Title: [145661] branches/safari-536.30-branch
- Revision
- 145661
- Author
- [email protected]
- Date
- 2013-03-12 18:33:33 -0700 (Tue, 12 Mar 2013)
Log Message
Merged r140520. <rdar://problem/13335020>
Modified Paths
Added Paths
Diff
Modified: branches/safari-536.30-branch/LayoutTests/ChangeLog (145660 => 145661)
--- branches/safari-536.30-branch/LayoutTests/ChangeLog 2013-03-13 01:31:11 UTC (rev 145660)
+++ branches/safari-536.30-branch/LayoutTests/ChangeLog 2013-03-13 01:33:33 UTC (rev 145661)
@@ -1,5 +1,19 @@
2013-03-12 Lucas Forschler <[email protected]>
+ Merge r140520
+
+ 2013-01-23 Hajime Morrita <[email protected]>
+
+ Invalidated SVG shadow tree should be always detached.
+ https://bugs.webkit.org/show_bug.cgi?id=107634
+
+ Reviewed by Ryosuke Niwa.
+
+ * svg/custom/use-invalidate-click-crash-expected.txt: Added.
+ * svg/custom/use-invalidate-click-crash.xhtml: Added.
+
+2013-03-12 Lucas Forschler <[email protected]>
+
Merge r140101
2013-01-17 Rafael Weinstein <[email protected]>
Copied: branches/safari-536.30-branch/LayoutTests/svg/custom/use-invalidate-click-crash-expected.txt (from rev 140520, trunk/LayoutTests/svg/custom/use-invalidate-click-crash-expected.txt) (0 => 145661)
--- branches/safari-536.30-branch/LayoutTests/svg/custom/use-invalidate-click-crash-expected.txt (rev 0)
+++ branches/safari-536.30-branch/LayoutTests/svg/custom/use-invalidate-click-crash-expected.txt 2013-03-13 01:33:33 UTC (rev 145661)
@@ -0,0 +1 @@
+PASS
Copied: branches/safari-536.30-branch/LayoutTests/svg/custom/use-invalidate-click-crash.xhtml (from rev 140520, trunk/LayoutTests/svg/custom/use-invalidate-click-crash.xhtml) (0 => 145661)
--- branches/safari-536.30-branch/LayoutTests/svg/custom/use-invalidate-click-crash.xhtml (rev 0)
+++ branches/safari-536.30-branch/LayoutTests/svg/custom/use-invalidate-click-crash.xhtml 2013-03-13 01:33:33 UTC (rev 145661)
@@ -0,0 +1,32 @@
+<html>
+<body id="body">
+<svg xmlns:xlink="http://www.w3.org/1999/xlink" xmlns="http://www.w3.org/2000/svg">
+
+<symbol id="target">
+ <text font-size="172cm">YYYYYYYYY</text>
+</symbol>
+<use xlink:href=""
+
+<script><![CDATA[
+function keyDownMouseClick(x1, y1, x2, y2)
+{
+ if (!window.eventSender)
+ return;
+ eventSender.mouseDown();
+ eventSender.mouseMoveTo(x2, y2);
+ eventSender.mouseUp();
+}
+
+if (window.testRunner)
+ testRunner.dumpAsText();
+
+var target = document.getElementById("target");
+keyDownMouseClick(333, 357, 155, 174);
+target.textContent = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX";
+keyDownMouseClick(115, 317, -16, -2);
+
+document.getElementById("body").textContent = "PASS"
+]]></script>
+</svg>
+</body>
+</html>
Modified: branches/safari-536.30-branch/Source/WebCore/ChangeLog (145660 => 145661)
--- branches/safari-536.30-branch/Source/WebCore/ChangeLog 2013-03-13 01:31:11 UTC (rev 145660)
+++ branches/safari-536.30-branch/Source/WebCore/ChangeLog 2013-03-13 01:33:33 UTC (rev 145661)
@@ -1,5 +1,29 @@
2013-03-12 Lucas Forschler <[email protected]>
+ Merge r140520
+
+ 2013-01-23 Hajime Morrita <[email protected]>
+
+ Invalidated SVG shadow tree should be always detached.
+ https://bugs.webkit.org/show_bug.cgi?id=107634
+
+ Reviewed by Ryosuke Niwa.
+
+ SVGUseElement::clearResourceReferences() uses removeAllChildren() for
+ clearing its shadow DOM, but this is wrong.
+ removeAllChildren() is designed for removing children of an out-of-document Node.
+ For efficiency, it skips a series of cleanup sequences like detach().
+
+ For removing SVG shadow tree which is in Document, removeChildren() should be used.
+ It does proper cleanup for the chilren.
+
+ Test: svg/custom/use-invalidate-click-crash.xhtml
+
+ * svg/SVGUseElement.cpp:
+ (WebCore::SVGUseElement::clearResourceReferences):
+
+2013-03-12 Lucas Forschler <[email protected]>
+
Merge r140101
2013-01-17 Rafael Weinstein <[email protected]>
Modified: branches/safari-536.30-branch/Source/WebCore/svg/SVGUseElement.cpp (145660 => 145661)
--- branches/safari-536.30-branch/Source/WebCore/svg/SVGUseElement.cpp 2013-03-13 01:31:11 UTC (rev 145660)
+++ branches/safari-536.30-branch/Source/WebCore/svg/SVGUseElement.cpp 2013-03-13 01:33:33 UTC (rev 145661)
@@ -390,7 +390,7 @@
{
// FIXME: We should try to optimize this, to at least allow partial reclones.
if (ShadowRoot* shadowTreeRootElement = shadowTree()->oldestShadowRoot())
- shadowTreeRootElement->removeAllChildren();
+ shadowTreeRootElement->removeChildren();
if (m_targetElementInstance) {
m_targetElementInstance->detach();
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
