178712 – SizesAttributeParser::SizesAttributeParser triggers layout

RESOLVED FIXED 178712

SizesAttributeParser::SizesAttributeParser triggers layout

https://bugs.webkit.org/show_bug.cgi?id=178712

Summary SizesAttributeParser::SizesAttributeParser triggers layout

Ryosuke Niwa

Reported 2017-10-23 23:01:37 PDT

SizesAttributeParser::SizesAttributeParser triggers layout but this function is called inside Node::insertedIntoAncestor. This is dangerous because updating layout could end up running arbitrary scripts.

Attachments
Reverts r213711 (1.91 KB, patch) 2017-10-24 00:14 PDT, Ryosuke Niwa	no flags	Details Formatted Diff Diff
Archive of layout-test-results from ews105 for mac-elcapitan-wk2 (1.50 MB, application/zip) 2017-10-24 00:50 PDT, Build Bot	no flags	Details
Patch for landing (2.95 KB, patch) 2017-10-24 01:28 PDT, Ryosuke Niwa	no flags	Details Formatted Diff Diff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.

Radar WebKit Bug Importer

Comment 1 2017-10-23 23:02:32 PDT

<rdar://problem/35143533>

Ryosuke Niwa

Comment 2 2017-10-24 00:14:32 PDT

Created attachment 324655 [details] Reverts r213711

Antti Koivisto

Comment 3 2017-10-24 00:15:55 PDT

Comment on attachment 324655 [details] Reverts r213711 r=me

Ryosuke Niwa

Comment 4 2017-10-24 00:45:37 PDT

Waiting for EWS...

Build Bot

Comment 5 2017-10-24 00:50:09 PDT

Comment on attachment 324655 [details] Reverts r213711 Attachment 324655 [details] did not pass mac-wk2-ews (mac-wk2): Output: http://webkit-queues.webkit.org/results/4967867 Number of test failures exceeded the failure limit.

Build Bot

Comment 6 2017-10-24 00:50:11 PDT

Created attachment 324658 [details] Archive of layout-test-results from ews105 for mac-elcapitan-wk2 The attached test failures were seen while running run-webkit-tests on the mac-wk2-ews. Bot: ews105 Port: mac-elcapitan-wk2 Platform: Mac OS X 10.11.6

Ryosuke Niwa

Comment 7 2017-10-24 01:19:28 PDT

Somehow CSP is badly broken on mac-wk2.... that sound scary but I don't think it's anything to do with this patch. Regressions: Unexpected text-only failures (30) http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked.html [ Failure ] http/tests/security/contentSecurityPolicy/1.1/scriptnonce-invalidnonce.html [ Failure ] http/tests/security/contentSecurityPolicy/same-origin-plugin-document-blocked-in-child-window.html [ Failure ] http/tests/security/contentSecurityPolicy/script-loads-with-img-src.html [ Failure ] http/tests/security/contentSecurityPolicy/script-src-in-iframe.html [ Failure ] http/tests/security/contentSecurityPolicy/script-src-none-inline-event.html [ Failure ] http/tests/security/contentSecurityPolicy/script-src-none.html [ Failure ] http/tests/security/contentSecurityPolicy/script-src-redirect.html [ Failure ] http/tests/security/contentSecurityPolicy/script-src-self-blocked-01.html [ Failure ] http/tests/security/contentSecurityPolicy/script-src-self-blocked-02.html [ Failure ] http/tests/security/contentSecurityPolicy/script-src-self-blocked-03.html [ Failure ] http/tests/security/contentSecurityPolicy/script-src-self.html [ Failure ] http/tests/security/contentSecurityPolicy/script-src-star-cross-scheme.html [ Failure ] http/tests/security/contentSecurityPolicy/source-list-parsing-01.html [ Failure ] http/tests/security/contentSecurityPolicy/source-list-parsing-02.html [ Failure ] http/tests/security/contentSecurityPolicy/source-list-parsing-03.html [ Failure ] http/tests/security/xssAuditor/link-onclick-control-char.html [ Failure ] http/tests/security/xssAuditor/link-onclick-entities.html [ Failure ] http/tests/security/xssAuditor/link-onclick-null-char.html [ Failure ] http/tests/security/xssAuditor/link-onclick.html [ Failure ] http/tests/security/xssAuditor/open-iframe-src-01.html [ Failure ] http/tests/security/xssAuditor/open-iframe-src-02.html [ Failure ] http/tests/websocket/tests/hybi/httponly-cookie.pl [ Failure ] http/tests/xmlhttprequest/access-control-and-redirects-async-same-origin.html [ Failure ] http/tests/xmlhttprequest/access-control-and-redirects-async.html [ Failure ] http/tests/xmlhttprequest/access-control-and-redirects.html [ Failure ] http/tests/xmlhttprequest/access-control-basic-allow-access-control-origin-header-data-url.html [ Failure ] http/tests/xmlhttprequest/access-control-basic-allow-access-control-origin-header.html [ Failure ] http/tests/xmlhttprequest/access-control-basic-allow-async.html [ Failure ] http/tests/xmlhttprequest/workers/referer.html [ Failure ]

Ryosuke Niwa

Comment 8 2017-10-24 01:28:11 PDT

Created attachment 324659 [details] Patch for landing

Ryosuke Niwa

Comment 9 2017-10-24 01:28:31 PDT

Comment on attachment 324659 [details] Patch for landing Wait for EWS first.

WebKit Commit Bot

Comment 10 2017-10-24 10:24:43 PDT

Comment on attachment 324659 [details] Patch for landing Clearing flags on attachment: 324659 Committed r223895: <https://trac.webkit.org/changeset/223895>

WebKit Commit Bot

Comment 11 2017-10-24 10:24:45 PDT

All reviewed patches have been landed. Closing bug.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component CSS

Assignee

Ryosuke Niwa

Reported

2017-10-23 23:01 PDT

Modified

2017-10-24 10:24 PDT History

CC List

10 users Show

URL

Keywords InRadar

Depends on

Blocks