Bug 91055

Summary: [Shadow DOM] <video> with <shadow> crashes
Product: WebKit Reporter: Hajime Morrita <morrita>
Component: DOMAssignee: Hajime Morrita <morrita>
Status: RESOLVED FIXED    
Severity: Normal CC: dglazkov, eric.carlson, feature-media-reviews, tkent, webkit.review.bot
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch none

Hajime Morrita
Reported 2012-07-12 00:58:24 PDT
This is upstream of http://code.google.com/p/chromium/issues/detail?id=136952
Attachments
Patch (5.63 KB, patch)
2012-07-12 01:07 PDT, Hajime Morrita 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Hajime Morrita
Comment 1 2012-07-12 01:07:38 PDT
Created attachment 151878 [details] Patch
Hajime Morrita
Comment 2 2012-07-12 01:08:08 PDT
Kent-san, could you take a look?
Kent Tamura
Comment 3 2012-07-12 01:38:45 PDT
Comment on attachment 151878 [details] Patch Looks ok.
WebKit Review Bot
Comment 4 2012-07-12 02:11:35 PDT
Comment on attachment 151878 [details] Patch Clearing flags on attachment: 151878 Committed r122432: <http://trac.webkit.org/changeset/122432>
WebKit Review Bot
Comment 5 2012-07-12 02:11:40 PDT
All reviewed patches have been landed. Closing bug.
Eric Carlson
Comment 6 2012-07-12 07:42:44 PDT
Comment on attachment 151878 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=151878&action=review > Source/WebCore/ChangeLog:11 > + This change adds a guard for such case by cheking whether the Typo: "cheking" should be "checking". > Source/WebCore/html/HTMLMediaElement.cpp:495 > + // Only allows nodes from the controls shadow subtree. > + return (mediaControls()->treeScope() == childContext.node()->treeScope() > + && childContext.isOnUpperEncapsulationBoundary() && HTMLElement::childShouldCreateRenderer(childContext)); "Only allows nodes from the controls shadow subtree" tells me what the code does but now why. Why are non-shadow child nodes not allowed to create a renderer?
Hajime Morrita
Comment 7 2012-07-12 17:39:33 PDT
(In reply to comment #6) > (From update of attachment 151878 [details]) > View in context: https://bugs.webkit.org/attachment.cgi?id=151878&action=review > > > Source/WebCore/ChangeLog:11 > > + This change adds a guard for such case by cheking whether the > > Typo: "cheking" should be "checking". > > > Source/WebCore/html/HTMLMediaElement.cpp:495 > > + // Only allows nodes from the controls shadow subtree. > > + return (mediaControls()->treeScope() == childContext.node()->treeScope() > > + && childContext.isOnUpperEncapsulationBoundary() && HTMLElement::childShouldCreateRenderer(childContext)); > > "Only allows nodes from the controls shadow subtree" tells me what the code does but now why. > > Why are non-shadow child nodes not allowed to create a renderer? Good point. I'll (In reply to comment #6) > (From update of attachment 151878 [details]) > View in context: https://bugs.webkit.org/attachment.cgi?id=151878&action=review > > > Source/WebCore/ChangeLog:11 > > + This change adds a guard for such case by cheking whether the > > Typo: "cheking" should be "checking". > > > Source/WebCore/html/HTMLMediaElement.cpp:495 > > + // Only allows nodes from the controls shadow subtree. > > + return (mediaControls()->treeScope() == childContext.node()->treeScope() > > + && childContext.isOnUpperEncapsulationBoundary() && HTMLElement::childShouldCreateRenderer(childContext)); > > "Only allows nodes from the controls shadow subtree" tells me what the code does but now why. > > Why are non-shadow child nodes not allowed to create a renderer? Good point. I'll clarify it on Bug 91174.
Note You need to log in before you can comment on or make changes to this bug.