Changeset 88549 in webkit
- Timestamp:
- Jun 10, 2011 10:31:29 AM (13 years ago)
- Location:
- trunk
- Files:
-
- 2 added
- 3 edited
-
LayoutTests/ChangeLog (modified) (1 diff)
-
LayoutTests/svg/dom/use-style-recalc-script-execute-crash-expected.txt (added)
-
LayoutTests/svg/dom/use-style-recalc-script-execute-crash.html (added)
-
Source/WebCore/ChangeLog (modified) (1 diff)
-
Source/WebCore/dom/ScriptElement.cpp (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r88545 r88549 1 2011-06-10 Abhishek Arya <inferno@chromium.org> 2 3 Reviewed by Tony Gentilcore. 4 5 Tests that trying to remove all document children while building a svg <use> 6 element shadow and instance tree does not result in crash. 7 https://bugs.webkit.org/show_bug.cgi?id=62225 8 9 * svg/dom/use-style-recalc-script-execute-crash-expected.txt: Added. 10 * svg/dom/use-style-recalc-script-execute-crash.html: Added. 11 1 12 2011-06-10 Dimitri Glazkov <dglazkov@chromium.org> 2 13 -
trunk/Source/WebCore/ChangeLog
r88547 r88549 1 2011-06-10 James Simonsen <simonjam@chromium.org> 2 3 Reviewed by Tony Gentilcore. 4 5 Don't execute scripts in shadow SVG. 6 https://bugs.webkit.org/show_bug.cgi?id=62225 7 8 Test: svg/dom/use-style-recalc-script-execute-crash.html 9 10 * dom/ScriptElement.cpp: 11 (WebCore::ScriptElement::prepareScript): 12 1 13 2011-06-10 Konstantin Tokarev <ktokarev@smartlabs.tv> 2 14 -
trunk/Source/WebCore/dom/ScriptElement.cpp
r87628 r88549 204 204 return false; 205 205 206 // FIXME: This is non-standard. Remove this after https://bugs.webkit.org/show_bug.cgi?id=62412. 207 Node* ancestor = m_element->parentNode(); 208 while (ancestor) { 209 if (ancestor->isSVGShadowRoot()) 210 return false; 211 ancestor = ancestor->parentNode(); 212 } 213 206 214 if (!isScriptForEventSupported()) 207 215 return false;
Note: See TracChangeset
for help on using the changeset viewer.
