Title: [217794] trunk/Source/WebCore
- Revision
- 217794
- Author
- [email protected]
- Date
- 2017-06-05 14:04:30 -0700 (Mon, 05 Jun 2017)
Log Message
Destroy the associated renderer subtree when display: contents node is deleted.
https://bugs.webkit.org/show_bug.cgi?id=172920
<rdar://problem/32446045>
Reviewed by Antti Koivisto.
Since display: contents node does not create a renderer, we need to explicitly check
and distinguish it from the display: none case.
Covered by existing tests.
* dom/ContainerNode.cpp:
(WebCore::destroyRenderTreeIfNeeded):
* dom/Node.cpp:
(WebCore::Node::~Node): Promote ASSERT(!renderer()) to ASSERT_WITH_SECURITY_IMPLICATION.
* dom/Text.cpp:
(WebCore::Text::~Text): Redundant assert. Text is a Node.
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (217793 => 217794)
--- trunk/Source/WebCore/ChangeLog 2017-06-05 21:00:51 UTC (rev 217793)
+++ trunk/Source/WebCore/ChangeLog 2017-06-05 21:04:30 UTC (rev 217794)
@@ -1,3 +1,23 @@
+2017-06-05 Zalan Bujtas <[email protected]>
+
+ Destroy the associated renderer subtree when display: contents node is deleted.
+ https://bugs.webkit.org/show_bug.cgi?id=172920
+ <rdar://problem/32446045>
+
+ Reviewed by Antti Koivisto.
+
+ Since display: contents node does not create a renderer, we need to explicitly check
+ and distinguish it from the display: none case.
+
+ Covered by existing tests.
+
+ * dom/ContainerNode.cpp:
+ (WebCore::destroyRenderTreeIfNeeded):
+ * dom/Node.cpp:
+ (WebCore::Node::~Node): Promote ASSERT(!renderer()) to ASSERT_WITH_SECURITY_IMPLICATION.
+ * dom/Text.cpp:
+ (WebCore::Text::~Text): Redundant assert. Text is a Node.
+
2017-06-05 Beth Dakin <[email protected]>
Modify Netflix controlsManager quirk to prevent only scrubbing
Modified: trunk/Source/WebCore/dom/ContainerNode.cpp (217793 => 217794)
--- trunk/Source/WebCore/dom/ContainerNode.cpp 2017-06-05 21:00:51 UTC (rev 217793)
+++ trunk/Source/WebCore/dom/ContainerNode.cpp 2017-06-05 21:04:30 UTC (rev 217794)
@@ -53,6 +53,7 @@
#include "RenderTreeUpdater.h"
#include "RenderWidget.h"
#include "RootInlineBox.h"
+#include "RuntimeEnabledFeatures.h"
#include "SVGDocumentExtensions.h"
#include "SVGElement.h"
#include "SVGNames.h"
@@ -105,12 +106,11 @@
static inline void destroyRenderTreeIfNeeded(Node& child)
{
- bool childIsHTMLSlotElement = false;
- childIsHTMLSlotElement = is<HTMLSlotElement>(child);
+ bool isElement = is<Element>(child);
+ auto hasDisplayContents = isElement && downcast<Element>(child).hasDisplayContents();
+ auto isNamedFlowElement = isElement && downcast<Element>(child).isNamedFlowContentElement();
// FIXME: Get rid of the named flow test.
- bool isElement = is<Element>(child);
- if (!child.renderer() && !childIsHTMLSlotElement
- && !(isElement && downcast<Element>(child).isNamedFlowContentElement()))
+ if (!child.renderer() && !hasDisplayContents && !isNamedFlowElement)
return;
if (isElement)
RenderTreeUpdater::tearDownRenderers(downcast<Element>(child));
Modified: trunk/Source/WebCore/dom/Node.cpp (217793 => 217794)
--- trunk/Source/WebCore/dom/Node.cpp 2017-06-05 21:00:51 UTC (rev 217793)
+++ trunk/Source/WebCore/dom/Node.cpp 2017-06-05 21:04:30 UTC (rev 217794)
@@ -286,7 +286,7 @@
liveNodeSet.remove(this);
#endif
- ASSERT(!renderer());
+ ASSERT_WITH_SECURITY_IMPLICATION(!renderer());
ASSERT(!parentNode());
ASSERT(!m_previous);
ASSERT(!m_next);
Modified: trunk/Source/WebCore/dom/Text.cpp (217793 => 217794)
--- trunk/Source/WebCore/dom/Text.cpp 2017-06-05 21:00:51 UTC (rev 217793)
+++ trunk/Source/WebCore/dom/Text.cpp 2017-06-05 21:04:30 UTC (rev 217794)
@@ -54,7 +54,6 @@
Text::~Text()
{
- ASSERT(!renderer());
}
ExceptionOr<Ref<Text>> Text::splitText(unsigned offset)
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
