- Revision
- 137835
- Author
- [email protected]
- Date
- 2012-12-16 02:01:09 -0800 (Sun, 16 Dec 2012)
Log Message
Source/WebCore: [CSS Regions] broken feature detection: body.webkitRegionOverset and body.webkitGetRegionFlowRanges shouldn't succeed when disabled at runtime
https://bugs.webkit.org/show_bug.cgi?id=99707
Patch by Mihai Maerean <[email protected]> on 2012-12-16
Reviewed by Hajime Morita.
The bug is that the CSS Regions feature leaks information at run-time. There are JS properties that exist even
if the feature is disabled at run-time (document.webkitGetNamedFlows, document.body.webkitRegionOverset,
document.body.webkitGetRegionFlowRanges and window.WebKitCSSRegionRule).
The fix is to add V8EnabledAtRuntime=cssRegions in the IDL files to the properties that leak information and to
the interfaces that are the type of those properties.
Test: fast/regions/region-leak-js-information-when-disabled-at-runtime.html
* css/WebKitCSSRegionRule.idl:
added V8EnabledAtRuntime=cssRegions for the WebKitCSSRegionRule interface.
* dom/DOMNamedFlowCollection.idl:
added V8EnabledAtRuntime=cssRegions for the DOMNamedFlowCollection interface.
* dom/Document.idl:
added V8EnabledAtRuntime=cssRegions for the webkitGetNamedFlows method.
* dom/Element.idl:
added V8EnabledAtRuntime=cssRegions for the webkitRegionOverset attribute.
added V8EnabledAtRuntime=cssRegions for the webkitGetRegionFlowRanges method.
* page/DOMWindow.idl:
added V8EnabledAtRuntime=cssRegions for the WebKitCSSRegionRule attribute.
LayoutTests: [CSS Regions] broken feature detection: body.webkitRegionOverset and body.webkitGetRegionFlowRanges shouldn't succeed when disabled at runtime.
https://bugs.webkit.org/show_bug.cgi?id=99707
Patch by Mihai Maerean <[email protected]> on 2012-12-16
Reviewed by Hajime Morita.
The bug is that the CSS Regions feature leaks information at run-time. There are JS properties that exist even
if the feature is disabled at run-time (document.webkitGetNamedFlows, document.body.webkitRegionOverset,
document.body.webkitGetRegionFlowRanges and window.WebKitCSSRegionRule).
The best LayoutTest would test that the properties exist when the feature is enabled and that the properties
just aren't there when the feature is disabled.
But, since during running Layout Tests the feature is enabled by default and switching the
RuntimeEnabledFeatures requires the process to be restarted and that is currently not possible, we can only test
that the properties exist and have the proper type.
* fast/regions/region-leak-js-information-when-disabled-at-runtime-expected.txt: Added.
* fast/regions/region-leak-js-information-when-disabled-at-runtime.html: Added.
Modified Paths
Added Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (137834 => 137835)
--- trunk/LayoutTests/ChangeLog 2012-12-16 04:41:09 UTC (rev 137834)
+++ trunk/LayoutTests/ChangeLog 2012-12-16 10:01:09 UTC (rev 137835)
@@ -1,3 +1,22 @@
+2012-12-16 Mihai Maerean <[email protected]>
+
+ [CSS Regions] broken feature detection: body.webkitRegionOverset and body.webkitGetRegionFlowRanges shouldn't succeed when disabled at runtime.
+ https://bugs.webkit.org/show_bug.cgi?id=99707
+
+ Reviewed by Hajime Morita.
+
+ The bug is that the CSS Regions feature leaks information at run-time. There are JS properties that exist even
+ if the feature is disabled at run-time (document.webkitGetNamedFlows, document.body.webkitRegionOverset,
+ document.body.webkitGetRegionFlowRanges and window.WebKitCSSRegionRule).
+ The best LayoutTest would test that the properties exist when the feature is enabled and that the properties
+ just aren't there when the feature is disabled.
+ But, since during running Layout Tests the feature is enabled by default and switching the
+ RuntimeEnabledFeatures requires the process to be restarted and that is currently not possible, we can only test
+ that the properties exist and have the proper type.
+
+ * fast/regions/region-leak-js-information-when-disabled-at-runtime-expected.txt: Added.
+ * fast/regions/region-leak-js-information-when-disabled-at-runtime.html: Added.
+
2012-12-15 Ian Vollick <[email protected]>
[chromium] More expectations updates for composited scrolling.
Added: trunk/LayoutTests/fast/regions/region-leak-js-information-when-disabled-at-runtime-expected.txt (0 => 137835)
--- trunk/LayoutTests/fast/regions/region-leak-js-information-when-disabled-at-runtime-expected.txt (rev 0)
+++ trunk/LayoutTests/fast/regions/region-leak-js-information-when-disabled-at-runtime-expected.txt 2012-12-16 10:01:09 UTC (rev 137835)
@@ -0,0 +1,13 @@
+Test for 94070 [CSSRegions] broken feature detection: syntax parsing succeeds when CSS REGIONS is disabled at runtime
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS typeof(document.webkitGetNamedFlows) is "function"
+PASS typeof(document.body.webkitRegionOverset) is "string"
+PASS typeof(document.body.webkitGetRegionFlowRanges) is "function"
+PASS window.WebKitCSSRegionRule is defined.
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
Added: trunk/LayoutTests/fast/regions/region-leak-js-information-when-disabled-at-runtime.html (0 => 137835)
--- trunk/LayoutTests/fast/regions/region-leak-js-information-when-disabled-at-runtime.html (rev 0)
+++ trunk/LayoutTests/fast/regions/region-leak-js-information-when-disabled-at-runtime.html 2012-12-16 10:01:09 UTC (rev 137835)
@@ -0,0 +1,41 @@
+<!doctype html>
+<html>
+ <!--
+ The bug is that the CSS Regions feature leaks information at run-time. There are JS properties that exist even
+ if the feature is disabled at run-time (document.webkitGetNamedFlows, document.body.webkitRegionOverset,
+ document.body.webkitGetRegionFlowRanges and window.WebKitCSSRegionRule).
+ The best LayoutTest would test that the properties exist when the feature is enabled and that the properties
+ just aren't there when the feature is disabled.
+ But, since during running Layout Tests the feature is enabled by default and switching the
+ RuntimeEnabledFeatures requires the process to be restarted and that is currently not possible, we can only test
+ that the properties exist and have the proper type.
+ On success, you should see a series of PASS messages.
+ -->
+ <head>
+ <script src=""
+ </head>
+ <body>
+ <script>
+
+ description("<p>Test for <a href="" [CSSRegions] broken feature detection: syntax parsing succeeds when CSS REGIONS is disabled at runtime</a></p>");
+
+ shouldBeEqualToString( "typeof(document.webkitGetNamedFlows)", "function" );
+ shouldBeEqualToString( "typeof(document.body.webkitRegionOverset)", "string" );
+ shouldBeEqualToString( "typeof(document.body.webkitGetRegionFlowRanges)", "function" );
+ shouldBeDefined( "window.WebKitCSSRegionRule" );
+
+/*
+ // FIXME: uncomment the following code when switching a RuntimeEnabledFeatures flag doesn't require the browser
+ // process to be restarted.
+ if(window.testRunner)
+ window.testRunner.overridePreference("WebKitCSSRegionsEnabled", false);
+
+ shouldBeFalse( "'webkitGetNamedFlows' in document" );
+ shouldBeFalse( "document.body.hasOwnProperty( 'webkitRegionOverset' )" );
+ shouldBeFalse( "'webkitGetRegionFlowRanges' in document.body" );
+ shouldBeUndefined( "window.WebKitCSSRegionRule" );
+*/
+ </script>
+ <script src=""
+ </body>
+</html>
\ No newline at end of file
Modified: trunk/Source/WebCore/ChangeLog (137834 => 137835)
--- trunk/Source/WebCore/ChangeLog 2012-12-16 04:41:09 UTC (rev 137834)
+++ trunk/Source/WebCore/ChangeLog 2012-12-16 10:01:09 UTC (rev 137835)
@@ -1,3 +1,31 @@
+2012-12-16 Mihai Maerean <[email protected]>
+
+ [CSS Regions] broken feature detection: body.webkitRegionOverset and body.webkitGetRegionFlowRanges shouldn't succeed when disabled at runtime
+ https://bugs.webkit.org/show_bug.cgi?id=99707
+
+ Reviewed by Hajime Morita.
+
+ The bug is that the CSS Regions feature leaks information at run-time. There are JS properties that exist even
+ if the feature is disabled at run-time (document.webkitGetNamedFlows, document.body.webkitRegionOverset,
+ document.body.webkitGetRegionFlowRanges and window.WebKitCSSRegionRule).
+
+ The fix is to add V8EnabledAtRuntime=cssRegions in the IDL files to the properties that leak information and to
+ the interfaces that are the type of those properties.
+
+ Test: fast/regions/region-leak-js-information-when-disabled-at-runtime.html
+
+ * css/WebKitCSSRegionRule.idl:
+ added V8EnabledAtRuntime=cssRegions for the WebKitCSSRegionRule interface.
+ * dom/DOMNamedFlowCollection.idl:
+ added V8EnabledAtRuntime=cssRegions for the DOMNamedFlowCollection interface.
+ * dom/Document.idl:
+ added V8EnabledAtRuntime=cssRegions for the webkitGetNamedFlows method.
+ * dom/Element.idl:
+ added V8EnabledAtRuntime=cssRegions for the webkitRegionOverset attribute.
+ added V8EnabledAtRuntime=cssRegions for the webkitGetRegionFlowRanges method.
+ * page/DOMWindow.idl:
+ added V8EnabledAtRuntime=cssRegions for the WebKitCSSRegionRule attribute.
+
2012-12-15 Ian Vollick <[email protected]>
[chromium] Automatically use composited scrolling
Modified: trunk/Source/WebCore/css/WebKitCSSRegionRule.idl (137834 => 137835)
--- trunk/Source/WebCore/css/WebKitCSSRegionRule.idl 2012-12-16 04:41:09 UTC (rev 137834)
+++ trunk/Source/WebCore/css/WebKitCSSRegionRule.idl 2012-12-16 10:01:09 UTC (rev 137835)
@@ -29,6 +29,7 @@
[
Conditional=CSS_REGIONS,
+ V8EnabledAtRuntime=cssRegions,
] interface WebKitCSSRegionRule : CSSRule {
readonly attribute CSSRuleList cssRules;
};
Modified: trunk/Source/WebCore/dom/DOMNamedFlowCollection.idl (137834 => 137835)
--- trunk/Source/WebCore/dom/DOMNamedFlowCollection.idl 2012-12-16 04:41:09 UTC (rev 137834)
+++ trunk/Source/WebCore/dom/DOMNamedFlowCollection.idl 2012-12-16 10:01:09 UTC (rev 137835)
@@ -29,6 +29,7 @@
[
Conditional=CSS_REGIONS,
+ V8EnabledAtRuntime=cssRegions,
InterfaceName=WebKitNamedFlowCollection,
JSGenerateToJSObject,
IndexedGetter,
Modified: trunk/Source/WebCore/dom/Document.idl (137834 => 137835)
--- trunk/Source/WebCore/dom/Document.idl 2012-12-16 04:41:09 UTC (rev 137834)
+++ trunk/Source/WebCore/dom/Document.idl 2012-12-16 10:01:09 UTC (rev 137835)
@@ -260,7 +260,7 @@
[Conditional=POINTER_LOCK] void webkitExitPointerLock();
[Conditional=POINTER_LOCK] readonly attribute Element webkitPointerLockElement;
- [Conditional=CSS_REGIONS] DOMNamedFlowCollection webkitGetNamedFlows();
+ [Conditional=CSS_REGIONS, V8EnabledAtRuntime=cssRegions] DOMNamedFlowCollection webkitGetNamedFlows();
#if !defined(LANGUAGE_OBJECTIVE_C) || !LANGUAGE_OBJECTIVE_C
// Event handler DOM attributes
Modified: trunk/Source/WebCore/dom/Element.idl (137834 => 137835)
--- trunk/Source/WebCore/dom/Element.idl 2012-12-16 04:41:09 UTC (rev 137834)
+++ trunk/Source/WebCore/dom/Element.idl 2012-12-16 10:01:09 UTC (rev 137835)
@@ -149,8 +149,8 @@
[Conditional=POINTER_LOCK] void webkitRequestPointerLock();
// CSS Regions API
- [Conditional=CSS_REGIONS] readonly attribute DOMString webkitRegionOverset;
- [Conditional=CSS_REGIONS] sequence<Range> webkitGetRegionFlowRanges();
+ [Conditional=CSS_REGIONS, V8EnabledAtRuntime=cssRegions] readonly attribute DOMString webkitRegionOverset;
+ [Conditional=CSS_REGIONS, V8EnabledAtRuntime=cssRegions] sequence<Range> webkitGetRegionFlowRanges();
#if !defined(LANGUAGE_OBJECTIVE_C) || !LANGUAGE_OBJECTIVE_C
// Event handler DOM attributes
Modified: trunk/Source/WebCore/page/DOMWindow.idl (137834 => 137835)
--- trunk/Source/WebCore/page/DOMWindow.idl 2012-12-16 04:41:09 UTC (rev 137834)
+++ trunk/Source/WebCore/page/DOMWindow.idl 2012-12-16 10:01:09 UTC (rev 137835)
@@ -575,7 +575,7 @@
attribute WebKitCSSKeyframeRuleConstructor WebKitCSSKeyframeRule;
attribute WebKitCSSKeyframesRuleConstructor WebKitCSSKeyframesRule;
- [Conditional=CSS_REGIONS] attribute WebKitCSSRegionRuleConstructor WebKitCSSRegionRule;
+ [Conditional=CSS_REGIONS, V8EnabledAtRuntime=cssRegions] attribute WebKitCSSRegionRuleConstructor WebKitCSSRegionRule;
attribute WebKitCSSMatrixConstructor WebKitCSSMatrix; // Usable with the new operator
