[Webkit-unassigned] [Bug 64779] New: Yielding the parser for first paint causes problems with <svg><use><script>
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Jul 18 20:29:05 PDT 2011
https://bugs.webkit.org/show_bug.cgi?id=64779
Summary: Yielding the parser for first paint causes problems
with <svg><use><script>
Product: WebKit
Version: 528+ (Nightly build)
Platform: Unspecified
OS/Version: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: WebCore Misc.
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: simonjam at chromium.org
CC: inferno at chromium.org, tonyg at chromium.org
Blocks: 64419
If bug 64419 is fixed, svg/dom/use-style-recalc-script-execute-crash.html will start crashing.
The problem is that the parser yields after parsing the second </script>, but before executing it. The parser is yielding to allow the first paint to occur. When the parser yields, recalcStyle() will process the <svg use> tag and build a shadow DOM for it. The shadow DOM clones the elements from the main DOM. This includes the parsed, but un-executed, second script. The cloned script will execute, because its m_alreadyStarted is false, when it's inserted in the shadow DOM. When control returns to the parser, it will execute the original script. So, we'll have executed the same block of script twice.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list