Title: [126670] branches/chromium/1229/Source/WebCore/loader/cache/CachedCSSStyleSheet.cpp
- Revision
- 126670
- Author
- [email protected]
- Date
- 2012-08-24 18:25:33 -0700 (Fri, 24 Aug 2012)
Log Message
Merge 125292
BUG=140656
Review URL: https://chromiumcodereview.appspot.com/10868093
Modified Paths
Diff
Modified: branches/chromium/1229/Source/WebCore/loader/cache/CachedCSSStyleSheet.cpp (126669 => 126670)
--- branches/chromium/1229/Source/WebCore/loader/cache/CachedCSSStyleSheet.cpp 2012-08-25 01:16:36 UTC (rev 126669)
+++ branches/chromium/1229/Source/WebCore/loader/cache/CachedCSSStyleSheet.cpp 2012-08-25 01:25:33 UTC (rev 126670)
@@ -59,10 +59,13 @@
void CachedCSSStyleSheet::didAddClient(CachedResourceClient* c)
{
ASSERT(c->resourceClientType() == CachedStyleSheetClient::expectedType());
+ // CachedResource::didAddClient() must be before setCSSStyleSheet(),
+ // because setCSSStyleSheet() may cause scripts to be executed, which could destroy 'c' if it is an instance of HTMLLinkElement.
+ // see the comment of HTMLLinkElement::setCSSStyleSheet.
+ CachedResource::didAddClient(c);
+
if (!isLoading())
static_cast<CachedStyleSheetClient*>(c)->setCSSStyleSheet(m_resourceRequest.url(), m_response.url(), m_decoder->encoding().name(), this);
-
- CachedResource::didAddClient(c);
}
void CachedCSSStyleSheet::setEncoding(const String& chs)
_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo/webkit-changes
