64779 – Yielding the parser for first paint causes problems with <svg><use><script>

RESOLVED DUPLICATE of bug 78902 Bug 64779

Yielding the parser for first paint causes problems with <svg><use><script>

https://bugs.webkit.org/show_bug.cgi?id=64779

Summary Yielding the parser for first paint causes problems with <svg><use><script>

James Simonsen

Reported 2011-07-18 20:29:05 PDT

If bug 64419 is fixed, svg/dom/use-style-recalc-script-execute-crash.html will start crashing. The problem is that the parser yields after parsing the second </script>, but before executing it. The parser is yielding to allow the first paint to occur. When the parser yields, recalcStyle() will process the <svg use> tag and build a shadow DOM for it. The shadow DOM clones the elements from the main DOM. This includes the parsed, but un-executed, second script. The cloned script will execute, because its m_alreadyStarted is false, when it's inserted in the shadow DOM. When control returns to the parser, it will execute the original script. So, we'll have executed the same block of script twice.

Attachments
Add attachment proposed patch, testcase, etc.

Nikolas Zimmermann

Comment 1 2012-02-25 02:46:18 PST

Bug 78902 fixes this problem as well. The shadow tree is no more constructed on recalcStyle() time. *** This bug has been marked as a duplicate of bug 78902 ***

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution DUPLICATE

of bug 78902

Priority P2

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware Unspecified

OS Unspecified

Product WebKit

Component WebCore Misc.

Assignee

Nobody

Reported

2011-07-18 20:29 PDT

Modified

2012-02-25 02:46 PST History

CC List

4 users Show

URL

Keywords

Depends on

Blocks

64419

Dependancies

tree graph