Skip to content
Permalink
Browse files
2010-07-21 Kent Tamura <tkent@chromium.org>
        Reviewed by Darin Adler.

        Assertion failure by changing the type of an input element with a
        non-number value to 'range'.
        https://bugs.webkit.org/show_bug.cgi?id=42643

        * fast/forms/input-value-sanitization-expected.txt: Added.
        * fast/forms/input-value-sanitization.html: Added.
        * fast/forms/script-tests/input-value-sanitization.js: Added.
2010-07-21  Kent Tamura  <tkent@chromium.org>

        Reviewed by Darin Adler.

        Assertion failure by changing the type of an input element with a
        non-number value to 'range'.
        https://bugs.webkit.org/show_bug.cgi?id=42643

        Test: fast/forms/input-value-sanitization.html

        * html/HTMLInputElement.cpp:
        (WebCore::HTMLInputElement::setInputType):
        Update the value by HTMLInputElement::sanitizeValue() in a case that
        storesValueSeparateFromAttribute() state is not changed.

Canonical link: https://commits.webkit.org/54713@main
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@63876 268f45cc-cd09-0410-ab3c-d52691b4dbfc
  • Loading branch information
tkent-google committed Jul 22, 2010
1 parent 18cb935 commit e6b2d77e25d2647fa722860ce9fcc893f5e63df4
@@ -1,3 +1,15 @@
2010-07-21 Kent Tamura <tkent@chromium.org>

Reviewed by Darin Adler.

Assertion failure by changing the type of an input element with a
non-number value to 'range'.
https://bugs.webkit.org/show_bug.cgi?id=42643

* fast/forms/input-value-sanitization-expected.txt: Added.
* fast/forms/input-value-sanitization.html: Added.
* fast/forms/script-tests/input-value-sanitization.js: Added.

2010-07-21 Justin Schuh <jschuh@chromium.org>

Unreviewed. Build fix.
@@ -0,0 +1,10 @@
Tests for value sanitization algorithm.

On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".


PASS input.value is "50"
PASS successfullyParsed is true

TEST COMPLETE

@@ -0,0 +1,13 @@
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
<html>
<head>
<link rel="stylesheet" href="../../fast/js/resources/js-test-style.css">
<script src="../../fast/js/resources/js-test-pre.js"></script>
</head>
<body>
<p id="description"></p>
<div id="console"></div>
<script src="script-tests/input-value-sanitization.js"></script>
<script src="../../fast/js/resources/js-test-post.js"></script>
</body>
</html>
@@ -0,0 +1,14 @@
description('Tests for value sanitization algorithm.');

var input = document.createElement('input');

input.type = 'text';
input.value = ':)';

input.type = 'range';
shouldBe('input.value', '"50"');

// FIXME: Add more sanitization tests.
// https://bugs.webkit.org/show_bug.cgi?id=37024

var successfullyParsed = true;
@@ -1,3 +1,18 @@
2010-07-21 Kent Tamura <tkent@chromium.org>

Reviewed by Darin Adler.

Assertion failure by changing the type of an input element with a
non-number value to 'range'.
https://bugs.webkit.org/show_bug.cgi?id=42643

Test: fast/forms/input-value-sanitization.html

* html/HTMLInputElement.cpp:
(WebCore::HTMLInputElement::setInputType):
Update the value by HTMLInputElement::sanitizeValue() in a case that
storesValueSeparateFromAttribute() state is not changed.

2010-07-21 Adam Barth <abarth@webkit.org>

Reviewed by Eric Seidel.
@@ -863,8 +863,12 @@ void HTMLInputElement::setInputType(const String& t)
}
if (!didStoreValue && willStoreValue)
m_data.setValue(sanitizeValue(getAttribute(valueAttr)));
else
InputElement::updateValueIfNeeded(m_data, this);
else {
String oldValue = m_data.value();
String newValue = sanitizeValue(oldValue);
if (newValue != oldValue)
setValue(newValue);
}

if (wasPasswordField && !isPasswordField)
unregisterForActivationCallbackIfNeeded();

0 comments on commit e6b2d77

Please sign in to comment.