Title: [91427] branches/safari-534.51-branch
- Revision
- 91427
- Author
- lforsch...@apple.com
- Date
- 2011-07-20 17:22:42 -0700 (Wed, 20 Jul 2011)
Log Message
Merge r88549.
Modified Paths
Added Paths
Diff
Modified: branches/safari-534.51-branch/LayoutTests/ChangeLog (91426 => 91427)
--- branches/safari-534.51-branch/LayoutTests/ChangeLog 2011-07-21 00:13:39 UTC (rev 91426)
+++ branches/safari-534.51-branch/LayoutTests/ChangeLog 2011-07-21 00:22:42 UTC (rev 91427)
@@ -1,5 +1,20 @@
2011-07-20 Lucas Forschler <lforsch...@apple.com>
+ Merged 88549.
+
+ 2011-06-10 Abhishek Arya <infe...@chromium.org>
+
+ Reviewed by Tony Gentilcore.
+
+ Tests that trying to remove all document children while building a svg <use>
+ element shadow and instance tree does not result in crash.
+ https://bugs.webkit.org/show_bug.cgi?id=62225
+
+ * svg/dom/use-style-recalc-script-execute-crash-expected.txt: Added.
+ * svg/dom/use-style-recalc-script-execute-crash.html: Added.
+
+2011-07-20 Lucas Forschler <lforsch...@apple.com>
+
Merged 88456.
2011-06-08 Abhishek Arya <infe...@chromium.org>
Copied: branches/safari-534.51-branch/LayoutTests/svg/dom/use-style-recalc-script-execute-crash-expected.txt (from rev 88549, trunk/LayoutTests/svg/dom/use-style-recalc-script-execute-crash-expected.txt) (0 => 91427)
--- branches/safari-534.51-branch/LayoutTests/svg/dom/use-style-recalc-script-execute-crash-expected.txt (rev 0)
+++ branches/safari-534.51-branch/LayoutTests/svg/dom/use-style-recalc-script-execute-crash-expected.txt 2011-07-21 00:22:42 UTC (rev 91427)
@@ -0,0 +1 @@
+Test passes if it does not crash and "script" inside "rect" does not execute.
Copied: branches/safari-534.51-branch/LayoutTests/svg/dom/use-style-recalc-script-execute-crash.html (from rev 88549, trunk/LayoutTests/svg/dom/use-style-recalc-script-execute-crash.html) (0 => 91427)
--- branches/safari-534.51-branch/LayoutTests/svg/dom/use-style-recalc-script-execute-crash.html (rev 0)
+++ branches/safari-534.51-branch/LayoutTests/svg/dom/use-style-recalc-script-execute-crash.html 2011-07-21 00:22:42 UTC (rev 91427)
@@ -0,0 +1,19 @@
+<!DOCTYPE html>
+<html>
+Test passes if it does not crash and "script" inside "rect" does not execute.
+<script>
+if (window.layoutTestController)
+ layoutTestController.dumpAsText();
+</script>
+<svg>
+<g>
+<use xlink:href=""
+<rect id="test">
+<script>
+document.body.innerHTML = "FAIL";
+</script>
+</rect>
+</g>
+</svg>
+</html>
+
Modified: branches/safari-534.51-branch/Source/WebCore/ChangeLog (91426 => 91427)
--- branches/safari-534.51-branch/Source/WebCore/ChangeLog 2011-07-21 00:13:39 UTC (rev 91426)
+++ branches/safari-534.51-branch/Source/WebCore/ChangeLog 2011-07-21 00:22:42 UTC (rev 91427)
@@ -1,5 +1,21 @@
2011-07-20 Lucas Forschler <lforsch...@apple.com>
+ Merged 88549.
+
+ 2011-06-10 James Simonsen <simon...@chromium.org>
+
+ Reviewed by Tony Gentilcore.
+
+ Don't execute scripts in shadow SVG.
+ https://bugs.webkit.org/show_bug.cgi?id=62225
+
+ Test: svg/dom/use-style-recalc-script-execute-crash.html
+
+ * dom/ScriptElement.cpp:
+ (WebCore::ScriptElement::prepareScript):
+
+2011-07-20 Lucas Forschler <lforsch...@apple.com>
+
Merged 88456.
2011-06-08 Abhishek Arya <infe...@chromium.org>
Modified: branches/safari-534.51-branch/Source/WebCore/dom/ScriptElement.cpp (91426 => 91427)
--- branches/safari-534.51-branch/Source/WebCore/dom/ScriptElement.cpp 2011-07-21 00:13:39 UTC (rev 91426)
+++ branches/safari-534.51-branch/Source/WebCore/dom/ScriptElement.cpp 2011-07-21 00:22:42 UTC (rev 91427)
@@ -203,6 +203,14 @@
if (!m_element->document()->frame()->script()->canExecuteScripts(AboutToExecuteScript))
return false;
+ // FIXME: This is non-standard. Remove this after https://bugs.webkit.org/show_bug.cgi?id=62412.
+ Node* ancestor = m_element->parentNode();
+ while (ancestor) {
+ if (ancestor->isSVGShadowRoot())
+ return false;
+ ancestor = ancestor->parentNode();
+ }
+
if (!isScriptForEventSupported())
return false;
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes
