Bug 40895

Summary: Content Generated with Pseudo-Class ":before" on "ruby" Element Causes Crash
Product: WebKit Reporter: Hugh Guiney <hugh>
Component: CSSAssignee: Roland Steiner <rolandsteiner>
Severity: Normal CC: ap, rniwa, rolandsteiner, shanestephens
Priority: P1    
Version: 528+ (Nightly build)   
Hardware: PC   
OS: Windows XP   
Bug Depends on: 41040    
Bug Blocks:    

Description Hugh Guiney 2010-06-20 17:54:10 PDT
CSS in linked stylesheet, saved as UTF-8 w/o BOM:

ruby:before {

Where "[content]" is text (tested with "-", ".", and "text").

Crashes Safari 5.0 (7533.16), Chrome 5.0 (5.0.375.70), and latest WebKit nightly (r61358).

"ruby:after" works fine and so do a bunch of other elements with ":before".
Comment 1 Roland Steiner 2010-06-22 21:46:07 PDT
I can't seem to replicate this with a ToT build, could you provide a simple HTML file (+ CSS file if this happens only with external stylesheets) that causes the renderer to crash?

Now, the rendering is incorrect - the :before text should not become part of the first ruby base. Filed a sepearate bug https://bugs.webkit.org/show_bug.cgi?id=41040 for this.
Comment 2 Roland Steiner 2010-07-08 01:14:00 PDT
Added a patch to https://bugs.webkit.org/show_bug.cgi?id=41040.

That patch should (in theory) also fix any remaining crashing scenario remaining here.
Comment 3 Roland Steiner 2012-02-22 20:39:03 PST
Does this still or again cause issues? I cannot replicate this on Chrome 17.0.963.56 (WK 107431).
Comment 4 Shane Stephens 2012-02-23 03:07:35 PST
I guess we can close it then :)