haikuwebkit/LayoutTests/fast/dom/no-assert-for-malformed-js-...

<!DOCTYPE html>
<html>
<head>
<script src="../../resources/js-test.js"></script>
<script>
description("This tests that we do not assert when a malformed JS URL is passed to the 'src' attribute of an iframe. The test passes if it does not ASSERT.");

if (window.testRunner)
    testRunner.dumpAsText();

function runTest()
{
    var testFrame1 = document.getElementById('testFrame1');
    testFrame1.getAttributeNode("src").value += "missingFunction(this) orem ipsum dosolorem";

    var testFrame2 = document.getElementById('testFrame2');
    testFrame2.getAttributeNode("src").value += "javascript:missingFunction(this) orem ipsum dosolorem";
}
</script>
</head>
<body onload="runTest()">
    <iframe id='testFrame1' src='javascript:'></iframe>
    <iframe id='testFrame2' src='foo'></iframe>
</body>
</html>
Do not assert when CharacterData representing an Attr fires events https://bugs.webkit.org/show_bug.cgi?id=170454 <rdar://problem/30979320> Reviewed by Ryosuke Niwa. Source/WebCore: Make the NoEventDispatchAssertion in CharacterData::notifyParentAfterChange conditional since Attr elements should be allowed to fire events. Tests: fast/dom/no-assert-for-malformed-js-url-attribute.html * dom/CharacterData.cpp: (WebCore::CharacterData::notifyParentAfterChange): LayoutTests: * fast/dom/no-assert-for-malformed-js-url-attribute-expected.txt: Added. * fast/dom/no-assert-for-malformed-js-url-attribute.html: Added. Canonical link: https://commits.webkit.org/187399@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@214915 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2017-04-05 00:05:27 +00:00			`<!DOCTYPE html>`
			`<html>`
			`<head>`
			`<script src="../../resources/js-test.js"></script>`
			`<script>`
			`description("This tests that we do not assert when a malformed JS URL is passed to the 'src' attribute of an iframe. The test passes if it does not ASSERT.");`

			`if (window.testRunner)`
			`testRunner.dumpAsText();`

			`function runTest()`
			`{`
			`var testFrame1 = document.getElementById('testFrame1');`
Attr Nodes should not have children https://bugs.webkit.org/show_bug.cgi?id=171688 <rdar://problem/31998412> Reviewed by Andreas Kling. Source/WebCore: Attr Nodes should not have children as per the latest DOM specification: - https://dom.spec.whatwg.org/#interface-attr - https://dom.spec.whatwg.org/#dom-attr-value - https://dom.spec.whatwg.org/#concept-node-ensure-pre-insertion-validity (Step 1) Firefox and Chrome both have been matching the DOM specification for a while so I think we should do the same. This aligns us with other browsers, simplifies the code, is more efficient and the code being removed has been prone to security bugs. Test: fast/dom/Attr/cannot-have-children.html * dom/Attr.cpp: (WebCore::Attr::Attr): (WebCore::Attr::create): (WebCore::Attr::setValue): (WebCore::Attr::cloneNodeInternal): * dom/Attr.h: - Have Attr subclass Node instead of ContainerNode as it can no longer have children. - Drop logic to dealing with children / creating a Text child. * dom/CharacterData.cpp: (WebCore::CharacterData::notifyParentAfterChange): Drop useless check found by the compiler. parentNode() can no longer be an Attr node. * dom/Node.cpp: (WebCore::appendTextContent): appendTextContent() is called by Node.TextContent(). For Attr Nodes, we should no longer traverse its subtree to gather Text Nodes. Instead, we now return Attr.value, as per the specification: - https://dom.spec.whatwg.org/#dom-node-textcontent * dom/Range.cpp: (WebCore::lengthOfContentsInNode): As per https://dom.spec.whatwg.org/#concept-node-length, we should return the number of children for Attr Nodes, which will always be 0. * xml/XPathUtil.cpp: (WebCore::XPath::isValidContextNode): Always return true for TEXT_NODE as the !(node->parentNode() && node->parentNode()->isAttributeNode()) check will also with true now. This is because a parentNode() cannot be an Attribute Node. LayoutTests: * fast/dom/Attr/cannot-have-children-expected.txt: Added. * fast/dom/Attr/cannot-have-children.html: Added. Add layout test coverage. I have verified that this test passes in both Firefox and Chrome. * dom/html/level1/: Removed legacy / outdated tests. dom/xhtml/level1/: Removed legacy / outdated tests. fast/dom/Attr/child-nodes-cache-expected.txt: Removed. * fast/dom/Attr/child-nodes-cache.html: Removed. * fast/dom/Attr/child-nodes-length-cache-expected.txt: Removed. * fast/dom/Attr/child-nodes-length-cache.html: Removed. * fast/dom/Attr/invalidate-nodelist-after-attr-setvalue-expected.txt: Removed. * fast/dom/Attr/invalidate-nodelist-after-attr-setvalue.html: Removed. * fast/dom/attribute-change-on-mutate-expected.txt: Removed. * fast/dom/attribute-change-on-mutate.html: Removed. * svg/custom/image-with-attr-change-after-delete-crash-expected.txt: Removed. * svg/custom/image-with-attr-change-after-delete-crash.html: Removed. * traversal/moz-bug590771-expected.txt: Removed. * traversal/moz-bug590771.html: Removed. Removed some outdated tests. * fast/custom-elements/reactions-for-webkit-extensions-expected.txt: * fast/custom-elements/reactions-for-webkit-extensions.html: * fast/dom/Attr/change-id-via-attr-node-value-expected.txt: * fast/dom/Attr/change-id-via-attr-node-value.html: * fast/dom/Element/normalize-crash.html: * fast/dom/Element/normalize-crash2.html: * fast/dom/HTMLLinkElement/event-while-removing-attribute-expected.txt: * fast/dom/HTMLLinkElement/event-while-removing-attribute.html: * fast/dom/MutationObserver/observe-attributes-expected.txt: * fast/dom/MutationObserver/observe-attributes.html: * fast/dom/import-attribute-node.html: * fast/dom/insertedIntoDocument-child.html: * fast/dom/insertedIntoDocument-sibling.html: * fast/dom/no-assert-for-malformed-js-url-attribute-expected.txt: * fast/dom/no-assert-for-malformed-js-url-attribute.html: * fast/dom/normalize-attributes-mutation-event-crash.html: * fast/dom/serialize-nodes.xhtml: * http/tests/security/xss-DENIED-iframe-src-alias-expected.txt: Update existing tests so they stop relying on Attr Node having Text children. Canonical link: https://commits.webkit.org/188639@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@216259 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2017-05-05 19:26:11 +00:00			`testFrame1.getAttributeNode("src").value += "missingFunction(this) orem ipsum dosolorem";`
Do not assert when CharacterData representing an Attr fires events https://bugs.webkit.org/show_bug.cgi?id=170454 <rdar://problem/30979320> Reviewed by Ryosuke Niwa. Source/WebCore: Make the NoEventDispatchAssertion in CharacterData::notifyParentAfterChange conditional since Attr elements should be allowed to fire events. Tests: fast/dom/no-assert-for-malformed-js-url-attribute.html * dom/CharacterData.cpp: (WebCore::CharacterData::notifyParentAfterChange): LayoutTests: * fast/dom/no-assert-for-malformed-js-url-attribute-expected.txt: Added. * fast/dom/no-assert-for-malformed-js-url-attribute.html: Added. Canonical link: https://commits.webkit.org/187399@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@214915 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2017-04-05 00:05:27 +00:00
			`var testFrame2 = document.getElementById('testFrame2');`
Attr Nodes should not have children https://bugs.webkit.org/show_bug.cgi?id=171688 <rdar://problem/31998412> Reviewed by Andreas Kling. Source/WebCore: Attr Nodes should not have children as per the latest DOM specification: - https://dom.spec.whatwg.org/#interface-attr - https://dom.spec.whatwg.org/#dom-attr-value - https://dom.spec.whatwg.org/#concept-node-ensure-pre-insertion-validity (Step 1) Firefox and Chrome both have been matching the DOM specification for a while so I think we should do the same. This aligns us with other browsers, simplifies the code, is more efficient and the code being removed has been prone to security bugs. Test: fast/dom/Attr/cannot-have-children.html * dom/Attr.cpp: (WebCore::Attr::Attr): (WebCore::Attr::create): (WebCore::Attr::setValue): (WebCore::Attr::cloneNodeInternal): * dom/Attr.h: - Have Attr subclass Node instead of ContainerNode as it can no longer have children. - Drop logic to dealing with children / creating a Text child. * dom/CharacterData.cpp: (WebCore::CharacterData::notifyParentAfterChange): Drop useless check found by the compiler. parentNode() can no longer be an Attr node. * dom/Node.cpp: (WebCore::appendTextContent): appendTextContent() is called by Node.TextContent(). For Attr Nodes, we should no longer traverse its subtree to gather Text Nodes. Instead, we now return Attr.value, as per the specification: - https://dom.spec.whatwg.org/#dom-node-textcontent * dom/Range.cpp: (WebCore::lengthOfContentsInNode): As per https://dom.spec.whatwg.org/#concept-node-length, we should return the number of children for Attr Nodes, which will always be 0. * xml/XPathUtil.cpp: (WebCore::XPath::isValidContextNode): Always return true for TEXT_NODE as the !(node->parentNode() && node->parentNode()->isAttributeNode()) check will also with true now. This is because a parentNode() cannot be an Attribute Node. LayoutTests: * fast/dom/Attr/cannot-have-children-expected.txt: Added. * fast/dom/Attr/cannot-have-children.html: Added. Add layout test coverage. I have verified that this test passes in both Firefox and Chrome. * dom/html/level1/: Removed legacy / outdated tests. dom/xhtml/level1/: Removed legacy / outdated tests. fast/dom/Attr/child-nodes-cache-expected.txt: Removed. * fast/dom/Attr/child-nodes-cache.html: Removed. * fast/dom/Attr/child-nodes-length-cache-expected.txt: Removed. * fast/dom/Attr/child-nodes-length-cache.html: Removed. * fast/dom/Attr/invalidate-nodelist-after-attr-setvalue-expected.txt: Removed. * fast/dom/Attr/invalidate-nodelist-after-attr-setvalue.html: Removed. * fast/dom/attribute-change-on-mutate-expected.txt: Removed. * fast/dom/attribute-change-on-mutate.html: Removed. * svg/custom/image-with-attr-change-after-delete-crash-expected.txt: Removed. * svg/custom/image-with-attr-change-after-delete-crash.html: Removed. * traversal/moz-bug590771-expected.txt: Removed. * traversal/moz-bug590771.html: Removed. Removed some outdated tests. * fast/custom-elements/reactions-for-webkit-extensions-expected.txt: * fast/custom-elements/reactions-for-webkit-extensions.html: * fast/dom/Attr/change-id-via-attr-node-value-expected.txt: * fast/dom/Attr/change-id-via-attr-node-value.html: * fast/dom/Element/normalize-crash.html: * fast/dom/Element/normalize-crash2.html: * fast/dom/HTMLLinkElement/event-while-removing-attribute-expected.txt: * fast/dom/HTMLLinkElement/event-while-removing-attribute.html: * fast/dom/MutationObserver/observe-attributes-expected.txt: * fast/dom/MutationObserver/observe-attributes.html: * fast/dom/import-attribute-node.html: * fast/dom/insertedIntoDocument-child.html: * fast/dom/insertedIntoDocument-sibling.html: * fast/dom/no-assert-for-malformed-js-url-attribute-expected.txt: * fast/dom/no-assert-for-malformed-js-url-attribute.html: * fast/dom/normalize-attributes-mutation-event-crash.html: * fast/dom/serialize-nodes.xhtml: * http/tests/security/xss-DENIED-iframe-src-alias-expected.txt: Update existing tests so they stop relying on Attr Node having Text children. Canonical link: https://commits.webkit.org/188639@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@216259 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2017-05-05 19:26:11 +00:00			`testFrame2.getAttributeNode("src").value += "javascript:missingFunction(this) orem ipsum dosolorem";`
Do not assert when CharacterData representing an Attr fires events https://bugs.webkit.org/show_bug.cgi?id=170454 <rdar://problem/30979320> Reviewed by Ryosuke Niwa. Source/WebCore: Make the NoEventDispatchAssertion in CharacterData::notifyParentAfterChange conditional since Attr elements should be allowed to fire events. Tests: fast/dom/no-assert-for-malformed-js-url-attribute.html * dom/CharacterData.cpp: (WebCore::CharacterData::notifyParentAfterChange): LayoutTests: * fast/dom/no-assert-for-malformed-js-url-attribute-expected.txt: Added. * fast/dom/no-assert-for-malformed-js-url-attribute.html: Added. Canonical link: https://commits.webkit.org/187399@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@214915 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2017-04-05 00:05:27 +00:00			`}`
			`</script>`
			`</head>`
			`<body onload="runTest()">`
			`<iframe id='testFrame1' src='javascript:'></iframe>`
			`<iframe id='testFrame2' src='foo'></iframe>`
			`</body>`
Attr Nodes should not have children https://bugs.webkit.org/show_bug.cgi?id=171688 <rdar://problem/31998412> Reviewed by Andreas Kling. Source/WebCore: Attr Nodes should not have children as per the latest DOM specification: - https://dom.spec.whatwg.org/#interface-attr - https://dom.spec.whatwg.org/#dom-attr-value - https://dom.spec.whatwg.org/#concept-node-ensure-pre-insertion-validity (Step 1) Firefox and Chrome both have been matching the DOM specification for a while so I think we should do the same. This aligns us with other browsers, simplifies the code, is more efficient and the code being removed has been prone to security bugs. Test: fast/dom/Attr/cannot-have-children.html * dom/Attr.cpp: (WebCore::Attr::Attr): (WebCore::Attr::create): (WebCore::Attr::setValue): (WebCore::Attr::cloneNodeInternal): * dom/Attr.h: - Have Attr subclass Node instead of ContainerNode as it can no longer have children. - Drop logic to dealing with children / creating a Text child. * dom/CharacterData.cpp: (WebCore::CharacterData::notifyParentAfterChange): Drop useless check found by the compiler. parentNode() can no longer be an Attr node. * dom/Node.cpp: (WebCore::appendTextContent): appendTextContent() is called by Node.TextContent(). For Attr Nodes, we should no longer traverse its subtree to gather Text Nodes. Instead, we now return Attr.value, as per the specification: - https://dom.spec.whatwg.org/#dom-node-textcontent * dom/Range.cpp: (WebCore::lengthOfContentsInNode): As per https://dom.spec.whatwg.org/#concept-node-length, we should return the number of children for Attr Nodes, which will always be 0. * xml/XPathUtil.cpp: (WebCore::XPath::isValidContextNode): Always return true for TEXT_NODE as the !(node->parentNode() && node->parentNode()->isAttributeNode()) check will also with true now. This is because a parentNode() cannot be an Attribute Node. LayoutTests: * fast/dom/Attr/cannot-have-children-expected.txt: Added. * fast/dom/Attr/cannot-have-children.html: Added. Add layout test coverage. I have verified that this test passes in both Firefox and Chrome. * dom/html/level1/: Removed legacy / outdated tests. dom/xhtml/level1/: Removed legacy / outdated tests. fast/dom/Attr/child-nodes-cache-expected.txt: Removed. * fast/dom/Attr/child-nodes-cache.html: Removed. * fast/dom/Attr/child-nodes-length-cache-expected.txt: Removed. * fast/dom/Attr/child-nodes-length-cache.html: Removed. * fast/dom/Attr/invalidate-nodelist-after-attr-setvalue-expected.txt: Removed. * fast/dom/Attr/invalidate-nodelist-after-attr-setvalue.html: Removed. * fast/dom/attribute-change-on-mutate-expected.txt: Removed. * fast/dom/attribute-change-on-mutate.html: Removed. * svg/custom/image-with-attr-change-after-delete-crash-expected.txt: Removed. * svg/custom/image-with-attr-change-after-delete-crash.html: Removed. * traversal/moz-bug590771-expected.txt: Removed. * traversal/moz-bug590771.html: Removed. Removed some outdated tests. * fast/custom-elements/reactions-for-webkit-extensions-expected.txt: * fast/custom-elements/reactions-for-webkit-extensions.html: * fast/dom/Attr/change-id-via-attr-node-value-expected.txt: * fast/dom/Attr/change-id-via-attr-node-value.html: * fast/dom/Element/normalize-crash.html: * fast/dom/Element/normalize-crash2.html: * fast/dom/HTMLLinkElement/event-while-removing-attribute-expected.txt: * fast/dom/HTMLLinkElement/event-while-removing-attribute.html: * fast/dom/MutationObserver/observe-attributes-expected.txt: * fast/dom/MutationObserver/observe-attributes.html: * fast/dom/import-attribute-node.html: * fast/dom/insertedIntoDocument-child.html: * fast/dom/insertedIntoDocument-sibling.html: * fast/dom/no-assert-for-malformed-js-url-attribute-expected.txt: * fast/dom/no-assert-for-malformed-js-url-attribute.html: * fast/dom/normalize-attributes-mutation-event-crash.html: * fast/dom/serialize-nodes.xhtml: * http/tests/security/xss-DENIED-iframe-src-alias-expected.txt: Update existing tests so they stop relying on Attr Node having Text children. Canonical link: https://commits.webkit.org/188639@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@216259 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2017-05-05 19:26:11 +00:00			`</html>`