[webkit-changes] [140452] trunk/Source/WebCore

Tue, 22 Jan 2013 12:55:48 -0800

Title: [140452] trunk/Source/WebCore
Revision
140452
Author
[email protected]
Date
2013-01-22 12:57:32 -0800 (Tue, 22 Jan 2013)

Log Message

Assertion parent->inDocument() failed in WebCore::PseudoElement::PseudoElement
https://bugs.webkit.org/show_bug.cgi?id=106224

Reviewed by Ojan Vafai.

Appending a node that contains a <style> and also elements that should have
generated content can cause us to create PseudoElements in nodes that are not
yet inDocument because we may recalcStyle in HTMLStyleElement::insertedInto
triggering a reattach() which could then traverse into the siblings of the
<style> attaching them even though they are not yet inDocument.

This means that we should not assert about the parent of a PseudoElement
being inDocument as this is not always the case.

Instead forward Node::insertedInto and removedFrom notifications to
PseudoElements so they will correctly get their inDocument bit set. Nothing
in the code appears to depend on them being inDocument we just make sure to
set it so they're consistent with the rest of the document.

No new tests, there's no way to test that PseudoElements are really inDocument.

* dom/Element.cpp:
(WebCore::Element::insertedInto):
(WebCore::Element::removedFrom):
* dom/PseudoElement.cpp:
(WebCore::PseudoElement::PseudoElement):

Modified Paths

Diff

Modified: trunk/Source/WebCore/ChangeLog (140451 => 140452)


--- trunk/Source/WebCore/ChangeLog	2013-01-22 20:30:11 UTC (rev 140451)
+++ trunk/Source/WebCore/ChangeLog	2013-01-22 20:57:32 UTC (rev 140452)
@@ -1,3 +1,32 @@
+2013-01-22  Elliott Sprehn  <[email protected]>
+
+        Assertion parent->inDocument() failed in WebCore::PseudoElement::PseudoElement
+        https://bugs.webkit.org/show_bug.cgi?id=106224
+
+        Reviewed by Ojan Vafai.
+
+        Appending a node that contains a <style> and also elements that should have
+        generated content can cause us to create PseudoElements in nodes that are not
+        yet inDocument because we may recalcStyle in HTMLStyleElement::insertedInto
+        triggering a reattach() which could then traverse into the siblings of the
+        <style> attaching them even though they are not yet inDocument.
+
+        This means that we should not assert about the parent of a PseudoElement
+        being inDocument as this is not always the case.
+
+        Instead forward Node::insertedInto and removedFrom notifications to
+        PseudoElements so they will correctly get their inDocument bit set. Nothing
+        in the code appears to depend on them being inDocument we just make sure to
+        set it so they're consistent with the rest of the document.
+
+        No new tests, there's no way to test that PseudoElements are really inDocument.
+
+        * dom/Element.cpp:
+        (WebCore::Element::insertedInto):
+        (WebCore::Element::removedFrom):
+        * dom/PseudoElement.cpp:
+        (WebCore::PseudoElement::PseudoElement):
+
 2013-01-22  Alexis Menard  <[email protected]>
 
         Allow construction of unprefixed transition DOM events.

Modified: trunk/Source/WebCore/dom/Element.cpp (140451 => 140452)


--- trunk/Source/WebCore/dom/Element.cpp	2013-01-22 20:30:11 UTC (rev 140451)
+++ trunk/Source/WebCore/dom/Element.cpp	2013-01-22 20:57:32 UTC (rev 140452)
@@ -1138,6 +1138,12 @@
         setContainsFullScreenElementOnAncestorsCrossingFrameBoundaries(true);
 #endif
 
+    if (Element* before = pseudoElement(BEFORE))
+        before->insertedInto(insertionPoint);
+
+    if (Element* after = pseudoElement(AFTER))
+        after->insertedInto(insertionPoint);
+
     if (!insertionPoint->isInTreeScope())
         return InsertionDone;
 
@@ -1170,6 +1176,12 @@
     bool wasInDocument = insertionPoint->document();
 #endif
 
+    if (Element* before = pseudoElement(BEFORE))
+        before->removedFrom(insertionPoint);
+
+    if (Element* after = pseudoElement(AFTER))
+        after->removedFrom(insertionPoint);
+
 #if ENABLE(DIALOG_ELEMENT)
     if (isInTopLayer())
         document()->removeFromTopLayer(this);

Modified: trunk/Source/WebCore/dom/PseudoElement.cpp (140451 => 140452)


--- trunk/Source/WebCore/dom/PseudoElement.cpp	2013-01-22 20:30:11 UTC (rev 140451)
+++ trunk/Source/WebCore/dom/PseudoElement.cpp	2013-01-22 20:57:32 UTC (rev 140452)
@@ -44,7 +44,6 @@
     , m_pseudoId(pseudoId)
 {
     ASSERT(pseudoId != NOPSEUDO);
-    ASSERT(parent->inDocument());
     setParentOrHostNode(parent);
     setHasCustomCallbacks();
 }

_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to