Created attachment 33866 [details] local testcase open attachment crash parity safari and mozilla perform as expected fixing bug 12499 may effect this bug
Created attachment 33867 [details] testcase
Created attachment 33868 [details] crash report
local testcase is a simple svg file with symbol testcase crashes this machine at least this is pretty significant issue, as not only is the web app in development broken for safari in respect of bug 12499, Safari now crashes whereas other UAs work fine. please let me know if the crash report is not helpful, there are around 14 others ~:"
the description is slightly awry, to reiterate, testcase is the crash test. local testcase is the file that testcase links to...
It's the same root cause with #27693 for the crashing -- symbol non-exist. The difference is , with this one, the symbol is in another external document, while the document is not loaded at all . Need to investigate why the external document is not loaded.
Easy answer, it is not implemented at all. I skipped it in the initial <use> implementation, because of security concerns. This needs to be carefully implemented. All pieces related to the actual loading & caching of remote resources is of course already implemented in WebCore - a similar logic like 'ImageLoader'/'SVGImageLoader' is needed to handle external SVG document fragments. Once that logic is existant it's probably just a matter of parsing the remote document and cloning a deep-copy of the element in question and including it in the <use> shadow tree. This is a root of possible security problems, so we have to be extra-careful about what we allow to clone (ie. not a script element or sth. related!). Charles, I hope that helps you to get started?
Ok, crash fixed in ToT.