Bug 91055

Summary: [Shadow DOM] <video> with <shadow> crashes
Product: WebKit Reporter: Hajime Morrita <morrita>
Component: DOMAssignee: Hajime Morrita <morrita>
Status: RESOLVED FIXED    
Severity: Normal CC: dglazkov, eric.carlson, feature-media-reviews, tkent, webkit.review.bot
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch none

Description Hajime Morrita 2012-07-12 00:58:24 PDT
This is upstream of http://code.google.com/p/chromium/issues/detail?id=136952
Comment 1 Hajime Morrita 2012-07-12 01:07:38 PDT
Created attachment 151878 [details]
Patch
Comment 2 Hajime Morrita 2012-07-12 01:08:08 PDT
Kent-san, could you take a look?
Comment 3 Kent Tamura 2012-07-12 01:38:45 PDT
Comment on attachment 151878 [details]
Patch

Looks ok.
Comment 4 WebKit Review Bot 2012-07-12 02:11:35 PDT
Comment on attachment 151878 [details]
Patch

Clearing flags on attachment: 151878

Committed r122432: <http://trac.webkit.org/changeset/122432>
Comment 5 WebKit Review Bot 2012-07-12 02:11:40 PDT
All reviewed patches have been landed.  Closing bug.
Comment 6 Eric Carlson 2012-07-12 07:42:44 PDT
Comment on attachment 151878 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=151878&action=review

> Source/WebCore/ChangeLog:11
> +        This change adds a guard for such case by cheking whether the

Typo: "cheking" should be "checking".

> Source/WebCore/html/HTMLMediaElement.cpp:495
> +    // Only allows nodes from the controls shadow subtree.
> +    return (mediaControls()->treeScope() == childContext.node()->treeScope()
> +            && childContext.isOnUpperEncapsulationBoundary() && HTMLElement::childShouldCreateRenderer(childContext));

"Only allows nodes from the controls shadow subtree" tells me what the code does but now why. 

Why are non-shadow child nodes not allowed to create a renderer?
Comment 7 Hajime Morrita 2012-07-12 17:39:33 PDT
(In reply to comment #6)
> (From update of attachment 151878 [details])
> View in context: https://bugs.webkit.org/attachment.cgi?id=151878&action=review
> 
> > Source/WebCore/ChangeLog:11
> > +        This change adds a guard for such case by cheking whether the
> 
> Typo: "cheking" should be "checking".
> 
> > Source/WebCore/html/HTMLMediaElement.cpp:495
> > +    // Only allows nodes from the controls shadow subtree.
> > +    return (mediaControls()->treeScope() == childContext.node()->treeScope()
> > +            && childContext.isOnUpperEncapsulationBoundary() && HTMLElement::childShouldCreateRenderer(childContext));
> 
> "Only allows nodes from the controls shadow subtree" tells me what the code does but now why. 
> 
> Why are non-shadow child nodes not allowed to create a renderer?

Good point. I'll (In reply to comment #6)
> (From update of attachment 151878 [details])
> View in context: https://bugs.webkit.org/attachment.cgi?id=151878&action=review
> 
> > Source/WebCore/ChangeLog:11
> > +        This change adds a guard for such case by cheking whether the
> 
> Typo: "cheking" should be "checking".
> 
> > Source/WebCore/html/HTMLMediaElement.cpp:495
> > +    // Only allows nodes from the controls shadow subtree.
> > +    return (mediaControls()->treeScope() == childContext.node()->treeScope()
> > +            && childContext.isOnUpperEncapsulationBoundary() && HTMLElement::childShouldCreateRenderer(childContext));
> 
> "Only allows nodes from the controls shadow subtree" tells me what the code does but now why. 
> 
> Why are non-shadow child nodes not allowed to create a renderer?
Good point. I'll clarify it on Bug 91174.