Closed
Bug 1806
Opened 26 years ago
Closed 26 years ago
TextArea HTML Forms Crash if invalid attrib - code fix included
Categories
(Core :: Layout, defect, P2)
Tracking
()
VERIFIED
FIXED
People
(Reporter: mle, Assigned: karnaze)
Details
In an HTML Form Textarea an invalid attribute name will cause an
exception and valid attributes may not be handled correctly.
I found the bug and have included a code fix for the problem below.
The problem is in /layout/html/forms/src/nsTextControlFrame.cpp.
It is a simple problem of matching curly braces so it is
obvious that the fix is correct. The first example shows the
corrected code. The second shows the original code with comments
inserted to show the changed lines.
CORRECT CODE:
NS_IMETHODIMP
nsTextControlFrame::AttributeChanged(nsIPresContext* aPresContext,
nsIContent* aChild,
nsIAtom* aAttribute,
PRInt32 aHint)
{
nsresult result = NS_OK;
nsresult insult;
PRInt32 type;
GetType(&type);
if (mWidget) {
nsITextWidget* text = nsnull;
result = mWidget->QueryInterface(kITextWidgetIID, (void**)&text);
if ((NS_SUCCEEDED(result)) && (nsnull != text)) {
if (nsHTMLAtoms::value == aAttribute) {
nsString value;
nsresult result = GetText(&value);
PRUint32 ignore;
text->SetText(value, ignore);
nsFormFrame::StyleChangeReflow(aPresContext, this);
} else if (nsHTMLAtoms::size == aAttribute) {
nsFormFrame::StyleChangeReflow(aPresContext, this);
} else if (nsHTMLAtoms::maxlength == aAttribute) {
PRInt32 maxLength;
nsresult result = GetMaxLength(&maxLength);
if (NS_CONTENT_ATTR_NOT_THERE != result) {
text->SetMaxTextLength(maxLength);
}
}
NS_RELEASE(text);
}
}
return result;
}
ORIGINAL INCORRECT CODE WITH COMMENTS TO SHOW ERRORS:
NS_IMETHODIMP
nsTextControlFrame::AttributeChanged(nsIPresContext* aPresContext,
nsIContent* aChild,
nsIAtom* aAttribute,
PRInt32 aHint)
{
nsresult result = NS_OK;
PRInt32 type;
GetType(&type);
if (mWidget) {
nsITextWidget* text = nsnull;
result = mWidget->QueryInterface(kITextWidgetIID, (void**)&text);
if ((NS_SUCCEEDED(result)) && (nsnull != text)) {
if (nsHTMLAtoms::value == aAttribute) {
nsString value;
nsresult result = GetText(&value);
PRUint32 ignore;
text->SetText(value, ignore);
nsFormFrame::StyleChangeReflow(aPresContext, this);
// The following curly brace should be deleted as the if
// is terminated by the curly brace before the else if clause
}
} else if (nsHTMLAtoms::size == aAttribute) {
nsFormFrame::StyleChangeReflow(aPresContext, this);
} else if (nsHTMLAtoms::maxlength == aAttribute) {
PRInt32 maxLength;
nsresult result = GetMaxLength(&maxLength);
if (NS_CONTENT_ATTR_NOT_THERE != result) {
text->SetMaxTextLength(maxLength);
}
}
NS_RELEASE(text);
// A curly brace should be added to the line below to
// terminate the if ((NS_SUCCEEDED ... block
}
return result;
}
Perhaps the attached code also fixes bug # 1286.
Assignee | ||
Updated•26 years ago
|
Status: NEW → RESOLVED
Closed: 26 years ago
Resolution: --- → FIXED
Assignee | ||
Comment 2•26 years ago
|
||
I made the changes supplied by mle@citec.fi. Thank you.
Updated•26 years ago
|
QA Contact: 4144
Comment 3•26 years ago
|
||
I would like to check this fix in the latest build. Could a test case or sample
html file be provide to help check to see if this problem was addressed ?
Assignee | ||
Comment 4•26 years ago
|
||
Eric Pollmann is working on DOM changes to form controls, including text fields
and text areas.
Updated•26 years ago
|
Status: RESOLVED → VERIFIED
Comment 5•26 years ago
|
||
Fixed in Feb 11 Build.
You need to log in
before you can comment on or make changes to this bug.
Description
•