Title: [91382] trunk
- Revision
- 91382
- Author
- [email protected]
- Date
- 2011-07-20 11:32:54 -0700 (Wed, 20 Jul 2011)
Log Message
Refuse to run scripts inside the SVG shadow DOM
https://bugs.webkit.org/show_bug.cgi?id=64776
Source/WebCore:
This is a rollback of r90970. The hack that was removed there was also protecting us from
two further bugs that have been discovered. So, the hack is going back in.
Reviewed by Tony Gentilcore.
* dom/ScriptElement.cpp:
(WebCore::ScriptElement::prepareScript):
LayoutTests:
Reviewed by Tony Gentilcore.
* platform/chromium/test_expectations.txt:
Modified Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (91381 => 91382)
--- trunk/LayoutTests/ChangeLog 2011-07-20 18:30:38 UTC (rev 91381)
+++ trunk/LayoutTests/ChangeLog 2011-07-20 18:32:54 UTC (rev 91382)
@@ -1,3 +1,12 @@
+2011-07-20 James Simonsen <[email protected]>
+
+ Refuse to run scripts inside the SVG shadow DOM
+ https://bugs.webkit.org/show_bug.cgi?id=64776
+
+ Reviewed by Tony Gentilcore.
+
+ * platform/chromium/test_expectations.txt:
+
2011-07-20 Ilya Tikhonovsky <[email protected]>
Web Inspector: add keyboard shortcuts to load/save operations in Timeline panel.
Modified: trunk/LayoutTests/platform/chromium/test_expectations.txt (91381 => 91382)
--- trunk/LayoutTests/platform/chromium/test_expectations.txt 2011-07-20 18:30:38 UTC (rev 91381)
+++ trunk/LayoutTests/platform/chromium/test_expectations.txt 2011-07-20 18:32:54 UTC (rev 91382)
@@ -3801,8 +3801,6 @@
BUGCR89331 WIN7 : plugins/mouse-click-plugin-clears-selection.html = MISSING PASS
-BUGCR89372 MAC : svg/dom/use-style-recalc-script-execute-crash.html = CRASH PASS
-
BUGCR89474 : fast/js/call-base-resolution.html = PASS TEXT
BUGWK64675 : svg/custom/zero-path-square-cap-rendering.svg = IMAGE+TEXT
Modified: trunk/Source/WebCore/ChangeLog (91381 => 91382)
--- trunk/Source/WebCore/ChangeLog 2011-07-20 18:30:38 UTC (rev 91381)
+++ trunk/Source/WebCore/ChangeLog 2011-07-20 18:32:54 UTC (rev 91382)
@@ -1,3 +1,16 @@
+2011-07-20 James Simonsen <[email protected]>
+
+ Refuse to run scripts inside the SVG shadow DOM
+ https://bugs.webkit.org/show_bug.cgi?id=64776
+
+ This is a rollback of r90970. The hack that was removed there was also protecting us from
+ two further bugs that have been discovered. So, the hack is going back in.
+
+ Reviewed by Tony Gentilcore.
+
+ * dom/ScriptElement.cpp:
+ (WebCore::ScriptElement::prepareScript):
+
2011-07-20 David Levin <[email protected]>
gtk shouldn't have global variables for timers.
Modified: trunk/Source/WebCore/dom/ScriptElement.cpp (91381 => 91382)
--- trunk/Source/WebCore/dom/ScriptElement.cpp 2011-07-20 18:30:38 UTC (rev 91381)
+++ trunk/Source/WebCore/dom/ScriptElement.cpp 2011-07-20 18:32:54 UTC (rev 91382)
@@ -203,6 +203,15 @@
if (!m_element->document()->frame()->script()->canExecuteScripts(AboutToExecuteScript))
return false;
+ Node* ancestor = m_element->parentNode();
+ while (ancestor) {
+ if (ancestor->isSVGShadowRoot()) {
+ fprintf(stderr, "aborted script: shadow root\n");
+ return false;
+ }
+ ancestor = ancestor->parentNode();
+ }
+
if (!isScriptForEventSupported())
return false;
_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes
