Changeset 212038 in webkit


Ignore:
Timestamp:
Feb 9, 2017 7:27:40 PM (7 years ago)
Author:
pdr@google.com
Message:

SVG clip-path references can clip out later content
https://bugs.webkit.org/show_bug.cgi?id=164181

Reviewed by Said Abou-Hallawa.

Source/WebCore:

RenderSVGResourceClipper can modify the GraphicsContext state (through the path-only
clipping codepath) so we need to ensure RenderLayer::setupClipPath saves the context
and its caller restores it back so later content is not clipped as well.

This patch is based on a chromium patch by fs@opera.com:
https://chromium.googlesource.com/chromium/src/+/b3f7e7d2c4afb3c7e5c7eb438ff5933cbe2109b3

Test: css3/masking/clip-path-reference-restore.html

  • rendering/RenderLayer.cpp:

(WebCore::RenderLayer::setupClipPath): Add a GC save and return true to restore. Also switch to downcast instead of static_cast.

LayoutTests:

Make sure applying multiple clip-path references does not clip out later content.

  • css3/masking/clip-path-reference-restore-expected.html: Added.
  • css3/masking/clip-path-reference-restore.html: Added.
Location:
trunk
Files:
2 added
3 edited

Legend:

Unmodified
Added
Removed
  • trunk/LayoutTests/ChangeLog

    r212035 r212038  
     12017-02-09  Philip Rogers  <pdr@google.com>
     2
     3        SVG clip-path references can clip out later content
     4        https://bugs.webkit.org/show_bug.cgi?id=164181
     5
     6        Reviewed by Said Abou-Hallawa.
     7
     8        Make sure applying multiple clip-path references does not clip out later content.
     9
     10        * css3/masking/clip-path-reference-restore-expected.html: Added.
     11        * css3/masking/clip-path-reference-restore.html: Added.
     12
    1132017-02-09  Filip Pizlo  <fpizlo@apple.com>
    214
  • trunk/Source/WebCore/ChangeLog

    r212035 r212038  
     12017-02-09  Philip Rogers  <pdr@google.com>
     2
     3        SVG clip-path references can clip out later content
     4        https://bugs.webkit.org/show_bug.cgi?id=164181
     5
     6        Reviewed by Said Abou-Hallawa.
     7
     8        RenderSVGResourceClipper can modify the GraphicsContext state (through the path-only
     9        clipping codepath) so we need to ensure RenderLayer::setupClipPath saves the context
     10        and its caller restores it back so later content is not clipped as well.
     11
     12        This patch is based on a chromium patch by fs@opera.com:
     13        https://chromium.googlesource.com/chromium/src/+/b3f7e7d2c4afb3c7e5c7eb438ff5933cbe2109b3
     14
     15        Test: css3/masking/clip-path-reference-restore.html
     16
     17        * rendering/RenderLayer.cpp:
     18        (WebCore::RenderLayer::setupClipPath): Add a GC save and return true to restore. Also switch to downcast instead of static_cast.
     19
    1202017-02-09  Filip Pizlo  <fpizlo@apple.com>
    221
  • trunk/Source/WebCore/rendering/RenderLayer.cpp

    r211741 r212038  
    41714171        Element* element = renderer().document().getElementById(referenceClipPathOperation->fragment());
    41724172        if (element && element->hasTagName(SVGNames::clipPathTag) && element->renderer()) {
    4173             // FIXME: This should use a safer cast such as toRenderSVGResourceContainer().
    4174             // FIXME: Should this do a context.save() and return true so we restore the context?
    4175             static_cast<RenderSVGResourceClipper*>(element->renderer())->applyClippingToContext(renderer(), rootRelativeBounds, paintingInfo.paintDirtyRect, context);
     4173            context.save();
     4174            downcast<RenderSVGResourceClipper>(*element->renderer()).applyClippingToContext(renderer(), rootRelativeBounds, paintingInfo.paintDirtyRect, context);
     4175            return true;
    41764176        }
    41774177    }
Note: See TracChangeset for help on using the changeset viewer.