OLD | NEW |
---|---|
1 /* | 1 /* |
2 * Copyright (C) 2010 Nokia Corporation and/or its subsidiary(-ies). | 2 * Copyright (C) 2010 Nokia Corporation and/or its subsidiary(-ies). |
3 * Copyright (C) 1999 Lars Knoll (knoll@kde.org) | 3 * Copyright (C) 1999 Lars Knoll (knoll@kde.org) |
4 * (C) 1999 Antti Koivisto (koivisto@kde.org) | 4 * (C) 1999 Antti Koivisto (koivisto@kde.org) |
5 * (C) 2001 Dirk Mueller (mueller@kde.org) | 5 * (C) 2001 Dirk Mueller (mueller@kde.org) |
6 * Copyright (C) 2004, 2005, 2006, 2007, 2009, 2010, 2011 Apple Inc. All rights reserved. | 6 * Copyright (C) 2004, 2005, 2006, 2007, 2009, 2010, 2011 Apple Inc. All rights reserved. |
7 * (C) 2006 Alexey Proskuryakov (ap@nypop.com) | 7 * (C) 2006 Alexey Proskuryakov (ap@nypop.com) |
8 * Copyright (C) 2010 Google Inc. All rights reserved. | 8 * Copyright (C) 2010 Google Inc. All rights reserved. |
9 * Copyright (C) 2009 Torch Mobile Inc. All rights reserved. (http://www.torchmo bile.com/) | 9 * Copyright (C) 2009 Torch Mobile Inc. All rights reserved. (http://www.torchmo bile.com/) |
10 * | 10 * |
(...skipping 1021 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1032 const WillBeHeapVector<RawPtrWillBeMember<HTMLElement> >& items = listItems( ); | 1032 const WillBeHeapVector<RawPtrWillBeMember<HTMLElement> >& items = listItems( ); |
1033 size_t length = items.size(); | 1033 size_t length = items.size(); |
1034 FormControlState state; | 1034 FormControlState state; |
1035 for (unsigned i = 0; i < length; ++i) { | 1035 for (unsigned i = 0; i < length; ++i) { |
1036 if (!isHTMLOptionElement(*items[i])) | 1036 if (!isHTMLOptionElement(*items[i])) |
1037 continue; | 1037 continue; |
1038 HTMLOptionElement* option = toHTMLOptionElement(items[i]); | 1038 HTMLOptionElement* option = toHTMLOptionElement(items[i]); |
1039 if (!option->selected()) | 1039 if (!option->selected()) |
1040 continue; | 1040 continue; |
1041 state.append(option->value()); | 1041 state.append(option->value()); |
1042 state.append(String::number(i)); | |
tkent
2014/09/09 02:14:45
Because you change the format of the state, you ne
spartha
2014/09/09 11:09:56
Done.
| |
1042 if (!multiple()) | 1043 if (!multiple()) |
1043 break; | 1044 break; |
1044 } | 1045 } |
1045 return state; | 1046 return state; |
1046 } | 1047 } |
1047 | 1048 |
1048 size_t HTMLSelectElement::searchOptionsForValue(const String& value, size_t list IndexStart, size_t listIndexEnd) const | 1049 size_t HTMLSelectElement::searchOptionsForValue(const String& value, size_t list IndexStart, size_t listIndexEnd) const |
1049 { | 1050 { |
1050 const WillBeHeapVector<RawPtrWillBeMember<HTMLElement> >& items = listItems( ); | 1051 const WillBeHeapVector<RawPtrWillBeMember<HTMLElement> >& items = listItems( ); |
1051 size_t loopEndIndex = std::min(items.size(), listIndexEnd); | 1052 size_t loopEndIndex = std::min(items.size(), listIndexEnd); |
(...skipping 14 matching lines...) Expand all Loading... | |
1066 size_t itemsSize = items.size(); | 1067 size_t itemsSize = items.size(); |
1067 if (!itemsSize) | 1068 if (!itemsSize) |
1068 return; | 1069 return; |
1069 | 1070 |
1070 for (size_t i = 0; i < itemsSize; ++i) { | 1071 for (size_t i = 0; i < itemsSize; ++i) { |
1071 if (!isHTMLOptionElement(items[i])) | 1072 if (!isHTMLOptionElement(items[i])) |
1072 continue; | 1073 continue; |
1073 toHTMLOptionElement(items[i])->setSelectedState(false); | 1074 toHTMLOptionElement(items[i])->setSelectedState(false); |
1074 } | 1075 } |
1075 | 1076 |
1077 // The saved state should have atleast one value and an index. | |
tkent
2014/09/09 02:14:45
atleast -> at least
spartha
2014/09/09 11:09:56
Done.
| |
1078 ASSERT(state.valueSize() >= 2); | |
1076 if (!multiple()) { | 1079 if (!multiple()) { |
1077 size_t foundIndex = searchOptionsForValue(state[0], 0, itemsSize); | 1080 size_t index = state[1].toInt(); |
tkent
2014/09/09 02:14:45
This code parsing a unsigned value as a signed val
spartha
2014/09/09 11:09:56
Done.
| |
1078 if (foundIndex != kNotFound) | 1081 if (valueAtIndex(index) == state[0]) { |
1079 toHTMLOptionElement(items[foundIndex])->setSelectedState(true); | 1082 toHTMLOptionElement(items[index])->setSelectedState(true); |
tkent
2014/09/09 02:14:45
This has a bad-cast vulnerability if state[0] is a
spartha
2014/09/09 11:09:56
Done.
| |
1083 } else { | |
1084 size_t foundIndex = searchOptionsForValue(state[0], 0, itemsSize); | |
1085 if (foundIndex != kNotFound) | |
1086 toHTMLOptionElement(items[foundIndex])->setSelectedState(true); | |
1087 } | |
1080 } else { | 1088 } else { |
1081 size_t startIndex = 0; | 1089 size_t startIndex = 0; |
1082 for (size_t i = 0; i < state.valueSize(); ++i) { | 1090 for (size_t i = 0; i < state.valueSize(); i+= 2) { |
1083 const String& value = state[i]; | 1091 const String& value = state[i]; |
1084 size_t foundIndex = searchOptionsForValue(value, startIndex, itemsSi ze); | 1092 const size_t index = state[i + 1].toInt(); |
tkent
2014/09/09 02:14:45
parsing a unsigned value as a signed value.
spartha
2014/09/09 11:09:56
Done.
| |
1085 if (foundIndex == kNotFound) | 1093 if (valueAtIndex(index) == value) { |
1086 foundIndex = searchOptionsForValue(value, 0, startIndex); | 1094 toHTMLOptionElement(items[index])->setSelectedState(true); |
tkent
2014/09/09 02:14:45
Ditto. bad-cast.
spartha
2014/09/09 11:09:56
Done.
| |
1087 if (foundIndex == kNotFound) | 1095 startIndex = index + 1; |
1088 continue; | 1096 } else { |
1089 toHTMLOptionElement(items[foundIndex])->setSelectedState(true); | 1097 size_t foundIndex = searchOptionsForValue(value, startIndex, ite msSize); |
1090 startIndex = foundIndex + 1; | 1098 if (foundIndex == kNotFound) |
1099 foundIndex = searchOptionsForValue(value, 0, startIndex); | |
1100 if (foundIndex == kNotFound) | |
1101 continue; | |
1102 toHTMLOptionElement(items[foundIndex])->setSelectedState(true); | |
1103 startIndex = foundIndex + 1; | |
1104 } | |
1091 } | 1105 } |
1092 } | 1106 } |
1093 | 1107 |
1094 setOptionsChangedOnRenderer(); | 1108 setOptionsChangedOnRenderer(); |
1095 setNeedsValidityCheck(); | 1109 setNeedsValidityCheck(); |
1096 } | 1110 } |
1097 | 1111 |
1098 void HTMLSelectElement::parseMultipleAttribute(const AtomicString& value) | 1112 void HTMLSelectElement::parseMultipleAttribute(const AtomicString& value) |
1099 { | 1113 { |
1100 m_multiple = !value.isNull(); | 1114 m_multiple = !value.isNull(); |
(...skipping 639 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1740 int focusedIndex = activeSelectionEndListIndex(); | 1754 int focusedIndex = activeSelectionEndListIndex(); |
1741 if (focusedIndex < 0) | 1755 if (focusedIndex < 0) |
1742 focusedIndex = firstSelectableListIndex(); | 1756 focusedIndex = firstSelectableListIndex(); |
1743 if (focusedIndex < 0) | 1757 if (focusedIndex < 0) |
1744 return nullptr; | 1758 return nullptr; |
1745 HTMLElement* focused = listItems()[focusedIndex]; | 1759 HTMLElement* focused = listItems()[focusedIndex]; |
1746 return isHTMLOptionElement(focused) ? toHTMLOptionElement(focused) : nullptr ; | 1760 return isHTMLOptionElement(focused) ? toHTMLOptionElement(focused) : nullptr ; |
1747 } | 1761 } |
1748 | 1762 |
1749 } // namespace | 1763 } // namespace |
OLD | NEW |