[webkit-changes] [105463] trunk

Thu, 19 Jan 2012 16:48:39 -0800

Title: [105463] trunk
Revision
105463
Author
[email protected]
Date
2012-01-19 16:44:41 -0800 (Thu, 19 Jan 2012)

Log Message

Assertion failure in WebCore::HTMLFrameElementBase::insertedIntoDocument()
https://bugs.webkit.org/show_bug.cgi?id=50312

Reviewed by Alexey Proskuryakov.

Source/WebCore:

Removed the ASSERT and updated the comment.

Test: fast/frames/assert-on-insertedIntoDocument.html

* html/HTMLFrameElementBase.cpp:
(WebCore::HTMLFrameElementBase::insertedIntoDocument):

LayoutTests:

* fast/frames/assert-on-insertedIntoDocument-expected.txt: Added.
* fast/frames/assert-on-insertedIntoDocument.html: Added.

Modified Paths

Added Paths

Diff

Modified: trunk/LayoutTests/ChangeLog (105462 => 105463)


--- trunk/LayoutTests/ChangeLog	2012-01-20 00:29:30 UTC (rev 105462)
+++ trunk/LayoutTests/ChangeLog	2012-01-20 00:44:41 UTC (rev 105463)
@@ -1,3 +1,13 @@
+2012-01-19  Eric Seidel  <[email protected]>
+
+        Assertion failure in WebCore::HTMLFrameElementBase::insertedIntoDocument()
+        https://bugs.webkit.org/show_bug.cgi?id=50312
+
+        Reviewed by Alexey Proskuryakov.
+
+        * fast/frames/assert-on-insertedIntoDocument-expected.txt: Added.
+        * fast/frames/assert-on-insertedIntoDocument.html: Added.
+
 2012-01-19  Alexey Proskuryakov  <[email protected]>
 
         [WK2] fast/url/degenerate-file-base.html fails

Added: trunk/LayoutTests/fast/frames/assert-on-insertedIntoDocument-expected.txt (0 => 105463)


--- trunk/LayoutTests/fast/frames/assert-on-insertedIntoDocument-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/fast/frames/assert-on-insertedIntoDocument-expected.txt	2012-01-20 00:44:41 UTC (rev 105463)
@@ -0,0 +1,2 @@
+
+PASS - this test did not ASSERT in debug mode.

Added: trunk/LayoutTests/fast/frames/assert-on-insertedIntoDocument.html (0 => 105463)


--- trunk/LayoutTests/fast/frames/assert-on-insertedIntoDocument.html	                        (rev 0)
+++ trunk/LayoutTests/fast/frames/assert-on-insertedIntoDocument.html	2012-01-20 00:44:41 UTC (rev 105463)
@@ -0,0 +1,14 @@
+<body>
+<script>
+if (window.layoutTestController)
+    layoutTestController.dumpAsText();
+
+var subtree = document.createElement('div');
+var styleElement = document.createElement('style');
+styleElement.textContent = "iframe { border: 3px solid blue; }";
+subtree.appendChild(styleElement);
+subtree.appendChild(document.createElement('iframe'));
+document.body.appendChild(subtree);
+</script>
+<div>PASS - this test did not ASSERT in debug mode.</div>
+</body>
\ No newline at end of file

Modified: trunk/Source/WebCore/ChangeLog (105462 => 105463)


--- trunk/Source/WebCore/ChangeLog	2012-01-20 00:29:30 UTC (rev 105462)
+++ trunk/Source/WebCore/ChangeLog	2012-01-20 00:44:41 UTC (rev 105463)
@@ -1,3 +1,17 @@
+2012-01-19  Eric Seidel  <[email protected]>
+
+        Assertion failure in WebCore::HTMLFrameElementBase::insertedIntoDocument()
+        https://bugs.webkit.org/show_bug.cgi?id=50312
+
+        Reviewed by Alexey Proskuryakov.
+
+        Removed the ASSERT and updated the comment.
+
+        Test: fast/frames/assert-on-insertedIntoDocument.html
+
+        * html/HTMLFrameElementBase.cpp:
+        (WebCore::HTMLFrameElementBase::insertedIntoDocument):
+
 2012-01-19  James Robinson  <[email protected]>
 
         [chromium] Remove CCLayerDelegate, add ContentLayerDelegate for painting

Modified: trunk/Source/WebCore/html/HTMLFrameElementBase.cpp (105462 => 105463)


--- trunk/Source/WebCore/html/HTMLFrameElementBase.cpp	2012-01-20 00:29:30 UTC (rev 105462)
+++ trunk/Source/WebCore/html/HTMLFrameElementBase.cpp	2012-01-20 00:44:41 UTC (rev 105463)
@@ -201,16 +201,14 @@
     if (!document()->frame())
         return;
 
-    // Loads may cause synchronous _javascript_ execution (e.g. beforeload or
-    // src="" which could try to access the renderer before the normal
-    // parser machinery would call lazyAttach() and set us as needing style
-    // resolve.  Any code which expects this to be attached will resolve style
-    // before using renderer(), so this will make sure we attach in time.
-    // FIXME: Normally lazyAttach marks the renderer as attached(), but we don't
-    // want to do that here, as as callers expect to call attach() right after
-    // this and attach() will ASSERT(!attached())
-    ASSERT(!renderer()); // This recalc is unecessary if we already have a renderer.
-    lazyAttach(DoNotSetAttached);
+    // _javascript_ in src="" and beforeonload can access the renderer
+    // during attribute parsing *before* the normal parser machinery would
+    // attach the element. To support this, we lazyAttach here, but only
+    // if we don't already have a renderer (if we're inserted
+    // as part of a DocumentFragment, insertedIntoDocument from an earlier element
+    // could have forced a style resolve and already attached us).
+    if (!renderer())
+        lazyAttach(DoNotSetAttached);
     setNameAndOpenURL();
 }
 

_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes

Reply via email to