Bug 178712 - SizesAttributeParser::SizesAttributeParser triggers layout
Summary: SizesAttributeParser::SizesAttributeParser triggers layout
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: CSS (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Ryosuke Niwa
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2017-10-23 23:01 PDT by Ryosuke Niwa
Modified: 2017-10-24 10:24 PDT (History)
10 users (show)

See Also:


Attachments
Reverts r213711 (1.91 KB, patch)
2017-10-24 00:14 PDT, Ryosuke Niwa
no flags Details | Formatted Diff | Diff
Archive of layout-test-results from ews105 for mac-elcapitan-wk2 (1.50 MB, application/zip)
2017-10-24 00:50 PDT, Build Bot
no flags Details
Patch for landing (2.95 KB, patch)
2017-10-24 01:28 PDT, Ryosuke Niwa
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Ryosuke Niwa 2017-10-23 23:01:37 PDT
SizesAttributeParser::SizesAttributeParser triggers layout but this function is called inside Node::insertedIntoAncestor.
This is dangerous because updating layout could end up running arbitrary scripts.
Comment 1 Radar WebKit Bug Importer 2017-10-23 23:02:32 PDT
<rdar://problem/35143533>
Comment 2 Ryosuke Niwa 2017-10-24 00:14:32 PDT
Created attachment 324655 [details]
Reverts r213711
Comment 3 Antti Koivisto 2017-10-24 00:15:55 PDT
Comment on attachment 324655 [details]
Reverts r213711

r=me
Comment 4 Ryosuke Niwa 2017-10-24 00:45:37 PDT
Waiting for EWS...
Comment 5 Build Bot 2017-10-24 00:50:09 PDT
Comment on attachment 324655 [details]
Reverts r213711

Attachment 324655 [details] did not pass mac-wk2-ews (mac-wk2):
Output: http://webkit-queues.webkit.org/results/4967867

Number of test failures exceeded the failure limit.
Comment 6 Build Bot 2017-10-24 00:50:11 PDT
Created attachment 324658 [details]
Archive of layout-test-results from ews105 for mac-elcapitan-wk2

The attached test failures were seen while running run-webkit-tests on the mac-wk2-ews.
Bot: ews105  Port: mac-elcapitan-wk2  Platform: Mac OS X 10.11.6
Comment 7 Ryosuke Niwa 2017-10-24 01:19:28 PDT
Somehow CSP is badly broken on mac-wk2.... that sound scary but I don't think it's anything to do with this patch.

Regressions: Unexpected text-only failures (30)
  http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked.html [ Failure ]
  http/tests/security/contentSecurityPolicy/1.1/scriptnonce-invalidnonce.html [ Failure ]
  http/tests/security/contentSecurityPolicy/same-origin-plugin-document-blocked-in-child-window.html [ Failure ]
  http/tests/security/contentSecurityPolicy/script-loads-with-img-src.html [ Failure ]
  http/tests/security/contentSecurityPolicy/script-src-in-iframe.html [ Failure ]
  http/tests/security/contentSecurityPolicy/script-src-none-inline-event.html [ Failure ]
  http/tests/security/contentSecurityPolicy/script-src-none.html [ Failure ]
  http/tests/security/contentSecurityPolicy/script-src-redirect.html [ Failure ]
  http/tests/security/contentSecurityPolicy/script-src-self-blocked-01.html [ Failure ]
  http/tests/security/contentSecurityPolicy/script-src-self-blocked-02.html [ Failure ]
  http/tests/security/contentSecurityPolicy/script-src-self-blocked-03.html [ Failure ]
  http/tests/security/contentSecurityPolicy/script-src-self.html [ Failure ]
  http/tests/security/contentSecurityPolicy/script-src-star-cross-scheme.html [ Failure ]
  http/tests/security/contentSecurityPolicy/source-list-parsing-01.html [ Failure ]
  http/tests/security/contentSecurityPolicy/source-list-parsing-02.html [ Failure ]
  http/tests/security/contentSecurityPolicy/source-list-parsing-03.html [ Failure ]
  http/tests/security/xssAuditor/link-onclick-control-char.html [ Failure ]
  http/tests/security/xssAuditor/link-onclick-entities.html [ Failure ]
  http/tests/security/xssAuditor/link-onclick-null-char.html [ Failure ]
  http/tests/security/xssAuditor/link-onclick.html [ Failure ]
  http/tests/security/xssAuditor/open-iframe-src-01.html [ Failure ]
  http/tests/security/xssAuditor/open-iframe-src-02.html [ Failure ]
  http/tests/websocket/tests/hybi/httponly-cookie.pl [ Failure ]
  http/tests/xmlhttprequest/access-control-and-redirects-async-same-origin.html [ Failure ]
  http/tests/xmlhttprequest/access-control-and-redirects-async.html [ Failure ]
  http/tests/xmlhttprequest/access-control-and-redirects.html [ Failure ]
  http/tests/xmlhttprequest/access-control-basic-allow-access-control-origin-header-data-url.html [ Failure ]
  http/tests/xmlhttprequest/access-control-basic-allow-access-control-origin-header.html [ Failure ]
  http/tests/xmlhttprequest/access-control-basic-allow-async.html [ Failure ]
  http/tests/xmlhttprequest/workers/referer.html [ Failure ]
Comment 8 Ryosuke Niwa 2017-10-24 01:28:11 PDT
Created attachment 324659 [details]
Patch for landing
Comment 9 Ryosuke Niwa 2017-10-24 01:28:31 PDT
Comment on attachment 324659 [details]
Patch for landing

Wait for EWS first.
Comment 10 WebKit Commit Bot 2017-10-24 10:24:43 PDT
Comment on attachment 324659 [details]
Patch for landing

Clearing flags on attachment: 324659

Committed r223895: <https://trac.webkit.org/changeset/223895>
Comment 11 WebKit Commit Bot 2017-10-24 10:24:45 PDT
All reviewed patches have been landed.  Closing bug.