Fix bad cast to XPath::Filter in XPathGrammar.y

Fix bad cast to XPath::Filter in XPathGrammar.y

In XPathGrammar.y, we cast the Expression to Filter before passing it to the
Path constructor. This is wrong as the Expression is not necessarily of type
XPath::Filter. For example, in fast/xpath/id-simple.html, it has type
XPath::Function.

I noticed this bug when marking the XPath::Filter class as FINAL. The
fast/xpath/id-simple.html test started crashing as the call to
Filter::evaluate() was resolved at compile time instead of using the vtable at
runtime. Since the object is actually a XPath::Function and not a XPath::Filter
in this test, this was causing trouble.
BUG=333155
R=abarth, esprehn

Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=164845

[esprehn, 2014-01-10 04:03:24]

Woah, final is awesome. Lgtm

To unsubscribe from this group and stop receiving emails from it, send an email
to blink-reviews+unsubscribe@chromium.org.

[eseidel, 2014-01-10 04:09:28]

lgtm

[commit-bot: I haz the power, 2014-01-10 04:09:44]

CQ is trying da patch. Follow status at
https://chromium-status.appspot.com/cq/ch.dumez@samsung.com/131593003/1

[inferno, 2014-01-10 05:49:16]

Filed tracking security bug
https://code.google.com/p/chromium/issues/detail?id=333155 and added to
description. Thanks for finding and fixing this.

[commit-bot: I haz the power, 2014-01-10 06:11:26]

Commit queue rejected this change because the description was changed
between the time the change entered the commit queue and the time it
was ready to commit. You can safely check the commit box again.

[commit-bot: I haz the power, 2014-01-10 06:13:52]

CQ is trying da patch. Follow status at
https://chromium-status.appspot.com/cq/ch.dumez@samsung.com/131593003/1

[commit-bot: I haz the power, 2014-01-10 06:21:17]

Change committed as 164845