Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(26)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 1277793002: parserRemoveChild: Avoid unintended DOM modifications after user script run (Closed)

Created:
5 years, 4 months ago by kouhei (in TOK)
Modified:
5 years, 4 months ago
Reviewers:
tkent, Yuta Kitamura
CC:
blink-reviews, blink-reviews-dom_chromium.org, dglazkov+blink, sof, eae+blinkwatch, rwlbuis
Target Ref:
refs/remotes/origin/master
Project:
blink
Visibility:
Public.

Description

parserRemoveChild: Avoid unintended DOM modifications after user script run. Surprisingly, ContainerNode::parserRemoveChild may run arbitrary user script during its DOM modification if its target contained iframes. Before this CL, this could lead to corrupt DOM tree, as the target node could be moved during parserRemoveChild execution. This CL adds a bail-out if stmt after disconnecting child frame to abort if precondition has changed. BUG=516377 Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=200098

Patch Set 1 #

Patch Set 2 : add tests #

Unified diffs Side-by-side diffs Delta from patch set Stats (+34 lines, -3 lines) Patch
A LayoutTests/fast/parser/scriptexec-during-parserRemoveChild.html View 1 1 chunk +17 lines, -0 lines 0 comments Download
A LayoutTests/fast/parser/scriptexec-during-parserRemoveChild-expected.txt View 1 1 chunk +11 lines, -0 lines 0 comments Download
M Source/core/dom/ContainerNode.cpp View 1 chunk +6 lines, -3 lines 0 comments Download

Messages

Total messages: 6 (2 generated)
kouhei (in TOK)
PTAL
5 years, 4 months ago (2015-08-06 04:35:58 UTC) #2
tkent
lgtm
5 years, 4 months ago (2015-08-06 05:27:58 UTC) #3
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1277793002/20001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1277793002/20001
5 years, 4 months ago (2015-08-06 05:28:38 UTC) #5
commit-bot: I haz the power
5 years, 4 months ago (2015-08-06 06:10:16 UTC) #6
Message was sent while issue was closed. 
Committed patchset #2 (id:20001) as
https://src.chromium.org/viewvc/blink?view=rev&revision=200098

Powered by Google App Engine
This is Rietveld 408576698