Skip to site navigation (Press enter)

[webkit-changes] [122825] trunk

shinyak Tue, 17 Jul 2012 01:37:51 -0700

Title: [122825] trunk

Revision: 122825
Author: [email protected]
Date: 2012-07-17 01:37:42 -0700 (Tue, 17 Jul 2012)

Log Message

[Regression] Infinite loop in document.elementFromPoint
https://bugs.webkit.org/show_bug.cgi?id=90820


Reviewed by Nikolas Zimmermann.

Source/WebCore:

Node::shadowAncestorNode returns the caller node itself for SVGElement. However,
since we have already implemented event retargeting algorithm in Shadow DOM, we don't have to
take a special care of SVGElement for Node.shadowAncestorNode() now.

This patch will removes the special care code and fixes infinite loop in document.elementFromPoint().

Test: svg/hittest/svg-use-element-from-point.html

* dom/Node.cpp:
(WebCore::Node::shadowAncestorNode):

LayoutTests:

* svg/hittest/svg-use-element-from-point-expected.txt: Added.
* svg/hittest/svg-use-element-from-point.html: Added.

Modified Paths

trunk/LayoutTests/ChangeLog
trunk/Source/WebCore/ChangeLog
trunk/Source/WebCore/dom/Node.cpp

Added Paths

trunk/LayoutTests/svg/hittest/svg-use-element-from-point-expected.txt
trunk/LayoutTests/svg/hittest/svg-use-element-from-point.html

Diff

Modified: trunk/LayoutTests/ChangeLog (122824 => 122825)


--- trunk/LayoutTests/ChangeLog	2012-07-17 08:27:27 UTC (rev 122824)
+++ trunk/LayoutTests/ChangeLog	2012-07-17 08:37:42 UTC (rev 122825)
@@ -1,5 +1,15 @@
 2012-07-17  Shinya Kawanaka  <[email protected]>
 
+        [Regression] Infinite loop in document.elementFromPoint
+        https://bugs.webkit.org/show_bug.cgi?id=90820
+
+        Reviewed by Nikolas Zimmermann.
+
+        * svg/hittest/svg-use-element-from-point-expected.txt: Added.
+        * svg/hittest/svg-use-element-from-point.html: Added.
+
+2012-07-17  Shinya Kawanaka  <[email protected]>
+
         Shadow DOM for img element
         https://bugs.webkit.org/show_bug.cgi?id=90532

Added: trunk/LayoutTests/svg/hittest/svg-use-element-from-point-expected.txt (0 => 122825)


--- trunk/LayoutTests/svg/hittest/svg-use-element-from-point-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/svg/hittest/svg-use-element-from-point-expected.txt	2012-07-17 08:37:42 UTC (rev 122825)
@@ -0,0 +1,4 @@
+elementFromPoint should not enter infinite loop.
+
+PASS
+

Added: trunk/LayoutTests/svg/hittest/svg-use-element-from-point.html (0 => 122825)


--- trunk/LayoutTests/svg/hittest/svg-use-element-from-point.html	                        (rev 0)
+++ trunk/LayoutTests/svg/hittest/svg-use-element-from-point.html	2012-07-17 08:37:42 UTC (rev 122825)
@@ -0,0 +1,21 @@
+<!DOCTYPE html>
+<html>
+<body>
+    <p>elementFromPoint should not enter infinite loop.</p>
+    <pre id='console'></pre>
+    <div id="status"></div>
+    <svg id="svg" width="600" height="400" xmlns="http://www.w3.org/2000/svg" version="1.0">
+        <defs>
+            <circle id="circle" cx="100" cy="75" r="40" fill="#feae00" stroke="#f31900" stroke-width="15" pointer-events="all"/>
+        </defs>
+        <use xlink:href="" x="0" y="0"></use>
+    </svg>
+    <script>
+        if (window.testRunner)
+            testRunner.dumpAsText();
+
+        document.elementFromPoint(100, 100);
+        document.getElementById('console').innerHTML = "PASS";
+    </script>
+  </body>
+</html>

Modified: trunk/Source/WebCore/ChangeLog (122824 => 122825)


--- trunk/Source/WebCore/ChangeLog	2012-07-17 08:27:27 UTC (rev 122824)
+++ trunk/Source/WebCore/ChangeLog	2012-07-17 08:37:42 UTC (rev 122825)
@@ -1,3 +1,21 @@
+2012-07-17  Shinya Kawanaka  <[email protected]> 
+
+        [Regression] Infinite loop in document.elementFromPoint
+        https://bugs.webkit.org/show_bug.cgi?id=90820
+
+        Reviewed by Nikolas Zimmermann.
+
+        Node::shadowAncestorNode returns the caller node itself for SVGElement. However,
+        since we have already implemented event retargeting algorithm in Shadow DOM, we don't have to
+        take a special care of SVGElement for Node.shadowAncestorNode() now.
+
+        This patch will removes the special care code and fixes infinite loop in document.elementFromPoint().
+
+        Test: svg/hittest/svg-use-element-from-point.html
+
+        * dom/Node.cpp:
+        (WebCore::Node::shadowAncestorNode):
+
 2012-07-17  Shinya Kawanaka  <[email protected]>
 
         Shadow DOM for img element

Modified: trunk/Source/WebCore/dom/Node.cpp (122824 => 122825)


--- trunk/Source/WebCore/dom/Node.cpp	2012-07-17 08:27:27 UTC (rev 122824)
+++ trunk/Source/WebCore/dom/Node.cpp	2012-07-17 08:37:42 UTC (rev 122825)
@@ -1397,15 +1397,6 @@
 
 Node* Node::shadowAncestorNode() const
 {
-#if ENABLE(SVG)
-    // SVG elements living in a shadow tree only occur when <use> created them.
-    // For these cases we do NOT want to return the shadowParentNode() here
-    // but the actual shadow tree element - as main difference to the HTML forms
-    // shadow tree concept. (This function _could_ be made virtual - opinions?)
-    if (isSVGElement())
-        return const_cast<Node*>(this);
-#endif
-
     if (ShadowRoot* root = shadowRoot())
         return root->host();

_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo/webkit-changes