Bug 27872

Summary: crash: external use script visibility
Product: WebKit Reporter: jay <jay>
Component: SVGAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Critical CC: charles.wei, eric, zimmermann
Priority: P2 Keywords: HasReduction
Version: 528+ (Nightly build)   
Hardware: Mac   
OS: OS X 10.5   
Attachments:
Description Flags
local testcase
none
testcase
none
crash report none

jay
Reported 2009-07-31 03:07:04 PDT
Created attachment 33866 [details] local testcase open attachment crash parity safari and mozilla perform as expected fixing bug 12499 may effect this bug
Attachments
local testcase (1.80 KB, image/svg+xml)
2009-07-31 03:07 PDT, jay 		no flags
Details
testcase (679 bytes, image/svg+xml)
2009-07-31 03:09 PDT, jay 		no flags
Details
crash report (30.28 KB, application/octet-stream)
2009-07-31 03:11 PDT, jay 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
jay
Comment 1 2009-07-31 03:09:00 PDT
Created attachment 33867 [details] testcase
jay
Comment 2 2009-07-31 03:11:37 PDT
Created attachment 33868 [details] crash report
jay
Comment 3 2009-07-31 03:14:33 PDT
local testcase is a simple svg file with symbol testcase crashes this machine at least this is pretty significant issue, as not only is the web app in development broken for safari in respect of bug 12499, Safari now crashes whereas other UAs work fine. please let me know if the crash report is not helpful, there are around 14 others ~:"
jay
Comment 4 2009-07-31 03:15:55 PDT
the description is slightly awry, to reiterate, testcase is the crash test. local testcase is the file that testcase links to...
Charles Wei
Comment 5 2009-09-27 01:05:19 PDT
It's the same root cause with #27693 for the crashing -- symbol non-exist. The difference is , with this one, the symbol is in another external document, while the document is not loaded at all . Need to investigate why the external document is not loaded.
Nikolas Zimmermann
Comment 6 2009-09-30 15:45:43 PDT
Easy answer, it is not implemented at all. I skipped it in the initial <use> implementation, because of security concerns. This needs to be carefully implemented. All pieces related to the actual loading & caching of remote resources is of course already implemented in WebCore - a similar logic like 'ImageLoader'/'SVGImageLoader' is needed to handle external SVG document fragments. Once that logic is existant it's probably just a matter of parsing the remote document and cloning a deep-copy of the element in question and including it in the <use> shadow tree. This is a root of possible security problems, so we have to be extra-careful about what we allow to clone (ie. not a script element or sth. related!). Charles, I hope that helps you to get started?
Nikolas Zimmermann
Comment 7 2010-01-19 08:03:48 PST
Ok, crash fixed in ToT.
Note You need to log in before you can comment on or make changes to this bug.