Google Git
Sign in
webkit / WebKit / f3ed10038fe5be95b515db89180721bfcd844cb8
commitf3ed10038fe5be95b515db89180721bfcd844cb8[log] [tgz]
authorcommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>Thu Dec 15 04:16:25 2011 +0000
committercommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>Thu Dec 15 04:16:25 2011 +0000
tree05dbe7c87234bbc9bf38d43cb720bd5b82627501
parentf17d52502b298ed1ff1123b6e2c35a8d9c0afa1b [diff]
Opening two popup menus by dispatchEvent() makes problems.
https://bugs.webkit.org/show_bug.cgi?id=73304

Patch by Jing Zhao <jingzhao@chromium.org> on 2011-12-14
Reviewed by Kent Tamura.

Source/WebCore:

By using element.dispatchEvent(), a user written script can open two
popup menus, which causes various problems in different platforms.

Add a hasOpenedPopup() method in ChromeClient and a wrapper in Chrome.
In RenderMenuList::showPopup(), check if there is an opened popup menu
before opening a new popup menu.

Test: fast/forms/select-popup-crash.html

* loader/EmptyClients.h: Overrides hasOpenedPopup().
(WebCore::EmptyChromeClient::hasOpenedPopup): Returns false as a default case.
* page/Chrome.cpp:
(WebCore::Chrome::hasOpenedPopup): Calls ChromeClient::hasOpenedPopup().
* page/Chrome.h: Declares hasOpenedPopup().
* page/ChromeClient.h: Declares hasOpenedPopup() as a pure virtual function.
* rendering/RenderMenuList.cpp:
(WebCore::RenderMenuList::showPopup): Calls Chrome::hasOpenedPopup() before opening a new popup menu.

Source/WebKit/chromium:

By using element.dispatchEvent(), a user written script can open two
popup menus, which causes the assertion in WebViewImpl::popupOpened()
fail.

ChromeClientImpl::hasOpenedPopup() is called by Chrome::hasOpenedPopup()
in RenderMenuList::showPopup(), to check if there is an opened popup
menu before opening a new popup menu.

* src/ChromeClientImpl.cpp:
(WebKit::ChromeClientImpl::hasOpenedPopup): Checks the popup in WebViewImpl.
* src/ChromeClientImpl.h: Overrides hasOpenedPopup().

Source/WebKit/efl:

* WebCoreSupport/ChromeClientEfl.cpp:
(WebCore::ChromeClientEfl::hasOpenedPopup): Not implemented.
* WebCoreSupport/ChromeClientEfl.h: Overrides hasOpenedPopup().

Source/WebKit/gtk:

* WebCoreSupport/ChromeClientGtk.cpp:
(WebKit::ChromeClient::hasOpenedPopup): Not implemented.
* WebCoreSupport/ChromeClientGtk.h: Overrides hasOpenedPopup().

Source/WebKit/mac:

* WebCoreSupport/WebChromeClient.h: Overrides hasOpenedPopup().
* WebCoreSupport/WebChromeClient.mm:
(WebChromeClient::hasOpenedPopup): Not implemented.

Source/WebKit/qt:

* WebCoreSupport/ChromeClientQt.cpp:
(WebCore::ChromeClientQt::hasOpenedPopup): Not implemented.
* WebCoreSupport/ChromeClientQt.h: Overrides hasOpenedPopup().

Source/WebKit/win:

* WebCoreSupport/WebChromeClient.cpp:
(WebChromeClient::hasOpenedPopup): Not implemented.
* WebCoreSupport/WebChromeClient.h: Overrides hasOpenedPopup().

Source/WebKit2:

* WebProcess/WebCoreSupport/WebChromeClient.cpp:
(WebKit::WebChromeClient::hasOpenedPopup): Not implemented.
* WebProcess/WebCoreSupport/WebChromeClient.h: Overrides hasOpenedPopup().

LayoutTests:

* fast/forms/select/menulist-popup-crash-expected.txt: Added.
* fast/forms/select/menulist-popup-crash.html: Added.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@102874 268f45cc-cd09-0410-ab3c-d52691b4dbfc
30 files changed
tree: 05dbe7c87234bbc9bf38d43cb720bd5b82627501
  1. Examples/
  2. LayoutTests/
  3. ManualTests/
  4. PerformanceTests/
  5. Source/
  6. Tools/
  7. WebKitLibraries/
  8. Websites/
  9. .dir-locals.el
  10. .gitattributes
  11. .gitignore
  12. autogen.sh
  13. ChangeLog
  14. CMakeLists.txt
  15. configure.ac
  16. GNUmakefile.am
  17. Makefile
  18. Makefile.shared
  19. WebKit.pro
  20. wscript