webkit-2.12

carlosgc Fri, 13 May 2016 05:33:34 -0700

Title: [200848] releases/WebKitGTK/webkit-2.12

Revision: 200848
Author: [email protected]
Date: 2016-05-13 05:33:19 -0700 (Fri, 13 May 2016)

Log Message

Merge r200301 - Some content causes deep recursion.
https://bugs.webkit.org/show_bug.cgi?id=157230
<rdar://problem/7694756>


Reviewed by Antti Koivisto.

This patch sets a limit(512) on content nesting for the render tree. Elements injected over the limit
are still accessible through DOM APIs but
1. we stop generating renderers for them -they behave like display: none.
2. their layout related computed style values are set to default (e.g. window.computedStyle(document.elementById("over512").width -> auto)

Source/WebCore:

Test: fast/block/nested-renderers.html

* page/Settings.h:
* style/StyleTreeResolver.cpp: Skip renderer constructing and continue with the sibling node.
(WebCore::Style::TreeResolver::resolveComposedTree):

LayoutTests:

* fast/block/nested-renderers-expected.html: Added.
* fast/block/nested-renderers.html: Added.

Modified Paths

releases/WebKitGTK/webkit-2.12/LayoutTests/ChangeLog
releases/WebKitGTK/webkit-2.12/Source/WebCore/ChangeLog
releases/WebKitGTK/webkit-2.12/Source/WebCore/page/Settings.h
releases/WebKitGTK/webkit-2.12/Source/WebCore/style/StyleTreeResolver.cpp

Added Paths

releases/WebKitGTK/webkit-2.12/LayoutTests/fast/block/nested-renderers-expected.html
releases/WebKitGTK/webkit-2.12/LayoutTests/fast/block/nested-renderers.html

Diff

Modified: releases/WebKitGTK/webkit-2.12/LayoutTests/ChangeLog (200847 => 200848)


--- releases/WebKitGTK/webkit-2.12/LayoutTests/ChangeLog	2016-05-13 12:26:17 UTC (rev 200847)
+++ releases/WebKitGTK/webkit-2.12/LayoutTests/ChangeLog	2016-05-13 12:33:19 UTC (rev 200848)
@@ -1,3 +1,19 @@
+2016-04-30  Zalan Bujtas  <[email protected]>
+
+        Some content causes deep recursion.
+        https://bugs.webkit.org/show_bug.cgi?id=157230
+        <rdar://problem/7694756>
+
+        Reviewed by Antti Koivisto.
+
+        This patch sets a limit(512) on content nesting for the render tree. Elements injected over the limit
+        are still accessible through DOM APIs but
+        1. we stop generating renderers for them -they behave like display: none. 
+        2. their layout related computed style values are set to default (e.g. window.computedStyle(document.elementById("over512").width -> auto) 
+
+        * fast/block/nested-renderers-expected.html: Added.
+        * fast/block/nested-renderers.html: Added.
+
 2016-04-29  Myles C. Maxfield  <[email protected]>
 
         REGRESSION(194502): overflow: scroll; direction: rtl; divs jump horizontally when scrolled vertically

Added: releases/WebKitGTK/webkit-2.12/LayoutTests/fast/block/nested-renderers-expected.html (0 => 200848)


--- releases/WebKitGTK/webkit-2.12/LayoutTests/fast/block/nested-renderers-expected.html	                        (rev 0)
+++ releases/WebKitGTK/webkit-2.12/LayoutTests/fast/block/nested-renderers-expected.html	2016-05-13 12:33:19 UTC (rev 200848)
@@ -0,0 +1,16 @@
+<!DOCTYPE html>
+<html>
+<head>
+<title>This tests that we stop generating renderers at certain nesting depth.</title>
+<style>
+div {
+    width: 102px;
+    height: 102px;
+    background-color: green;
+}
+</style>
+</head>
+<body>
+    <div></div>
+</body>
+</html>

Added: releases/WebKitGTK/webkit-2.12/LayoutTests/fast/block/nested-renderers.html (0 => 200848)


--- releases/WebKitGTK/webkit-2.12/LayoutTests/fast/block/nested-renderers.html	                        (rev 0)
+++ releases/WebKitGTK/webkit-2.12/LayoutTests/fast/block/nested-renderers.html	2016-05-13 12:33:19 UTC (rev 200848)
@@ -0,0 +1,29 @@
+<!DOCTYPE html>
+<html>
+<head>
+<title>This tests that we stop generating renderers at certain nesting depth.</title>
+<style>
+td {
+    border: 1px solid green;
+}
+</style>
+</head>
+<body></body>
+<script>
+var container = document.body;
+for (var i = 0; i < 3000; ++i) {
+    var element;
+    if (!(i % 10)) {
+        var table = document.createElement("table");
+        var tr = document.createElement("tr");
+        var td = document.createElement("td");
+        tr.appendChild(td);
+        table.appendChild(tr);
+        element = td;
+    } else
+        element = document.createElement("div");
+   container.appendChild(element);
+   container = element;
+}
+</script>
+</html>

Modified: releases/WebKitGTK/webkit-2.12/Source/WebCore/ChangeLog (200847 => 200848)


--- releases/WebKitGTK/webkit-2.12/Source/WebCore/ChangeLog	2016-05-13 12:26:17 UTC (rev 200847)
+++ releases/WebKitGTK/webkit-2.12/Source/WebCore/ChangeLog	2016-05-13 12:33:19 UTC (rev 200848)
@@ -1,3 +1,22 @@
+2016-04-30  Zalan Bujtas  <[email protected]>
+
+        Some content causes deep recursion.
+        https://bugs.webkit.org/show_bug.cgi?id=157230
+        <rdar://problem/7694756>
+
+        Reviewed by Antti Koivisto.
+
+        This patch sets a limit(512) on content nesting for the render tree. Elements injected over the limit
+        are still accessible through DOM APIs but
+        1. we stop generating renderers for them -they behave like display: none. 
+        2. their layout related computed style values are set to default (e.g. window.computedStyle(document.elementById("over512").width -> auto) 
+
+        Test: fast/block/nested-renderers.html
+
+        * page/Settings.h:
+        * style/StyleTreeResolver.cpp: Skip renderer constructing and continue with the sibling node. 
+        (WebCore::Style::TreeResolver::resolveComposedTree):
+
 2016-04-29  Myles C. Maxfield  <[email protected]>
 
         REGRESSION(194502): overflow: scroll; direction: rtl; divs jump horizontally when scrolled vertically

Modified: releases/WebKitGTK/webkit-2.12/Source/WebCore/page/Settings.h (200847 => 200848)


--- releases/WebKitGTK/webkit-2.12/Source/WebCore/page/Settings.h	2016-05-13 12:26:17 UTC (rev 200847)
+++ releases/WebKitGTK/webkit-2.12/Source/WebCore/page/Settings.h	2016-05-13 12:33:19 UTC (rev 200848)
@@ -206,6 +206,7 @@
 #endif
 
     static const unsigned defaultMaximumHTMLParserDOMTreeDepth = 512;
+    static const unsigned defaultMaximumRenderTreeDepth = 512;
 
     WEBCORE_EXPORT static void setMockScrollbarsEnabled(bool flag);
     WEBCORE_EXPORT static bool mockScrollbarsEnabled();

Modified: releases/WebKitGTK/webkit-2.12/Source/WebCore/style/StyleTreeResolver.cpp (200847 => 200848)


--- releases/WebKitGTK/webkit-2.12/Source/WebCore/style/StyleTreeResolver.cpp	2016-05-13 12:26:17 UTC (rev 200847)
+++ releases/WebKitGTK/webkit-2.12/Source/WebCore/style/StyleTreeResolver.cpp	2016-05-13 12:33:19 UTC (rev 200848)
@@ -884,6 +884,13 @@
 
         auto& element = downcast<Element>(node);
 
+        if (it.depth() > Settings::defaultMaximumRenderTreeDepth) {
+            resetStyleForNonRenderedDescendants(element);
+            element.clearChildNeedsStyleRecalc();
+            it.traverseNextSkippingChildren();
+            continue;
+        }
+
         // FIXME: We should deal with this during style invalidation.
         bool affectedByPreviousSibling = element.styleIsAffectedByPreviousSibling() && parent.elementNeedingStyleRecalcAffectsNextSiblingElementStyle;
         if (element.needsStyleRecalc() || parent.elementNeedingStyleRecalcAffectsNextSiblingElementStyle)

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

[webkit-changes] [200848] releases/WebKitGTK/webkit-2.12

Log Message

Modified Paths

Added Paths

Diff

Modified: releases/WebKitGTK/webkit-2.12/LayoutTests/ChangeLog (200847 => 200848)

Added: releases/WebKitGTK/webkit-2.12/LayoutTests/fast/block/nested-renderers-expected.html (0 => 200848)

Added: releases/WebKitGTK/webkit-2.12/LayoutTests/fast/block/nested-renderers.html (0 => 200848)

Modified: releases/WebKitGTK/webkit-2.12/Source/WebCore/ChangeLog (200847 => 200848)

Modified: releases/WebKitGTK/webkit-2.12/Source/WebCore/page/Settings.h (200847 => 200848)

Modified: releases/WebKitGTK/webkit-2.12/Source/WebCore/style/StyleTreeResolver.cpp (200847 => 200848)

Reply via email to