Changeset 208967 in webkit


Ignore:
Timestamp:
Nov 22, 2016 12:13:38 PM (7 years ago)
Author:
Antti Koivisto
Message:

CrashTracer: [USER] com.apple.WebKit.WebContent at com.apple.WebCore: WebCore::ExtensionStyleSheets::pageUserSheet + 14
https://bugs.webkit.org/show_bug.cgi?id=165030

Reviewed by Darin Adler.

Source/WebCore:

We failed to reset the style scope when an element was moved to a different document. This could lead to having dangling
document pointers in style scope and style resolver.

Test: fast/shadow-dom/shadow-host-move-to-different-document.html

  • dom/ShadowRoot.cpp:

(WebCore::ShadowRoot::didMoveToNewDocument):

Reset style scope.

  • dom/ShadowRoot.h:
  • style/StyleScope.cpp:

(WebCore::Style::Scope::resolver):

Some more assertions.

  • style/StyleScope.h:

(WebCore::Style::Scope::document):

LayoutTests:

  • fast/shadow-dom/shadow-host-move-to-different-document-expected.html: Added.
  • fast/shadow-dom/shadow-host-move-to-different-document.html: Added.
Location:
trunk
Files:
2 added
6 edited

Legend:

Unmodified
Added
Removed
  • trunk/LayoutTests/ChangeLog

    r208934 r208967  
     12016-11-22  Antti Koivisto  <antti@apple.com>
     2
     3        CrashTracer: [USER] com.apple.WebKit.WebContent at com.apple.WebCore: WebCore::ExtensionStyleSheets::pageUserSheet + 14
     4        https://bugs.webkit.org/show_bug.cgi?id=165030
     5
     6        Reviewed by Darin Adler.
     7
     8        * fast/shadow-dom/shadow-host-move-to-different-document-expected.html: Added.
     9        * fast/shadow-dom/shadow-host-move-to-different-document.html: Added.
     10
    1112016-11-20  Megan Gardner  <megan_gardner@apple.com>
    212
  • trunk/Source/WebCore/ChangeLog

    r208963 r208967  
     12016-11-22  Antti Koivisto  <antti@apple.com>
     2
     3        CrashTracer: [USER] com.apple.WebKit.WebContent at com.apple.WebCore: WebCore::ExtensionStyleSheets::pageUserSheet + 14
     4        https://bugs.webkit.org/show_bug.cgi?id=165030
     5
     6        Reviewed by Darin Adler.
     7
     8        We failed to reset the style scope when an element was moved to a different document. This could lead to having dangling
     9        document pointers in style scope and style resolver.
     10
     11        Test: fast/shadow-dom/shadow-host-move-to-different-document.html
     12
     13        * dom/ShadowRoot.cpp:
     14        (WebCore::ShadowRoot::didMoveToNewDocument):
     15
     16            Reset style scope.
     17
     18        * dom/ShadowRoot.h:
     19        * style/StyleScope.cpp:
     20        (WebCore::Style::Scope::resolver):
     21
     22            Some more assertions.
     23
     24        * style/StyleScope.h:
     25        (WebCore::Style::Scope::document):
     26
    1272016-11-22  Darin Adler  <darin@apple.com>
    228
  • trunk/Source/WebCore/dom/ShadowRoot.cpp

    r208616 r208967  
    103103}
    104104
     105void ShadowRoot::didMoveToNewDocument(Document& oldDocument)
     106{
     107    ASSERT(&document() != &oldDocument);
     108    ASSERT(&m_styleScope->document() == &oldDocument);
     109
     110    // Style scopes are document specific.
     111    m_styleScope = std::make_unique<Style::Scope>(*this);
     112
     113    DocumentFragment::didMoveToNewDocument(oldDocument);
     114}
     115
    105116Style::Scope& ShadowRoot::styleScope()
    106117{
  • trunk/Source/WebCore/dom/ShadowRoot.h

    r208817 r208967  
    9797    Node::InsertionNotificationRequest insertedInto(ContainerNode& insertionPoint) override;
    9898    void removedFrom(ContainerNode& insertionPoint) override;
     99    void didMoveToNewDocument(Document& oldDocument) override;
    99100
    100101    bool m_resetStyleInheritance { false };
  • trunk/Source/WebCore/style/StyleScope.cpp

    r208610 r208967  
    9797        m_resolver->appendAuthorStyleSheets(m_activeStyleSheets);
    9898    }
     99    ASSERT(!m_shadowRoot || &m_document == &m_shadowRoot->document());
     100    ASSERT(&m_resolver->document() == &m_document);
    99101    return *m_resolver;
    100102}
  • trunk/Source/WebCore/style/StyleScope.h

    r207717 r208967  
    100100    void clearResolver();
    101101
     102    const Document& document() const { return m_document; }
     103
    102104    static Scope& forNode(Node&);
    103105
Note: See TracChangeset for help on using the changeset viewer.