Bug 225044

Summary: HTMLImageElement should have an associated picture element only if inserted as a direct child
Product: WebKit Reporter: Cameron McCormack (:heycam) <heycam>
Component: ImagesAssignee: Cameron McCormack (:heycam) <heycam>
Status: RESOLVED FIXED    
Severity: Normal CC: cdumez, changseok, clopez, esprehn+autocc, ews-watchlist, gyuyoung.kim, rniwa, webkit-bug-importer, youennf
Priority: P2 Keywords: InRadar
Version: WebKit Local Build   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 222801    
Attachments:
Description Flags
Patch
none
Patch none

Cameron McCormack (:heycam)
Reported 2021-04-25 21:09:59 PDT
HTMLImageElement::insertedIntoAncestor doesn't check that we're appending the <img> as a direct child of a <picture>, which means that some random other ancestor <picture> could be used instead.
Attachments
Patch (3.94 KB, patch)
2021-04-25 23:09 PDT, Cameron McCormack (:heycam) 		no flags
DetailsFormatted DiffDiff
Patch (7.89 KB, patch)
2021-04-26 22:11 PDT, Cameron McCormack (:heycam) 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Cameron McCormack (:heycam)
Comment 1 2021-04-25 23:00:42 PDT
WPT PR that tests this: https://github.com/web-platform-tests/wpt/pull/28680 Forthcoming patch makes that test pass.
Cameron McCormack (:heycam)
Comment 2 2021-04-25 23:09:10 PDT
Created attachment 427022 [details] Patch
Ryosuke Niwa
Comment 3 2021-04-26 21:50:20 PDT
Comment on attachment 427022 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=427022&action=review > Source/WebCore/ChangeLog:8 > + Tests: https://github.com/web-platform-tests/wpt/pull/28680 Please update the imported test now that it has been merged upstream. > Source/WebCore/html/parser/HTMLConstructionSite.cpp:702 > if (is<HTMLPictureElement>(currentNode()) && is<HTMLImageElement>(*element)) > downcast<HTMLImageElement>(*element).setPictureElement(&downcast<HTMLPictureElement>(currentNode())); This is crazy. How is this code even needed?
Cameron McCormack (:heycam)
Comment 4 2021-04-26 22:11:48 PDT
Created attachment 427118 [details] Patch
EWS Watchlist
Comment 5 2021-04-26 22:12:45 PDT
This patch modifies the imported WPT tests. Please ensure that any changes on the tests (not coming from a WPT import) are exported to WPT. Please see https://trac.webkit.org/wiki/WPTExportProcess
EWS
Comment 6 2021-04-27 16:40:26 PDT
Committed r276679 (237096@main): <https://commits.webkit.org/237096@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 427118 [details].
Radar WebKit Bug Importer
Comment 7 2021-04-27 16:41:22 PDT
<rdar://problem/77237671>
Note You need to log in before you can comment on or make changes to this bug.