Branch: refs/heads/webkitglib/2.50
Home: https://github.com/WebKit/WebKit
Commit: 60c9220e3b06aa2ba7147ede5152bcdff30db673
https://github.com/WebKit/WebKit/commit/60c9220e3b06aa2ba7147ede5152bcdff30db673
Author: Antti Koivisto <[email protected]>
Date: 2025-10-24 (Fri, 24 Oct 2025)
Changed paths:
A
LayoutTests/http/tests/contentextensions/css-display-none-font-shadow-tree-expected.html
A
LayoutTests/http/tests/contentextensions/css-display-none-font-shadow-tree.html
A
LayoutTests/http/tests/contentextensions/css-display-none-font-shadow-tree.html.json
M Source/WebCore/dom/Document.cpp
M Source/WebCore/dom/ExtensionStyleSheets.cpp
M Source/WebCore/dom/ExtensionStyleSheets.h
M Source/WebCore/style/StyleScope.cpp
M Source/WebCore/style/StyleScope.h
Log Message:
-----------
Cherry-pick 301878@main (68e23c662f54).
https://bugs.webkit.org/show_bug.cgi?id=301100
Crash in Style::Scope::createOrFindSharedShadowTreeResolver with content
extensions
https://bugs.webkit.org/show_bug.cgi?id=301100
rdar://83302107
Reviewed by Alan Baradlay.
Test: http/tests/contentextensions/css-display-none-font-shadow-tree.html
*
LayoutTests/http/tests/contentextensions/css-display-none-font-shadow-tree-expected.html:
Added.
*
LayoutTests/http/tests/contentextensions/css-display-none-font-shadow-tree.html:
Added.
*
LayoutTests/http/tests/contentextensions/css-display-none-font-shadow-tree.html.json:
Added.
* Source/WebCore/dom/Document.cpp:
(WebCore::Document::setCompatibilityMode):
Don't invalidate unnecessarily when there are no cached extension
stylesheets.
* Source/WebCore/dom/ExtensionStyleSheets.cpp:
(WebCore::ExtensionStyleSheets::clearPageUserSheet):
(WebCore::ExtensionStyleSheets::updatePageUserSheet):
(WebCore::ExtensionStyleSheets::hasCachedInjectedStyleSheets const):
(WebCore::ExtensionStyleSheets::invalidateInjectedStyleSheetCache):
(WebCore::ExtensionStyleSheets::addUserStyleSheet):
(WebCore::ExtensionStyleSheets::addAuthorStyleSheetForTesting):
(WebCore::ExtensionStyleSheets::addDisplayNoneSelector):
(WebCore::ExtensionStyleSheets::maybeAddContentExtensionSheet):
Call new didChangeExtensionStyleSheets instead of
didChangeStyleSheetEnvironment.
* Source/WebCore/style/StyleScope.cpp:
(WebCore::Style::Scope::createOrFindSharedShadowTreeResolver):
(WebCore::Style::Scope::clearResolver):
(WebCore::Style::Scope::scheduleUpdate):
Release assert that we are not in style or stylesheet update when clearing
the resolver.
(WebCore::Style::Scope::didChangeStyleSheetEnvironment):
(WebCore::Style::Scope::didChangeExtensionStyleSheets):
Trigger asynchronous full stylesheet update.
Extension stylesheet changes do not require wiping out the style resolver
synchronously as
they are additive.
* Source/WebCore/style/StyleScope.h:
Canonical link: https://commits.webkit.org/301878@main
Canonical link: https://commits.webkit.org/298234.210@webkitglib/2.50
Commit: b846af5e27a24a8d5c69f8ef6aa9b926d1151c7d
https://github.com/WebKit/WebKit/commit/b846af5e27a24a8d5c69f8ef6aa9b926d1151c7d
Author: Nipun Shukla <[email protected]>
Date: 2025-10-24 (Fri, 24 Oct 2025)
Changed paths:
A LayoutTests/fast/css/contain-intrinsic-size-does-not-leak-expected.txt
A LayoutTests/fast/css/contain-intrinsic-size-does-not-leak.html
A LayoutTests/fast/css/resources/contain-intrinsic-size-leak-test.html
M Source/WebCore/bindings/js/JSResizeObserverCustom.cpp
M Source/WebCore/page/ResizeObserver.cpp
M Source/WebCore/page/ResizeObserver.h
Log Message:
-----------
Cherry-pick 301243@main (687f8f0e2b6b).
https://bugs.webkit.org/show_bug.cgi?id=300275
[World Leaks] Investigate leaks in
LayoutTests/imported/w3c/web-platform-tests/css/css-sizing/contain-intrinsic-size/
https://bugs.webkit.org/show_bug.cgi?id=300275
rdar://162081020
Reviewed by Ryosuke Niwa.
Document holds a RefPtr<m_resizeObserverForContainIntrinsicSize> which
holds a
Vector<GCReachableRef<Element>>, which internally is a vector of
RefPtr<Element>
causing a leak, which impacts approximately 15 tests. This is fixed by
changing the
vector to a Vector<WeakPtr<Element>>.
Test: fast/css/contain-intrinsic-size-does-not-leak.html
* LayoutTests/fast/css/contain-intrinsic-size-does-not-leak-expected.txt:
Added.
* LayoutTests/fast/css/contain-intrinsic-size-does-not-leak.html: Added.
* LayoutTests/fast/css/resources/contain-intrinsic-size-leak-test.html:
Added.
* Source/WebCore/bindings/js/JSResizeObserverCustom.cpp:
(WebCore::JSResizeObserver::visitAdditionalChildren):
* Source/WebCore/page/ResizeObserver.cpp:
(WebCore::ResizeObserver::observeInternal):
(WebCore::ResizeObserver::gatherObservations):
(WebCore::ResizeObserver::deliverObservations):
(WebCore::ResizeObserver::isReachableFromOpaqueRoots const):
(WebCore::ResizeObserver::removeAllTargets):
(WebCore::ResizeObserver::removeObservation):
* Source/WebCore/page/ResizeObserver.h:
(WebCore::ResizeObserver::WTF_REQUIRES_LOCK):
(WebCore::ResizeObserver::WTF_RETURNS_LOCK):
Canonical link: https://commits.webkit.org/301243@main
Canonical link: https://commits.webkit.org/298234.211@webkitglib/2.50
Commit: a89ad2823b737a1a6567c6caa819e11020992107
https://github.com/WebKit/WebKit/commit/a89ad2823b737a1a6567c6caa819e11020992107
Author: Anthony Tarbinian <[email protected]>
Date: 2025-10-24 (Fri, 24 Oct 2025)
Changed paths:
A LayoutTests/ipc/async-with-reply-destination-id-zero-expected.txt
A LayoutTests/ipc/async-with-reply-destination-id-zero.html
M Source/WebKit/Platform/IPC/Connection.cpp
Log Message:
-----------
Cherry-pick 301811@main (4a5d0682ce8f).
https://bugs.webkit.org/show_bug.cgi?id=300836
[CoreIPC] [Fuzz Blocker] Disallow async reply messages with destinationID 0
https://bugs.webkit.org/show_bug.cgi?id=300836
rdar://161637876
Reviewed by Alex Christensen.
This patch disallows CoreIPC async replies with invalid destination IDs.
Invalid destination IDs include 0 and std::numerical_limits<uint64_t>.
This patch adds a check while processing incoming event replies and marks
async event replies as invalid. By marking the message as invalid, the
WebContent process sent this message will be terminated. In IPC testing
mode,
it drops the invalid message without termination.
The accompanying test case tries to send an async reply with a destination
ID of 0 and is expected to crash (as indicated in the TestExpectations).
Test: ipc/async-with-reply-destination-id-zero.html
* LayoutTests/ipc/async-with-reply-destination-id-zero-expected.txt: Added.
* LayoutTests/ipc/async-with-reply-destination-id-zero.html: Added.
* Source/WebKit/Platform/IPC/Connection.cpp:
(IPC::Connection::processIncomingMessage):
Canonical link: https://commits.webkit.org/301811@main
Canonical link: https://commits.webkit.org/298234.212@webkitglib/2.50
Commit: 12f4380c92b2bec324034023216e8d424b263b02
https://github.com/WebKit/WebKit/commit/12f4380c92b2bec324034023216e8d424b263b02
Author: Adrian Perez de Castro <[email protected]>
Date: 2025-10-24 (Fri, 24 Oct 2025)
Changed paths:
M Source/WebKit/WPEPlatform/CMakeLists.txt
M Source/WebKit/WPEPlatform/wpe/drm/CMakeLists.txt
M Source/WebKit/WPEPlatform/wpe/headless/CMakeLists.txt
M Source/WebKit/WPEPlatform/wpe/wayland/CMakeLists.txt
Log Message:
-----------
Cherry-pick 302078@main (c66516c8b493).
https://bugs.webkit.org/show_bug.cgi?id=301417
[CMake] WPEPlatform is missing a dependency on the enum types generated
header
https://bugs.webkit.org/show_bug.cgi?id=301417
Reviewed by Carlos Garcia Campos.
Make the WPEPlatform target dependend on the
WPEPlatformGeneratedEnumTypesHeader
one. This ensures that the WPEEnumTypes.h header gets generated first before
the sources themselves get compiled.
Each of the drm, headless, and wayland backend implementations no longer
need to
explicitly depend on WPEPlatformGeneratedEnumTypesHeader, because it is now
a
transitive dependency (through the WPEPlatform target).
Canonical link: https://commits.webkit.org/302078@main
Canonical link: https://commits.webkit.org/298234.213@webkitglib/2.50
Compare: https://github.com/WebKit/WebKit/compare/515fa703d304...12f4380c92b2
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
