225044 – HTMLImageElement should have an associated picture element only if inserted as a direct child

RESOLVED FIXED Bug 225044

HTMLImageElement should have an associated picture element only if inserted as a direct child

https://bugs.webkit.org/show_bug.cgi?id=225044

Summary HTMLImageElement should have an associated picture element only if inserted a...

Cameron McCormack (:heycam)

Reported 2021-04-25 21:09:59 PDT

HTMLImageElement::insertedIntoAncestor doesn't check that we're appending the <img> as a direct child of a <picture>, which means that some random other ancestor <picture> could be used instead.

Attachments
Patch (3.94 KB, patch) 2021-04-25 23:09 PDT, Cameron McCormack (:heycam)	no flags	Details Formatted Diff Diff
Patch (7.89 KB, patch) 2021-04-26 22:11 PDT, Cameron McCormack (:heycam)	no flags	Details Formatted Diff Diff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.

Cameron McCormack (:heycam)

Comment 1 2021-04-25 23:00:42 PDT

WPT PR that tests this: https://github.com/web-platform-tests/wpt/pull/28680 Forthcoming patch makes that test pass.

Cameron McCormack (:heycam)

Comment 2 2021-04-25 23:09:10 PDT

Created attachment 427022 [details] Patch

Ryosuke Niwa

Comment 3 2021-04-26 21:50:20 PDT

Comment on attachment 427022 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=427022&action=review > Source/WebCore/ChangeLog:8 > + Tests: https://github.com/web-platform-tests/wpt/pull/28680 Please update the imported test now that it has been merged upstream. > Source/WebCore/html/parser/HTMLConstructionSite.cpp:702 > if (is<HTMLPictureElement>(currentNode()) && is<HTMLImageElement>(*element)) > downcast<HTMLImageElement>(*element).setPictureElement(&downcast<HTMLPictureElement>(currentNode())); This is crazy. How is this code even needed?

Cameron McCormack (:heycam)

Comment 4 2021-04-26 22:11:48 PDT

Created attachment 427118 [details] Patch

EWS Watchlist

Comment 5 2021-04-26 22:12:45 PDT

This patch modifies the imported WPT tests. Please ensure that any changes on the tests (not coming from a WPT import) are exported to WPT. Please see https://trac.webkit.org/wiki/WPTExportProcess

EWS

Comment 6 2021-04-27 16:40:26 PDT

Committed r276679 (237096@main): <https://commits.webkit.org/237096@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 427118 [details].

Radar WebKit Bug Importer

Comment 7 2021-04-27 16:41:22 PDT

<rdar://problem/77237671>

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Local Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component Images

Assignee

Cameron McCormack (:heycam)

Reported

2021-04-25 21:09 PDT

Modified

2021-04-27 16:41 PDT History

CC List

9 users Show

URL

Keywords InRadar

Depends on

Blocks

222801

Dependancies

tree graph