This was filed in Blink (https://code.google.com/p/chromium/issues/detail?id=458461), but WebKit has the same issue.
Created attachment 251003 [details] Patch
Comment on attachment 251003 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=251003&action=review Looks good. > Source/WebCore/rendering/style/RenderStyle.cpp:1411 > + return clampTo<int>(lh.value()); I wonder if this does too much work compared to the Blink approach, since AFAIK the CSS Parser will not allow a negative value here.
(In reply to comment #2) > Comment on attachment 251003 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=251003&action=review > > Looks good. > > > Source/WebCore/rendering/style/RenderStyle.cpp:1411 > > + return clampTo<int>(lh.value()); > > I wonder if this does too much work compared to the Blink approach, since > AFAIK the CSS Parser will not allow a negative value here. Unless we have proof that the extra check is a bottleneck, I feel like using clampTo is more readable and simpler than the alternative.
Comment on attachment 251003 [details] Patch Clearing flags on attachment: 251003 Committed r182974: <http://trac.webkit.org/changeset/182974>
All reviewed patches have been landed. Closing bug.