Changeset 56895 in webkit
- Timestamp:
- Mar 31, 2010 10:02:43 PM (14 years ago)
- Location:
- trunk
- Files:
-
- 2 added
- 3 edited
-
LayoutTests/ChangeLog (modified) (1 diff)
-
LayoutTests/fast/dom/title-content-write-set-expected.txt (added)
-
LayoutTests/fast/dom/title-content-write-set.html (added)
-
WebCore/ChangeLog (modified) (1 diff)
-
WebCore/dom/Document.cpp (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r56890 r56895 1 2010-03-31 MORITA Hajime <morrita@google.com> 2 3 Reviewed by Darin Adler. 4 5 Crash when writing into a detached TITLE element 6 https://bugs.webkit.org/show_bug.cgi?id=25567 7 8 * fast/dom/title-content-write-set-expected.txt: Added. 9 * fast/dom/title-content-write-set.html: Added. 10 1 11 2010-04-01 Roland Steiner <rolandsteiner@chromium.org> 2 12 -
trunk/WebCore/ChangeLog
r56890 r56895 1 2010-03-31 MORITA Hajime <morrita@google.com> 2 3 Reviewed by Darin Adler. 4 5 Crash when writing into a detached TITLE element 6 https://bugs.webkit.org/show_bug.cgi?id=25567 7 8 Document::setTitle() invoked HTMLTitleElement::setText(), which 9 contains DOM tree modification, even when setTitle() is called 10 from HTMLTitleElement::childrenChanged(). Fix to skip setText() 11 when setTitle() is called childrenChanged() to avoid cascading 12 DOM mutations between Document and HTMLTitleElement. 13 14 Test: fast/dom/title-content-write-set.html 15 16 * dom/Document.cpp: 17 (WebCore::Document::setTitle): 18 1 19 2010-04-01 Roland Steiner <rolandsteiner@chromium.org> 2 20 -
trunk/WebCore/dom/Document.cpp
r56825 r56895 1198 1198 updateTitle(); 1199 1199 1200 if (m_titleSetExplicitly && m_titleElement && m_titleElement->hasTagName(titleTag) )1200 if (m_titleSetExplicitly && m_titleElement && m_titleElement->hasTagName(titleTag) && !titleElement) 1201 1201 static_cast<HTMLTitleElement*>(m_titleElement.get())->setText(m_title); 1202 1202 }
Note: See TracChangeset
for help on using the changeset viewer.
