[SCM] WebKit Debian packaging branch, debian/unstable, updated. debian/1.1.15-1-40151-g37bb677
hyatt
hyatt at 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Sat Sep 26 07:40:01 UTC 2009
The following commit has been merged in the debian/unstable branch:
commit 64cb675da81b4b9cb4d550ac274209475c147c7a
Author: hyatt <hyatt at 268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Thu May 1 23:01:59 2003 +0000
Fix for 3239404, a crash caused because a block-level :after
element was being inserted as generated content inside an
inline element.
The fix is to mutate the display of the generated content to
be inline when the parent of the generated content is also
inline.
Section 12.1 of the CSS2 spec (at the very end of the spec)
covers this special case. Once we do the mutation it becomes
impossible for generated content to cause a splitFlow, and so
the crash is plugged.
Reviewed by john
* khtml/rendering/render_container.cpp:
(RenderContainer::insertPseudoChild):
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@4257 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/WebCore/ChangeLog-2003-10-25 b/WebCore/ChangeLog-2003-10-25
index 672eaf9..be425c5 100644
--- a/WebCore/ChangeLog-2003-10-25
+++ b/WebCore/ChangeLog-2003-10-25
@@ -1,5 +1,25 @@
2003-05-01 David Hyatt <hyatt at apple.com>
+ Fix for 3239404, a crash caused because a block-level :after
+ element was being inserted as generated content inside an
+ inline element.
+
+ The fix is to mutate the display of the generated content to
+ be inline when the parent of the generated content is also
+ inline.
+
+ Section 12.1 of the CSS2 spec (at the very end of the spec)
+ covers this special case. Once we do the mutation it becomes
+ impossible for generated content to cause a splitFlow, and so
+ the crash is plugged.
+
+ Reviewed by john
+
+ * khtml/rendering/render_container.cpp:
+ (RenderContainer::insertPseudoChild):
+
+2003-05-01 David Hyatt <hyatt at apple.com>
+
Replace effectiveWidth and effectiveHeight with a
parameterized overflowWidth/Height, since this is much better
terminology.
diff --git a/WebCore/ChangeLog-2005-08-23 b/WebCore/ChangeLog-2005-08-23
index 672eaf9..be425c5 100644
--- a/WebCore/ChangeLog-2005-08-23
+++ b/WebCore/ChangeLog-2005-08-23
@@ -1,5 +1,25 @@
2003-05-01 David Hyatt <hyatt at apple.com>
+ Fix for 3239404, a crash caused because a block-level :after
+ element was being inserted as generated content inside an
+ inline element.
+
+ The fix is to mutate the display of the generated content to
+ be inline when the parent of the generated content is also
+ inline.
+
+ Section 12.1 of the CSS2 spec (at the very end of the spec)
+ covers this special case. Once we do the mutation it becomes
+ impossible for generated content to cause a splitFlow, and so
+ the crash is plugged.
+
+ Reviewed by john
+
+ * khtml/rendering/render_container.cpp:
+ (RenderContainer::insertPseudoChild):
+
+2003-05-01 David Hyatt <hyatt at apple.com>
+
Replace effectiveWidth and effectiveHeight with a
parameterized overflowWidth/Height, since this is much better
terminology.
diff --git a/WebCore/khtml/rendering/render_container.cpp b/WebCore/khtml/rendering/render_container.cpp
index d1fa29a..7ef94d5 100644
--- a/WebCore/khtml/rendering/render_container.cpp
+++ b/WebCore/khtml/rendering/render_container.cpp
@@ -227,6 +227,13 @@ void RenderContainer::insertPseudoChild(RenderStyle::PseudoId type, RenderObject
pseudo->setOverflow(OVISIBLE); // FIXME: Glazman's blog does this. Wacky.
// This property might need to be allowed if the
// generated content is a block.
+
+ if (isInlineFlow() && pseudo->display() != INLINE)
+ // According to the CSS2 spec (the end of section 12.1), the only allowed
+ // display values for the pseudo style are NONE and INLINE. Since we already
+ // determined that the pseudo is not display NONE, any display other than
+ // inline should be mutated to INLINE.
+ pseudo->setDisplay(INLINE);
if (pseudo->contentType()==CONTENT_TEXT)
{
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list