Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(292)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: third_party/WebKit/Source/core/dom/custom/CustomElementCallbackQueue.cpp

Issue 1427783004: Don't expose UA shadow roots in custom element callbacks (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: revert doc changes. Created 5 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« third_party/WebKit/LayoutTests/fast/dom/custom/svg-use-shadow-tree.html ('K') | « third_party/WebKit/LayoutTests/fast/dom/custom/svg-use-shadow-tree.html ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: third_party/WebKit/Source/core/dom/custom/CustomElementCallbackQueue.cpp
diff --git a/third_party/WebKit/Source/core/dom/custom/CustomElementCallbackQueue.cpp b/third_party/WebKit/Source/core/dom/custom/CustomElementCallbackQueue.cpp
index 150909c25a02f0af4a393bb8ad4c88ac67769c14..09c270c94a68e566061ac7caeb84f7b6fad62c8c 100644
--- a/third_party/WebKit/Source/core/dom/custom/CustomElementCallbackQueue.cpp
+++ b/third_party/WebKit/Source/core/dom/custom/CustomElementCallbackQueue.cpp
@@ -31,6 +31,8 @@
#include "config.h"
#include "core/dom/custom/CustomElementCallbackQueue.h"
+#include "core/dom/shadow/ShadowRoot.h"
+
namespace blink {
PassOwnPtrWillBeRawPtr<CustomElementCallbackQueue> CustomElementCallbackQueue::create(PassRefPtrWillBeRawPtr<Element> element)
@@ -51,15 +53,20 @@ bool CustomElementCallbackQueue::processInElementQueue(ElementQueueId caller)
ASSERT(!m_inCreatedCallback);
bool didWork = false;
- while (m_index < m_queue.size() && owner() == caller) {
- m_inCreatedCallback = m_queue[m_index]->isCreatedCallback();
+ // Never run custom element callbacks in UA shadow roots since that would
+ // leak the UA root and it's elements into the page.
+ ShadowRoot* shadowRoot = m_element->containingShadowRoot();
+ if (!shadowRoot || shadowRoot->type() != ShadowRootType::UserAgent) {
+ while (m_index < m_queue.size() && owner() == caller) {
+ m_inCreatedCallback = m_queue[m_index]->isCreatedCallback();
- // dispatch() may cause recursion which steals this callback
- // queue and reenters processInQueue. owner() == caller
- // detects this recursion and cedes processing.
- m_queue[m_index++]->dispatch(m_element.get());
- m_inCreatedCallback = false;
- didWork = true;
+ // dispatch() may cause recursion which steals this callback
+ // queue and reenters processInQueue. owner() == caller
+ // detects this recursion and cedes processing.
+ m_queue[m_index++]->dispatch(m_element.get());
+ m_inCreatedCallback = false;
+ didWork = true;
+ }
}
if (owner() == caller && m_index == m_queue.size()) {
« third_party/WebKit/LayoutTests/fast/dom/custom/svg-use-shadow-tree.html ('K') | « third_party/WebKit/LayoutTests/fast/dom/custom/svg-use-shadow-tree.html ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698