[Webkit-unassigned] [Bug 169465] imported/w3c/web-platform-tests/html/semantics/embedded-content/the-img-element/sizes/parse-a-sizes-attribute.html is unreliable
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Oct 23 23:00:23 PDT 2017
https://bugs.webkit.org/show_bug.cgi?id=169465
Ryosuke Niwa <rniwa at webkit.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |rniwa at webkit.org
--- Comment #4 from Ryosuke Niwa <rniwa at webkit.org> ---
Comment on attachment 304039
--> https://bugs.webkit.org/attachment.cgi?id=304039
patch
View in context: https://bugs.webkit.org/attachment.cgi?id=304039&action=review
> Source/WebCore/css/parser/SizesAttributeParser.cpp:75
> + if (m_document.ownerElement())
> + m_document.ownerElement()->document().updateLayoutIgnorePendingStylesheets();
It's not safe to update layout here because this function is getting called within Node::insertedInto,
and updating layout could run arbitrary author scripts :(
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20171024/84b104f1/attachment.html>
More information about the webkit-unassigned
mailing list