[Webkit-unassigned] [Bug 46761] Remove calls to Document::updateStyleForAllDocuments()

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Jan 18 12:33:28 PST 2011 

https://bugs.webkit.org/show_bug.cgi?id=46761





--- Comment #9 from Pratik Solanki <psolanki at apple.com>  2011-01-18 12:33:27 PST ---
Here is the DOM tree for the testcase

(gdb) call showTree(m_document)
*#document    0x106060600
    HTML    0x105925a80
        HEAD    0x1059235d0
        BODY    0x10592f960
            #text    0x105931e80 "\n\n"
            SCRIPT    0x1078806b0
                #text    0x1078506c0 "\n\nfunction log(message) {\n    document.body.appendChild(document.createTextNode(message));\n    document.body.appendChild(document.createElement('br'));\n}\n\nlog('PASS');\n"
            #text    0x105943e20 "PASS"
            BR    0x10785a950
            #text    0x107880990 "\n"

The problem is the last text node (0x107880990). The 'PASS' (0x105943e20) and BR (0x10785a950) nodes do get lazy attached. The last one, however, does not get lazy attached. The code in HTMLConstructionSite::attachAtSite() does

127        // JavaScript run from beforeload (or DOM Mutation or event handlers)
128        // might have removed the child, in which case we should not attach it.
129        if (child->parentNode() && site.parent->attached() && !child->attached())
130            child->attach();

Just before the attach I see

(gdb) fr
#0  WebCore::HTMLConstructionSite::attachAtSite (this=0x1059ef888, site=@0x7fff5fbfdbb0, prpChild=@0x7fff5fbfdbc0) at /Volumes/Data/psolanki/sources/external/WebKit/Source/WebCore/html/parser/HTMLConstructionSite.cpp:129
129        if (child->parentNode() && site.parent->attached() && !child->attached())
(gdb) call showTree(child.m_ptr)
BODY    0x1059dd250
    #text    0x105992a10 "\n\n"
    SCRIPT    0x108620200
        #text    0x10862e0b0 "\n\nfunction log(message) {\n    document.body.appendChild(document.createTextNode(message));\n    document.body.appendChild(document.createElement('br'));\n}\n\nlog('PASS');\n"
    #text    0x1059e7470 "PASS"
    BR    0x105d020a0
*    #text    0x10860fdc0 "\n"

So we are calling attach() on this textnode while the previous node (BR) is in lazy attach.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list