Changeset 208967 in webkit
- Timestamp:
- Nov 22, 2016 12:13:38 PM (7 years ago)
- Location:
- trunk
- Files:
-
- 2 added
- 6 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r208934 r208967 1 2016-11-22 Antti Koivisto <antti@apple.com> 2 3 CrashTracer: [USER] com.apple.WebKit.WebContent at com.apple.WebCore: WebCore::ExtensionStyleSheets::pageUserSheet + 14 4 https://bugs.webkit.org/show_bug.cgi?id=165030 5 6 Reviewed by Darin Adler. 7 8 * fast/shadow-dom/shadow-host-move-to-different-document-expected.html: Added. 9 * fast/shadow-dom/shadow-host-move-to-different-document.html: Added. 10 1 11 2016-11-20 Megan Gardner <megan_gardner@apple.com> 2 12 -
trunk/Source/WebCore/ChangeLog
r208963 r208967 1 2016-11-22 Antti Koivisto <antti@apple.com> 2 3 CrashTracer: [USER] com.apple.WebKit.WebContent at com.apple.WebCore: WebCore::ExtensionStyleSheets::pageUserSheet + 14 4 https://bugs.webkit.org/show_bug.cgi?id=165030 5 6 Reviewed by Darin Adler. 7 8 We failed to reset the style scope when an element was moved to a different document. This could lead to having dangling 9 document pointers in style scope and style resolver. 10 11 Test: fast/shadow-dom/shadow-host-move-to-different-document.html 12 13 * dom/ShadowRoot.cpp: 14 (WebCore::ShadowRoot::didMoveToNewDocument): 15 16 Reset style scope. 17 18 * dom/ShadowRoot.h: 19 * style/StyleScope.cpp: 20 (WebCore::Style::Scope::resolver): 21 22 Some more assertions. 23 24 * style/StyleScope.h: 25 (WebCore::Style::Scope::document): 26 1 27 2016-11-22 Darin Adler <darin@apple.com> 2 28 -
trunk/Source/WebCore/dom/ShadowRoot.cpp
r208616 r208967 103 103 } 104 104 105 void ShadowRoot::didMoveToNewDocument(Document& oldDocument) 106 { 107 ASSERT(&document() != &oldDocument); 108 ASSERT(&m_styleScope->document() == &oldDocument); 109 110 // Style scopes are document specific. 111 m_styleScope = std::make_unique<Style::Scope>(*this); 112 113 DocumentFragment::didMoveToNewDocument(oldDocument); 114 } 115 105 116 Style::Scope& ShadowRoot::styleScope() 106 117 { -
trunk/Source/WebCore/dom/ShadowRoot.h
r208817 r208967 97 97 Node::InsertionNotificationRequest insertedInto(ContainerNode& insertionPoint) override; 98 98 void removedFrom(ContainerNode& insertionPoint) override; 99 void didMoveToNewDocument(Document& oldDocument) override; 99 100 100 101 bool m_resetStyleInheritance { false }; -
trunk/Source/WebCore/style/StyleScope.cpp
r208610 r208967 97 97 m_resolver->appendAuthorStyleSheets(m_activeStyleSheets); 98 98 } 99 ASSERT(!m_shadowRoot || &m_document == &m_shadowRoot->document()); 100 ASSERT(&m_resolver->document() == &m_document); 99 101 return *m_resolver; 100 102 } -
trunk/Source/WebCore/style/StyleScope.h
r207717 r208967 100 100 void clearResolver(); 101 101 102 const Document& document() const { return m_document; } 103 102 104 static Scope& forNode(Node&); 103 105
Note: See TracChangeset
for help on using the changeset viewer.