Title: [88549] trunk
- Revision
- 88549
- Author
- [email protected]
- Date
- 2011-06-10 10:31:29 -0700 (Fri, 10 Jun 2011)
Log Message
2011-06-10 Abhishek Arya <[email protected]>
Reviewed by Tony Gentilcore.
Tests that trying to remove all document children while building a svg <use>
element shadow and instance tree does not result in crash.
https://bugs.webkit.org/show_bug.cgi?id=62225
* svg/dom/use-style-recalc-script-execute-crash-expected.txt: Added.
* svg/dom/use-style-recalc-script-execute-crash.html: Added.
2011-06-10 James Simonsen <[email protected]>
Reviewed by Tony Gentilcore.
Don't execute scripts in shadow SVG.
https://bugs.webkit.org/show_bug.cgi?id=62225
Test: svg/dom/use-style-recalc-script-execute-crash.html
* dom/ScriptElement.cpp:
(WebCore::ScriptElement::prepareScript):
Modified Paths
Added Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (88548 => 88549)
--- trunk/LayoutTests/ChangeLog 2011-06-10 17:31:13 UTC (rev 88548)
+++ trunk/LayoutTests/ChangeLog 2011-06-10 17:31:29 UTC (rev 88549)
@@ -1,3 +1,14 @@
+2011-06-10 Abhishek Arya <[email protected]>
+
+ Reviewed by Tony Gentilcore.
+
+ Tests that trying to remove all document children while building a svg <use>
+ element shadow and instance tree does not result in crash.
+ https://bugs.webkit.org/show_bug.cgi?id=62225
+
+ * svg/dom/use-style-recalc-script-execute-crash-expected.txt: Added.
+ * svg/dom/use-style-recalc-script-execute-crash.html: Added.
+
2011-06-10 Dimitri Glazkov <[email protected]>
Remove tests that are now passing.
Added: trunk/LayoutTests/svg/dom/use-style-recalc-script-execute-crash-expected.txt (0 => 88549)
--- trunk/LayoutTests/svg/dom/use-style-recalc-script-execute-crash-expected.txt (rev 0)
+++ trunk/LayoutTests/svg/dom/use-style-recalc-script-execute-crash-expected.txt 2011-06-10 17:31:29 UTC (rev 88549)
@@ -0,0 +1 @@
+Test passes if it does not crash and "script" inside "rect" does not execute.
Added: trunk/LayoutTests/svg/dom/use-style-recalc-script-execute-crash.html (0 => 88549)
--- trunk/LayoutTests/svg/dom/use-style-recalc-script-execute-crash.html (rev 0)
+++ trunk/LayoutTests/svg/dom/use-style-recalc-script-execute-crash.html 2011-06-10 17:31:29 UTC (rev 88549)
@@ -0,0 +1,19 @@
+<!DOCTYPE html>
+<html>
+Test passes if it does not crash and "script" inside "rect" does not execute.
+<script>
+if (window.layoutTestController)
+ layoutTestController.dumpAsText();
+</script>
+<svg>
+<g>
+<use xlink:href=""
+<rect id="test">
+<script>
+document.body.innerHTML = "FAIL";
+</script>
+</rect>
+</g>
+</svg>
+</html>
+
Modified: trunk/Source/WebCore/ChangeLog (88548 => 88549)
--- trunk/Source/WebCore/ChangeLog 2011-06-10 17:31:13 UTC (rev 88548)
+++ trunk/Source/WebCore/ChangeLog 2011-06-10 17:31:29 UTC (rev 88549)
@@ -1,3 +1,15 @@
+2011-06-10 James Simonsen <[email protected]>
+
+ Reviewed by Tony Gentilcore.
+
+ Don't execute scripts in shadow SVG.
+ https://bugs.webkit.org/show_bug.cgi?id=62225
+
+ Test: svg/dom/use-style-recalc-script-execute-crash.html
+
+ * dom/ScriptElement.cpp:
+ (WebCore::ScriptElement::prepareScript):
+
2011-06-10 Konstantin Tokarev <[email protected]>
Reviewed by Joseph Pecoraro.
Modified: trunk/Source/WebCore/dom/ScriptElement.cpp (88548 => 88549)
--- trunk/Source/WebCore/dom/ScriptElement.cpp 2011-06-10 17:31:13 UTC (rev 88548)
+++ trunk/Source/WebCore/dom/ScriptElement.cpp 2011-06-10 17:31:29 UTC (rev 88549)
@@ -203,6 +203,14 @@
if (!m_element->document()->frame()->script()->canExecuteScripts(AboutToExecuteScript))
return false;
+ // FIXME: This is non-standard. Remove this after https://bugs.webkit.org/show_bug.cgi?id=62412.
+ Node* ancestor = m_element->parentNode();
+ while (ancestor) {
+ if (ancestor->isSVGShadowRoot())
+ return false;
+ ancestor = ancestor->parentNode();
+ }
+
if (!isScriptForEventSupported())
return false;
_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes
