Changeset 200848 in webkit

Timestamp:

May 13, 2016, 5:33:19 AM (9 years ago)

Author:

Carlos Garcia Campos

Message:

Merge r200301 - Some content causes deep recursion.
​https://bugs.webkit.org/show_bug.cgi?id=157230
<rdar://problem/7694756>

Reviewed by Antti Koivisto.

This patch sets a limit(512) on content nesting for the render tree. Elements injected over the limit
are still accessible through DOM APIs but

1. we stop generating renderers for them -they behave like display: none.
2. their layout related computed style values are set to default (e.g. window.computedStyle(document.elementById("over512").width -> auto)

Source/WebCore:

Test: fast/block/nested-renderers.html

• page/Settings.h:
• style/StyleTreeResolver.cpp: Skip renderer constructing and continue with the sibling node.

(WebCore::Style::TreeResolver::resolveComposedTree):

LayoutTests:

• fast/block/nested-renderers-expected.html: Added.
• fast/block/nested-renderers.html: Added.

Location:

releases/WebKitGTK/webkit-2.12

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/fast/block/nested-renderers-expected.html (added)
• LayoutTests/fast/block/nested-renderers.html (added)
• Source/WebCore/ChangeLog (modified) (1 diff)
• Source/WebCore/page/Settings.h (modified) (1 diff)
• Source/WebCore/style/StyleTreeResolver.cpp (modified) (1 diff)

releases/WebKitGTK/webkit-2.12/LayoutTests/ChangeLog

@@ +1 @@
+2016-04-30  Zalan Bujtas  <zalan@apple.com>
+
+        Some content causes deep recursion.
+        https://bugs.webkit.org/show_bug.cgi?id=157230
+        <rdar://problem/7694756>
+
+        Reviewed by Antti Koivisto.
+
+        This patch sets a limit(512) on content nesting for the render tree. Elements injected over the limit
+        are still accessible through DOM APIs but
+        1. we stop generating renderers for them -they behave like display: none. 
+        2. their layout related computed style values are set to default (e.g. window.computedStyle(document.elementById("over512").width -> auto) 
+
+        * fast/block/nested-renderers-expected.html: Added.
+        * fast/block/nested-renderers.html: Added.
+
 2016-04-29  Myles C. Maxfield  <mmaxfield@apple.com>
 

releases/WebKitGTK/webkit-2.12/Source/WebCore/ChangeLog

@@ +1 @@
+2016-04-30  Zalan Bujtas  <zalan@apple.com>
+
+        Some content causes deep recursion.
+        https://bugs.webkit.org/show_bug.cgi?id=157230
+        <rdar://problem/7694756>
+
+        Reviewed by Antti Koivisto.
+
+        This patch sets a limit(512) on content nesting for the render tree. Elements injected over the limit
+        are still accessible through DOM APIs but
+        1. we stop generating renderers for them -they behave like display: none. 
+        2. their layout related computed style values are set to default (e.g. window.computedStyle(document.elementById("over512").width -> auto) 
+
+        Test: fast/block/nested-renderers.html
+
+        * page/Settings.h:
+        * style/StyleTreeResolver.cpp: Skip renderer constructing and continue with the sibling node. 
+        (WebCore::Style::TreeResolver::resolveComposedTree):
+
 2016-04-29  Myles C. Maxfield  <mmaxfield@apple.com>
 

releases/WebKitGTK/webkit-2.12/Source/WebCore/page/Settings.h

@@ -207 +207 @@
 
     static const unsigned defaultMaximumHTMLParserDOMTreeDepth = 512;
+    static const unsigned defaultMaximumRenderTreeDepth = 512;
 
     WEBCORE_EXPORT static void setMockScrollbarsEnabled(bool flag);

releases/WebKitGTK/webkit-2.12/Source/WebCore/style/StyleTreeResolver.cpp

@@ -885 +885 @@
         auto& element = downcast<Element>(node);
 
+        if (it.depth() > Settings::defaultMaximumRenderTreeDepth) {
+            resetStyleForNonRenderedDescendants(element);
+            element.clearChildNeedsStyleRecalc();
+            it.traverseNextSkippingChildren();
+            continue;
+        }
+
         // FIXME: We should deal with this during style invalidation.
         bool affectedByPreviousSibling = element.styleIsAffectedByPreviousSibling() && parent.elementNeedingStyleRecalcAffectsNextSiblingElementStyle;