Bug 64779 - Yielding the parser for first paint causes problems with <svg><use><script>
Summary: Yielding the parser for first paint causes problems with <svg><use><script>
Status: RESOLVED DUPLICATE of bug 78902
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebCore Misc. (show other bugs)
Version: 528+ (Nightly build)
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Nobody
URL:
Keywords:
Depends on:
Blocks: 64419
  Show dependency treegraph
 
Reported: 2011-07-18 20:29 PDT by James Simonsen
Modified: 2012-02-25 02:46 PST (History)
4 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description James Simonsen 2011-07-18 20:29:05 PDT 
If bug 64419 is fixed, svg/dom/use-style-recalc-script-execute-crash.html will start crashing.

The problem is that the parser yields after parsing the second </script>, but before executing it. The parser is yielding to allow the first paint to occur. When the parser yields, recalcStyle() will process the <svg use> tag and build a shadow DOM for it. The shadow DOM clones the elements from the main DOM. This includes the parsed, but un-executed, second script. The cloned script will execute, because its m_alreadyStarted is false, when it's inserted in the shadow DOM. When control returns to the parser, it will execute the original script. So, we'll have executed the same block of script twice.
Comment 1 Nikolas Zimmermann 2012-02-25 02:46:18 PST 
Bug 78902 fixes this problem as well. The shadow tree is no more constructed on recalcStyle() time.

*** This bug has been marked as a duplicate of bug 78902 ***