Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(472)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: Source/core/dom/ContainerNode.cpp

Issue 465593003: Merge 178976 "Call insertedInto or removedFrom before childrenCh..." (Closed) Base URL: svn://svn.chromium.org/blink/branches/chromium/2062/
Patch Set: Created 6 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « LayoutTests/fast/dom/script-remove-child-id-map-expected.txt ('k') | Source/core/html/HTMLOptionElement.cpp » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: Source/core/dom/ContainerNode.cpp
===================================================================
--- Source/core/dom/ContainerNode.cpp (revision 179984)
+++ Source/core/dom/ContainerNode.cpp (working copy)
@@ -294,6 +294,8 @@
if (nextChild.previousSibling() == newChild || &nextChild == newChild) // nothing to do
return;
+ RefPtrWillBeRawPtr<Node> protect(this);
+
if (document() != newChild->document())
document().adoptNode(newChild.get(), ASSERT_NO_EXCEPTION);
@@ -303,9 +305,7 @@
ChildListMutationScope(*this).childAdded(*newChild);
- childrenChanged(true, newChild->previousSibling(), &nextChild, 1);
-
- notifyNodeInserted(*newChild);
+ notifyNodeInserted(*newChild, ChildrenChangeSourceParser);
}
void ContainerNode::replaceChild(PassRefPtrWillBeRawPtr<Node> newChild, Node* oldChild, ExceptionState& exceptionState)
@@ -482,8 +482,8 @@
Node* prev = child->previousSibling();
Node* next = child->nextSibling();
removeBetween(prev, next, *child);
+ notifyNodeRemoved(*child);
childrenChanged(false, prev, next, -1);
- notifyNodeRemoved(*child);
}
dispatchSubtreeModifiedEvent();
}
@@ -564,23 +564,29 @@
document().nodeChildrenWillBeRemoved(*this);
}
-
+ // FIXME: Remove this NodeVector. Right now WebPluginContainerImpl::m_element is a
+ // raw ptr which means the code below can drop the last ref to a plugin element and
+ // then the code in UpdateSuspendScope::performDeferredWidgetTreeOperations will
+ // try to destroy the plugin which will be a use-after-free. We should use a RefPtr
+ // in the WebPluginContainerImpl instead.
NodeVector removedChildren;
{
HTMLFrameOwnerElement::UpdateSuspendScope suspendWidgetHierarchyUpdates;
+
{
NoEventDispatchAssertion assertNoEventDispatch;
+ ScriptForbiddenScope forbidScript;
+
removedChildren.reserveInitialCapacity(countChildren());
- while (m_firstChild) {
- removedChildren.append(m_firstChild);
- removeBetween(0, m_firstChild->nextSibling(), *m_firstChild);
+
+ while (RefPtrWillBeRawPtr<Node> child = m_firstChild) {
+ removeBetween(0, child->nextSibling(), *child);
+ removedChildren.append(child.get());
+ notifyNodeRemoved(*child);
}
}
childrenChanged(false, 0, 0, -static_cast<int>(removedChildren.size()));
-
- for (size_t i = 0; i < removedChildren.size(); ++i)
- notifyNodeRemoved(*removedChildren[i]);
}
dispatchSubtreeModifiedEvent();
@@ -651,11 +657,11 @@
ASSERT(!newChild->isDocumentFragment());
ASSERT(!isHTMLTemplateElement(this));
+ RefPtrWillBeRawPtr<Node> protect(this);
+
if (document() != newChild->document())
document().adoptNode(newChild.get(), ASSERT_NO_EXCEPTION);
- Node* last = m_lastChild;
-
{
NoEventDispatchAssertion assertNoEventDispatch;
ScriptForbiddenScope forbidScript;
@@ -666,11 +672,10 @@
ChildListMutationScope(*this).childAdded(*newChild);
}
- childrenChanged(true, last, 0, 1);
- notifyNodeInserted(*newChild);
+ notifyNodeInserted(*newChild, ChildrenChangeSourceParser);
}
-void ContainerNode::notifyNodeInserted(Node& root)
+void ContainerNode::notifyNodeInserted(Node& root, ChildrenChangeSource source)
{
ASSERT(!NoEventDispatchAssertion::isEventDispatchForbidden());
@@ -682,6 +687,14 @@
NodeVector postInsertionNotificationTargets;
notifyNodeInsertedInternal(root, postInsertionNotificationTargets);
+ // ShadowRoots are not real children, we don't need to tell host that it's
+ // children changed when one is added.
+ // FIXME: We should have a separate code path for ShadowRoot since it only
+ // needs to call insertedInto and the rest of this logic is not needed.
+ if (!root.isShadowRoot()) {
+ childrenChanged(source == ChildrenChangeSourceParser, root.previousSibling(), root.nextSibling(), 1);
+ }
+
for (size_t i = 0; i < postInsertionNotificationTargets.size(); ++i) {
Node* targetNode = postInsertionNotificationTargets[i].get();
if (targetNode->inDocument())
@@ -1093,8 +1106,6 @@
ChildListMutationScope(*this).childAdded(child);
- childrenChanged(false, child.previousSibling(), child.nextSibling(), 1);
-
notifyNodeInserted(child);
dispatchChildInsertionEvents(child);
« no previous file with comments | « LayoutTests/fast/dom/script-remove-child-id-map-expected.txt ('k') | Source/core/html/HTMLOptionElement.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698