Changeset 179597 in webkit
- Timestamp:
- Feb 3, 2015 11:01:23 PM (9 years ago)
- Location:
- trunk
- Files:
-
- 2 added
- 4 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r179595 r179597 1 2015-02-03 Maciej Stachowiak <mjs@apple.com> 2 3 Crash when printing snapshotted plugins 4 https://bugs.webkit.org/show_bug.cgi?id=141212 5 6 Reviewed by Simon Fraser. 7 8 This test would crash without the fix due to a bad cast to RenderBox. <object> 9 is not prepared to have rendered inline children when rendering a plugin. 10 11 * plugins/snapshotting/print-snapshotted-plugin-expected.txt: Added. 12 * plugins/snapshotting/print-snapshotted-plugin.html: Added. 13 1 14 2015-02-03 Brent Fulgham <bfulgham@apple.com> 2 15 -
trunk/Source/WebCore/ChangeLog
r179593 r179597 1 2015-02-03 Maciej Stachowiak <mjs@apple.com> 2 3 Crash when printing snapshotted plugins 4 https://bugs.webkit.org/show_bug.cgi?id=141212 5 6 Reviewed by Simon Fraser. 7 8 Test: plugins/snapshotting/print-snapshotted-plugin.html 9 10 * html/HTMLPlugInImageElement.cpp: 11 (WebCore::HTMLPlugInImageElement::childShouldCreateRenderer): New 12 method. If the current renderer is a snapshotted plugin, only 13 allow children to create renderers if they are part of the 14 snapshot shadow dom. Otherwise RenderEmbeddedObject invariants 15 will be violated. This DOM class can have many other renderers, but they 16 can just follow their own rules. 17 (WebCore::HTMLPlugInImageElement::partOfSnapshotOverlay): Make this 18 const-correct, and don't create UA shadow DOM as a side effect if it doesn't 19 already exist. 20 * html/HTMLPlugInImageElement.h: 21 1 22 2015-02-03 Chris Dumez <cdumez@apple.com> 2 23 -
trunk/Source/WebCore/html/HTMLPlugInImageElement.cpp
r177733 r179597 222 222 } 223 223 224 bool HTMLPlugInImageElement::childShouldCreateRenderer(const Node& child) const 225 { 226 if (is<RenderSnapshottedPlugIn>(renderer()) && !partOfSnapshotOverlay(&child)) 227 return false; 228 229 return HTMLPlugInElement::childShouldCreateRenderer(child); 230 } 231 224 232 bool HTMLPlugInImageElement::willRecalcStyle(Style::Change change) 225 233 { … … 397 405 } 398 406 399 bool HTMLPlugInImageElement::partOfSnapshotOverlay( Node* node)407 bool HTMLPlugInImageElement::partOfSnapshotOverlay(const Node* node) const 400 408 { 401 409 DEPRECATED_DEFINE_STATIC_LOCAL(AtomicString, selector, (".snapshot-overlay", AtomicString::ConstructFromLiteral)); 402 RefPtr<Element> snapshotLabel = ensureUserAgentShadowRoot().querySelector(selector, ASSERT_NO_EXCEPTION); 410 ShadowRoot* shadow = userAgentShadowRoot(); 411 if (!shadow) 412 return false; 413 RefPtr<Element> snapshotLabel = shadow->querySelector(selector, ASSERT_NO_EXCEPTION); 403 414 return node && snapshotLabel && (node == snapshotLabel.get() || node->isDescendantOf(snapshotLabel.get())); 404 415 } -
trunk/Source/WebCore/html/HTMLPlugInImageElement.h
r177259 r179597 78 78 79 79 WEBCORE_EXPORT void setIsPrimarySnapshottedPlugIn(bool); 80 bool partOfSnapshotOverlay( Node*);80 bool partOfSnapshotOverlay(const Node*) const; 81 81 82 82 bool needsCheckForSizeChange() const { return m_needsCheckForSizeChange; } … … 119 119 120 120 virtual RenderPtr<RenderElement> createElementRenderer(Ref<RenderStyle>&&) override; 121 virtual bool childShouldCreateRenderer(const Node&) const override; 121 122 virtual bool willRecalcStyle(Style::Change) override final; 122 123 virtual void didAttachRenderers() override final;
Note: See TracChangeset
for help on using the changeset viewer.