt.cpp:
(WebCore::FrameLoaderClientQt::committedLoad):
2009-07-13 Simon Hausmann <hausmann@webkit.org>
Reviewed by Ariya Hidayat.
Added QWebDatabase::removeAllDatabases, as a way to delete all
databases from the offline storage path.
Used by the Qt DRT.
* Api/qwebdatabase.cpp:
(QWebDatabase::removeAllDatabases):
* Api/qwebdatabase.h:
2009-07-13 Simon Hausmann <hausmann@webkit.org>
Reviewed by Ariya Hidayat.
Added loadStarted() and loadFinished() signals to QWebFrame,
to allow load tracking of individual frames, as opposed to
QWebPage's loadStarted/loadFinished signals that are emitted
whenever _any_ child frame loads/finishes.
* Api/qwebframe.cpp: Document new signals.
* Api/qwebframe.h: Add new signals.
* WebCoreSupport/FrameLoaderClientQt.cpp:
(WebCore::FrameLoaderClientQt::setFrame): Connect new signals.
2009-07-13 Simon Hausmann <hausmann@webkit.org>
Reviewed by Ariya Hidayat.
Add hooks for the GCController JavaScript interface needed by the
Qt DRT.
Fixed sort order of includes in qwebframe.cpp.
* Api/qwebframe.cpp:
(qt_drt_javaScriptObjectsCount):
(qt_drt_garbageCollector_collect):
(qt_drt_garbageCollector_collectOnAlternateThread):
2009-07-13 Simon Hausmann <hausmann@webkit.org>
Reviewed by Ariya Hidayat.
Add hooks for the GCController JavaScript interface needed by the
Qt DRT.
Fixed sort order of includes in qwebframe.cpp.
* Api/qwebframe.cpp:
(qt_drt_javaScriptObjectsCount):
(qt_drt_garbageCollector_collect):
(qt_drt_garbageCollector_collectOnAlternateThread):
2009-07-12 Brent Fulgham <bfulgham@gmail.com>
Speculative build fix after http://trac.webkit.org/changeset/45786.
* WebCoreSupport/ChromeClientQt.cpp:
(WebCore::ChromeClientQt::addMessageToConsole):
* WebCoreSupport/ChromeClientQt.h:
2009-07-10 Yael Aharon <yael.aharon@nokia.com>
Reviewed by Holger Freyther.
https://bugs.webkit.org/show_bug.cgi?id=27136
Fix a bug where webkit hangs when executing infinite JavaScript loop.
* Api/qwebpage.cpp:
(QWebPage::shouldInterruptJavaScript):
* Api/qwebpage.h:
* WebCoreSupport/ChromeClientQt.cpp:
(WebCore::ChromeClientQt::shouldInterruptJavaScript):
* tests/qwebpage/tst_qwebpage.cpp:
(JSTestPage::JSTestPage):
(JSTestPage::shouldInterruptJavaScript):
(tst_QWebPage::infiniteLoopJS):
2009-07-10 Simon Hausmann <simon.hausmann@nokia.com>
Reviewed by Holger Freyther.
https://bugs.webkit.org/show_bug.cgi?id=27108
Fix crash when in frame tree of a new frame before the new frame
has been installed in the frame tree, similar to r35088.
After calling Frame::init() the frame it may have been removed from the
frame tree again through JavaScript. Detect this by checking the page()
afterwards.
To make this check safe the Frame::init() code was moved into
QWebFrameData's constructor, where a RefPtr holds a reference to the frame.
After the check back in FrameLoaderClientQt we would hold the single
reference left and after release() the frame, its frame loader, its
client as well as the QWebFrame should have disappeared then.
* Api/qwebframe.cpp:
(QWebFramePrivate::init): Only call Frame::init here, the rest is
done in QWebFrameData's constructor.
(QWebFrame::QWebFrame):
* Api/qwebframe_p.h: Adjust declaration.
(QWebFrameData::QWebFrameData): Create the Frame here.
* Api/qwebpage.cpp:
(QWebPagePrivate::createMainFrame): Adjust and simplify
to new QWebFrame constructor.
* WebCoreSupport/FrameLoaderClientQt.cpp:
(WebCore::FrameLoaderClientQt::createFrame): Adjust to
new QWebFrame construction using QWebFrameData and add the
check like in r35088.
2009-07-09 Beth Dakin <bdakin@apple.com>
Reviewed by Dave Hyatt.
Make Widget RefCounted to fix:
<rdar://problem/7038831> REGRESSION (TOT): In Mail, a crash occurs
at WebCore::Widget::afterMouseDown() after clicking To Do's close
box
<rdar://problem/6978804> WER #16: Repro Access Violation in
WebCore::PluginView::bindingInstance (1310178023)
-and-
<rdar://problem/6991251> WER #13: Crash in WebKit!
WebCore::PluginView::performRequest+203 (1311461169)
* WebCoreSupport/FrameLoaderClientQt.cpp:
(WebCore::FrameLoaderClientQt::createPlugin):
(WebCore::FrameLoaderClientQt::createJavaAppletWidget):
* WebCoreSupport/FrameLoaderClientQt.h:
2009-07-08 Pradeepto Bhattacharya <pradeepto@kde.org>
Reviewed by Ariya Hidayat.
Build fix.
* WebCoreSupport/FrameLoaderClientQt.h: Removed the slot slotCallPolicyFunction().
2009-07-08 Simon Hausmann <hausmann@webkit.org>
Reviewed by Tor Arne Vestbø.
https://bugs.webkit.org/show_bug.cgi?id=27080
Fix DRT instability issues with fast/loader/submit-form-while-parsing-2.html
When the form is submitted we call the policy function in the frame
loader delayed with a queued connection. That queued connection
sometimes interferes with the javascript timeout set in the testcase.
Eliminate the entire delayed policy function mechanism and instead always
call back directly, like in the other ports. In most other places we called
the slot directly anyway.
* WebCoreSupport/FrameLoaderClientQt.cpp:
(WebCore::FrameLoaderClientQt::FrameLoaderClientQt): Remove m_policyFunction.
(WebCore::FrameLoaderClientQt::callPolicyFunction): Call the policy function directly instead
of emitting the queued signal.
(WebCore::FrameLoaderClientQt::cancelPolicyCheck): Call callPolicyFunction directly.
(WebCore::FrameLoaderClientQt::dispatchWillSubmitForm): Ditto.
(WebCore::FrameLoaderClientQt::dispatchDecidePolicyForMIMEType): Ditto.
(WebCore::FrameLoaderClientQt::dispatchDecidePolicyForNewWindowAction): Ditto.
(WebCore::FrameLoaderClientQt::dispatchDecidePolicyForNavigationAction): Ditto.
* WebCoreSupport/FrameLoaderClientQt.h: Remove m_policyFunction as well as the associated
signal.
2009-07-07 Simon Hausmann <hausmann@webkit.org>
Reviewed by Holger Freyther.
Add Qt DRT hook for clearing the frame name.
* Api/qwebframe.cpp:
(qt_drt_clearFrameName):
2009-07-05 Simon Hausmann <hausmann@webkit.org>
Reviewed by Holger Freyther.
Fix two qdoc warnings.
Added missing \property for QWebFrame::hasFocus and added \a
tag for pos of QWebPage::frameAt.
* Api/qwebframe.cpp:
* Api/qwebpage.cpp:
2009-07-04 Holger Hans Peter Freyther <zecke@selfish.org>
Reviewed by Simon Hausmann.
Use the recently introduced FocusController::setFocused
Use the recently introduced FocusController::setFocused
in the Qt platform. The SelectionController will be updated
from within the FocusController now.
* Api/qwebpage.cpp:
(QWebPagePrivate::focusInEvent):
(QWebPagePrivate::focusOutEvent):
2009-07-02 Simon Hausmann <simon.hausmann@nokia.com>
Reviewed by Ariya Hidayat.
Improve documentation of QWebFrame::setFocus and hasFocus()
Added missing Q_PROPERTY for QWebFrame::hasFocus.
* Api/qwebframe.cpp: Clarify the docs.
* Api/qwebframe.h: add Q_PROPERTY(focus).
2009-07-02 Joe Ligman <joseph.ligman@nokia.com>
Reviewed by Simon Hausmann.
Bug 26855: [Qt] New methods for QWebFrame to check and set focus.
Added new public methods QWebFrame::hasFocus() and QWebFrame::setFocus()
Added auto test.
* Api/qwebframe.cpp:
(QWebFrame::hasFocus):
(QWebFrame::setFocus):
* Api/qwebframe.h:
* tests/qwebframe/tst_qwebframe.cpp:
2009-07-01 Robert Hogan <robert@roberthogan.net>
Reviewed by NOBODY.
Fix Qt segfault when javascript disabled.
If clients call addToJavaScriptWindowObject even though JavascriptEnabled is false
webkit will segfault on the assert:
ASSERTION FAILED: _rootObject
(../../../WebCore/bridge/runtime.cpp:52
JSC::Bindings::Instance::Instance(WTF::PassRefPtr<JSC::Bindings::RootObject>))
Fix is to ensure JavaScript is enabled when client calls addToJavaScriptWindowObject.
https://bugs.webkit.org/show_bug.cgi?id=26906
* Api/qwebframe.cpp:
(QWebFrame::addToJavaScriptWindowObject):
2009-07-01 Jakub Wieczorek <faw217@gmail.com>
Reviewed by Simon Hausmann.
[Qt] Move some API headers from WebCore.pro to headers.pri so that they
get installed when running make install from the build directory.
* Api/headers.pri:
2009-07-01 Balazs Kelemen <kelemen.balazs.3@stud.u-szeged.hu>
Reviewed by Simon Hausmann.
Fixed robotized QtLauncher to work when there is no index.html in the user's home.
* QtLauncher/main.cpp:
(main):
2009-06-30 Brian Weinstein <bweinstein@apple.com>
Reviewed by Adam Roben.
Renamed scrollbarUnderPoint to scrollbarAtPoint to follow conventions.
* Api/qwebpage.cpp:
(QWebPage::swallowContextMenuEvent):
2009-06-30 Joe Ligman <joseph.ligman@nokia.com>
Reviewed by Adam Treat.
Bug 26422: [Qt] QWebPagePrivate::frameAt calculates wrong frame
Added a public method QWebPage::frameAt
Removed QWebPagePrivate::frameAt, which calcuated the wrong frame
Modified QWebPage::swallowContextMenuEvent to use the new frameAt method
New test case for frameAt added to tst_qwebpage.cpp
* Api/qwebpage.cpp:
(QWebPage::frameAt):
(QWebPage::swallowContextMenuEvent):
* Api/qwebpage.h:
* Api/qwebpage_p.h:
* tests/qwebpage/frametest/iframe.html: Added.
* tests/qwebpage/frametest/iframe2.html: Added.
* tests/qwebpage/frametest/iframe3.html: Added.
* tests/qwebpage/tst_qwebpage.cpp:
(frameAtHelper):
(tst_QWebPage::frameAt):
* tests/qwebpage/tst_qwebpage.qrc:
2009-06-30 Jakub Wieczorek <faw217@gmail.com>
Reviewed by Simon Hausmann.
Add QWebFrame::baseUrl() function that exposes the base URL of a frame.
Autotests included.
* Api/qwebframe.cpp:
(QWebFrame::baseUrl):
* Api/qwebframe.h:
* tests/qwebframe/tst_qwebframe.cpp:
Diffstat (limited to 'src/3rdparty/webkit/WebCore/plugins')
5 files changed, 59 insertions, 24 deletions
diff --git a/src/3rdparty/webkit/WebCore/plugins/PluginView.cpp b/src/3rdparty/webkit/WebCore/plugins/PluginView.cpp index 2c5adc5e0b..8737572a01 100644 --- a/src/3rdparty/webkit/WebCore/plugins/PluginView.cpp +++ b/src/3rdparty/webkit/WebCore/plugins/PluginView.cpp @@ -239,8 +239,12 @@ void PluginView::performRequest(PluginRequest* request) m_streams.add(stream); stream->start(); } else { + // If the target frame is our frame, we could destroy the + // PluginView, so we protect it. <rdar://problem/6991251> + RefPtr<PluginView> protect(this); + m_parentFrame->loader()->load(request->frameLoadRequest().resourceRequest(), targetFrameName, false); - + // FIXME: <rdar://problem/4807469> This should be sent when the document has finished loading if (request->sendNotification()) { PluginView::setCurrentPluginView(this); @@ -481,6 +485,11 @@ PassRefPtr<JSC::Bindings::Instance> PluginView::bindingInstance() if (!m_plugin || !m_plugin->pluginFuncs()->getvalue) return 0; + // On Windows, calling Java's NPN_GetValue can allow the message loop to + // run, allowing loading to take place or JavaScript to run. Protect the + // PluginView from destruction. <rdar://problem/6978804> + RefPtr<PluginView> protect(this); + NPError npErr; { PluginView::setCurrentPluginView(this); @@ -491,6 +500,13 @@ PassRefPtr<JSC::Bindings::Instance> PluginView::bindingInstance() PluginView::setCurrentPluginView(0); } + if (hasOneRef()) { + // The renderer for the PluginView was destroyed during the above call, and + // the PluginView will be destroyed when this function returns, so we + // return null. + return 0; + } + if (npErr != NPERR_NO_ERROR || !object) return 0; @@ -667,7 +683,7 @@ bool PluginView::isCallingPlugin() return s_callingPlugin > 0; } -PluginView* PluginView::create(Frame* parentFrame, const IntSize& size, Element* element, const KURL& url, const Vector<String>& paramNames, const Vector<String>& paramValues, const String& mimeType, bool loadManually) +PassRefPtr<PluginView> PluginView::create(Frame* parentFrame, const IntSize& size, Element* element, const KURL& url, const Vector<String>& paramNames, const Vector<String>& paramValues, const String& mimeType, bool loadManually) { // if we fail to find a plugin for this MIME type, findPlugin will search for // a plugin by the file extension and update the MIME type, so pass a mutable String @@ -680,7 +696,7 @@ PluginView* PluginView::create(Frame* parentFrame, const IntSize& size, Element* plugin = PluginDatabase::installedPlugins()->findPlugin(url, mimeTypeCopy); } - return new PluginView(parentFrame, size, plugin, element, url, paramNames, paramValues, mimeTypeCopy, loadManually); + return adoptRef(new PluginView(parentFrame, size, plugin, element, url, paramNames, paramValues, mimeTypeCopy, loadManually)); } void PluginView::freeStringArray(char** stringArray, int length) diff --git a/src/3rdparty/webkit/WebCore/plugins/PluginView.h b/src/3rdparty/webkit/WebCore/plugins/PluginView.h index 41d986be70..3ed6756dc0 100644 --- a/src/3rdparty/webkit/WebCore/plugins/PluginView.h +++ b/src/3rdparty/webkit/WebCore/plugins/PluginView.h @@ -108,7 +108,7 @@ namespace WebCore { class PluginView : public Widget, private PluginStreamClient, public PluginManualLoader { public: - static PluginView* create(Frame* parentFrame, const IntSize&, Element*, const KURL&, const Vector<String>& paramNames, const Vector<String>& paramValues, const String& mimeType, bool loadManually); + static PassRefPtr<PluginView> create(Frame* parentFrame, const IntSize&, Element*, const KURL&, const Vector<String>& paramNames, const Vector<String>& paramValues, const String& mimeType, bool loadManually); virtual ~PluginView(); PluginPackage* plugin() const { return m_plugin.get(); } diff --git a/src/3rdparty/webkit/WebCore/plugins/win/PluginMessageThrottlerWin.cpp b/src/3rdparty/webkit/WebCore/plugins/win/PluginMessageThrottlerWin.cpp index 27bf5b9684..b79ca20fc0 100644 --- a/src/3rdparty/webkit/WebCore/plugins/win/PluginMessageThrottlerWin.cpp +++ b/src/3rdparty/webkit/WebCore/plugins/win/PluginMessageThrottlerWin.cpp @@ -85,6 +85,9 @@ void PluginMessageThrottlerWin::messageThrottleTimerFired(Timer<PluginMessageThr if (message == m_back) m_back = 0; + // Protect the PluginView from destruction while calling its window proc. + // <rdar://problem/6930280> + RefPtr<PluginView> protect(m_pluginView); ::CallWindowProc(m_pluginView->pluginWndProc(), message->hWnd, message->msg, message->wParam, message->lParam); freeMessage(message); diff --git a/src/3rdparty/webkit/WebCore/plugins/win/PluginPackageWin.cpp b/src/3rdparty/webkit/WebCore/plugins/win/PluginPackageWin.cpp index b52553ec9a..40d9b2a976 100644 --- a/src/3rdparty/webkit/WebCore/plugins/win/PluginPackageWin.cpp +++ b/src/3rdparty/webkit/WebCore/plugins/win/PluginPackageWin.cpp @@ -81,9 +81,16 @@ bool PluginPackage::isPluginBlacklisted() if (compareFileVersion(slPluginMinRequired) < 0) return true; - } else if (fileName() == "npmozax.dll") + } else if (fileName() == "npmozax.dll") { // Bug 15217: Mozilla ActiveX control complains about missing xpcom_core.dll return true; + } else if (name() == "Yahoo Application State Plugin") { + // https://bugs.webkit.org/show_bug.cgi?id=26860 + // Bug in Yahoo Application State plug-in earlier than 1.0.0.6 leads to heap corruption. + static const PlatformModuleVersion yahooAppStatePluginMinRequired(0x00000006, 0x00010000); + if (compareFileVersion(yahooAppStatePluginMinRequired) < 0) + return true; + } return false; } @@ -248,7 +255,7 @@ bool PluginPackage::load() return false; // Load the library - m_module = ::LoadLibraryW(m_path.charactersWithNullTermination()); + m_module = ::LoadLibraryExW(m_path.charactersWithNullTermination(), 0, LOAD_WITH_ALTERED_SEARCH_PATH); if (!::SetCurrentDirectoryW(currentPath)) { if (m_module) diff --git a/src/3rdparty/webkit/WebCore/plugins/win/PluginViewWin.cpp b/src/3rdparty/webkit/WebCore/plugins/win/PluginViewWin.cpp index e47796584b..272a540ae2 100644 --- a/src/3rdparty/webkit/WebCore/plugins/win/PluginViewWin.cpp +++ b/src/3rdparty/webkit/WebCore/plugins/win/PluginViewWin.cpp @@ -110,11 +110,6 @@ static BYTE* endPaint; HDC WINAPI PluginView::hookedBeginPaint(HWND hWnd, PAINTSTRUCT* lpPaint) { -#if (COMPILER(MINGW)) - Q_UNUSED(hWnd) - Q_UNUSED(lpPaint) - return 0; -#else PluginView* pluginView = reinterpret_cast<PluginView*>(GetProp(hWnd, kWebPluginViewProperty)); if (pluginView && pluginView->m_wmPrintHDC) { // We're secretly handling WM_PRINTCLIENT, so set up the PAINTSTRUCT so @@ -125,6 +120,17 @@ HDC WINAPI PluginView::hookedBeginPaint(HWND hWnd, PAINTSTRUCT* lpPaint) return pluginView->m_wmPrintHDC; } +#if COMPILER(GCC) + HDC result; + asm ("push %2\n" + "push %3\n" + "call *%4\n" + : "=a" (result) + : "a" (beginPaintSysCall), "g" (lpPaint), "g" (hWnd), "m" (*beginPaint) + : "memory" + ); + return result; +#else // Call through to the original BeginPaint. __asm mov eax, beginPaintSysCall __asm push lpPaint @@ -135,11 +141,6 @@ HDC WINAPI PluginView::hookedBeginPaint(HWND hWnd, PAINTSTRUCT* lpPaint) BOOL WINAPI PluginView::hookedEndPaint(HWND hWnd, const PAINTSTRUCT* lpPaint) { -#if (COMPILER(MINGW)) - Q_UNUSED(hWnd) - Q_UNUSED(lpPaint) - return FALSE; -#else PluginView* pluginView = reinterpret_cast<PluginView*>(GetProp(hWnd, kWebPluginViewProperty)); if (pluginView && pluginView->m_wmPrintHDC) { // We're secretly handling WM_PRINTCLIENT, so we don't have to do any @@ -147,15 +148,24 @@ BOOL WINAPI PluginView::hookedEndPaint(HWND hWnd, const PAINTSTRUCT* lpPaint) return TRUE; } +#if COMPILER(GCC) + BOOL result; + asm ("push %2\n" + "push %3\n" + "call *%4\n" + : "=a" (result) + : "a" (endPaintSysCall), "g" (lpPaint), "g" (hWnd), "g" (*endPaint) + ); + return result; +#else // Call through to the original EndPaint. __asm mov eax, endPaintSysCall __asm push lpPaint __asm push hWnd __asm call endPaint -#endif +#endif } -#if (!COMPILER(MINGW)) static void hook(const char* module, const char* proc, unsigned& sysCallID, BYTE*& pProc, const void* pNewProc) { // See <http://www.fengyuan.com/article/wmprint.html> for an explanation of @@ -163,7 +173,7 @@ static void hook(const char* module, const char* proc, unsigned& sysCallID, BYTE HINSTANCE hMod = GetModuleHandleA(module); - pProc = reinterpret_cast<BYTE*>(GetProcAddress(hMod, proc)); + pProc = reinterpret_cast<BYTE*>(reinterpret_cast<ptrdiff_t>(GetProcAddress(hMod, proc))); if (pProc[0] != 0xB8) return; @@ -193,10 +203,10 @@ static void setUpOffscreenPaintingHooks(HDC (WINAPI*hookedBeginPaint)(HWND, PAIN // we hook into BeginPaint/EndPaint to allow their normal WM_PAINT handling // to draw into a given HDC. Note that this hooking affects the entire // process. - hook("user32.dll", "BeginPaint", beginPaintSysCall, beginPaint, hookedBeginPaint); - hook("user32.dll", "EndPaint", endPaintSysCall, endPaint, hookedEndPaint); + hook("user32.dll", "BeginPaint", beginPaintSysCall, beginPaint, reinterpret_cast<const void *>(reinterpret_cast<ptrdiff_t>(hookedBeginPaint))); + hook("user32.dll", "EndPaint", endPaintSysCall, endPaint, reinterpret_cast<const void *>(reinterpret_cast<ptrdiff_t>(hookedEndPaint))); + } -#endif static bool registerPluginView() { @@ -940,9 +950,8 @@ void PluginView::init() if (m_isWindowed) { registerPluginView(); -#if (!COMPILER(MINGW)) setUpOffscreenPaintingHooks(hookedBeginPaint, hookedEndPaint); -#endif + DWORD flags = WS_CHILD; if (isSelfVisible()) flags |= WS_VISIBLE; |