SizesAttributeParser::SizesAttributeParser triggers layout but this function is called inside Node::insertedIntoAncestor. This is dangerous because updating layout could end up running arbitrary scripts.
<rdar://problem/35143533>
Created attachment 324655 [details] Reverts r213711
Comment on attachment 324655 [details] Reverts r213711 r=me
Waiting for EWS...
Comment on attachment 324655 [details] Reverts r213711 Attachment 324655 [details] did not pass mac-wk2-ews (mac-wk2): Output: http://webkit-queues.webkit.org/results/4967867 Number of test failures exceeded the failure limit.
Created attachment 324658 [details] Archive of layout-test-results from ews105 for mac-elcapitan-wk2 The attached test failures were seen while running run-webkit-tests on the mac-wk2-ews. Bot: ews105 Port: mac-elcapitan-wk2 Platform: Mac OS X 10.11.6
Somehow CSP is badly broken on mac-wk2.... that sound scary but I don't think it's anything to do with this patch. Regressions: Unexpected text-only failures (30) http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked.html [ Failure ] http/tests/security/contentSecurityPolicy/1.1/scriptnonce-invalidnonce.html [ Failure ] http/tests/security/contentSecurityPolicy/same-origin-plugin-document-blocked-in-child-window.html [ Failure ] http/tests/security/contentSecurityPolicy/script-loads-with-img-src.html [ Failure ] http/tests/security/contentSecurityPolicy/script-src-in-iframe.html [ Failure ] http/tests/security/contentSecurityPolicy/script-src-none-inline-event.html [ Failure ] http/tests/security/contentSecurityPolicy/script-src-none.html [ Failure ] http/tests/security/contentSecurityPolicy/script-src-redirect.html [ Failure ] http/tests/security/contentSecurityPolicy/script-src-self-blocked-01.html [ Failure ] http/tests/security/contentSecurityPolicy/script-src-self-blocked-02.html [ Failure ] http/tests/security/contentSecurityPolicy/script-src-self-blocked-03.html [ Failure ] http/tests/security/contentSecurityPolicy/script-src-self.html [ Failure ] http/tests/security/contentSecurityPolicy/script-src-star-cross-scheme.html [ Failure ] http/tests/security/contentSecurityPolicy/source-list-parsing-01.html [ Failure ] http/tests/security/contentSecurityPolicy/source-list-parsing-02.html [ Failure ] http/tests/security/contentSecurityPolicy/source-list-parsing-03.html [ Failure ] http/tests/security/xssAuditor/link-onclick-control-char.html [ Failure ] http/tests/security/xssAuditor/link-onclick-entities.html [ Failure ] http/tests/security/xssAuditor/link-onclick-null-char.html [ Failure ] http/tests/security/xssAuditor/link-onclick.html [ Failure ] http/tests/security/xssAuditor/open-iframe-src-01.html [ Failure ] http/tests/security/xssAuditor/open-iframe-src-02.html [ Failure ] http/tests/websocket/tests/hybi/httponly-cookie.pl [ Failure ] http/tests/xmlhttprequest/access-control-and-redirects-async-same-origin.html [ Failure ] http/tests/xmlhttprequest/access-control-and-redirects-async.html [ Failure ] http/tests/xmlhttprequest/access-control-and-redirects.html [ Failure ] http/tests/xmlhttprequest/access-control-basic-allow-access-control-origin-header-data-url.html [ Failure ] http/tests/xmlhttprequest/access-control-basic-allow-access-control-origin-header.html [ Failure ] http/tests/xmlhttprequest/access-control-basic-allow-async.html [ Failure ] http/tests/xmlhttprequest/workers/referer.html [ Failure ]
Created attachment 324659 [details] Patch for landing
Comment on attachment 324659 [details] Patch for landing Wait for EWS first.
Comment on attachment 324659 [details] Patch for landing Clearing flags on attachment: 324659 Committed r223895: <https://trac.webkit.org/changeset/223895>
All reviewed patches have been landed. Closing bug.