Closed Bug 1806 Opened 26 years ago Closed 26 years ago

TextArea HTML Forms Crash if invalid attrib - code fix included

Categories

(Core :: Layout, defect, P2)

x86
All
defect

Tracking

()

VERIFIED FIXED

People

(Reporter: mle, Assigned: karnaze)

Details

In an HTML Form Textarea an invalid attribute name will cause an exception and valid attributes may not be handled correctly. I found the bug and have included a code fix for the problem below. The problem is in /layout/html/forms/src/nsTextControlFrame.cpp. It is a simple problem of matching curly braces so it is obvious that the fix is correct. The first example shows the corrected code. The second shows the original code with comments inserted to show the changed lines. CORRECT CODE: NS_IMETHODIMP nsTextControlFrame::AttributeChanged(nsIPresContext* aPresContext, nsIContent* aChild, nsIAtom* aAttribute, PRInt32 aHint) { nsresult result = NS_OK; nsresult insult; PRInt32 type; GetType(&type); if (mWidget) { nsITextWidget* text = nsnull; result = mWidget->QueryInterface(kITextWidgetIID, (void**)&text); if ((NS_SUCCEEDED(result)) && (nsnull != text)) { if (nsHTMLAtoms::value == aAttribute) { nsString value; nsresult result = GetText(&value); PRUint32 ignore; text->SetText(value, ignore); nsFormFrame::StyleChangeReflow(aPresContext, this); } else if (nsHTMLAtoms::size == aAttribute) { nsFormFrame::StyleChangeReflow(aPresContext, this); } else if (nsHTMLAtoms::maxlength == aAttribute) { PRInt32 maxLength; nsresult result = GetMaxLength(&maxLength); if (NS_CONTENT_ATTR_NOT_THERE != result) { text->SetMaxTextLength(maxLength); } } NS_RELEASE(text); } } return result; } ORIGINAL INCORRECT CODE WITH COMMENTS TO SHOW ERRORS: NS_IMETHODIMP nsTextControlFrame::AttributeChanged(nsIPresContext* aPresContext, nsIContent* aChild, nsIAtom* aAttribute, PRInt32 aHint) { nsresult result = NS_OK; PRInt32 type; GetType(&type); if (mWidget) { nsITextWidget* text = nsnull; result = mWidget->QueryInterface(kITextWidgetIID, (void**)&text); if ((NS_SUCCEEDED(result)) && (nsnull != text)) { if (nsHTMLAtoms::value == aAttribute) { nsString value; nsresult result = GetText(&value); PRUint32 ignore; text->SetText(value, ignore); nsFormFrame::StyleChangeReflow(aPresContext, this); // The following curly brace should be deleted as the if // is terminated by the curly brace before the else if clause } } else if (nsHTMLAtoms::size == aAttribute) { nsFormFrame::StyleChangeReflow(aPresContext, this); } else if (nsHTMLAtoms::maxlength == aAttribute) { PRInt32 maxLength; nsresult result = GetMaxLength(&maxLength); if (NS_CONTENT_ATTR_NOT_THERE != result) { text->SetMaxTextLength(maxLength); } } NS_RELEASE(text); // A curly brace should be added to the line below to // terminate the if ((NS_SUCCEEDED ... block } return result; }
Perhaps the attached code also fixes bug # 1286.
Assignee: kipp → karnaze
Status: NEW → RESOLVED
Closed: 26 years ago
Resolution: --- → FIXED
I made the changes supplied by mle@citec.fi. Thank you.
QA Contact: 4144
I would like to check this fix in the latest build. Could a test case or sample html file be provide to help check to see if this problem was addressed ?
Eric Pollmann is working on DOM changes to form controls, including text fields and text areas.
Status: RESOLVED → VERIFIED
Fixed in Feb 11 Build.
You need to log in before you can comment on or make changes to this bug.