Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(618)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: Source/core/html/HTMLElement.cpp

Issue 67813002: Protect contextElement during insertAdjacentHTML call (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: Created 7 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: Source/core/html/HTMLElement.cpp
diff --git a/Source/core/html/HTMLElement.cpp b/Source/core/html/HTMLElement.cpp
index 2500b8a53596aa222e187172cb7312d9e698b7ca..f23093fe80811e11fe7dbf2c8a48fc6e9ee347e5 100644
--- a/Source/core/html/HTMLElement.cpp
+++ b/Source/core/html/HTMLElement.cpp
@@ -526,6 +526,9 @@ void HTMLElement::insertAdjacentHTML(const String& where, const String& markup,
if (!contextElement)
return;
+ // Parsing can result in losing our last ref to contextElement when JS event handlers fire.
+ RefPtr<Element> protect = contextElement;
inferno 2013/11/10 09:10:46 Please define the contextElement as RefPtr itself,
davve 2013/11/10 20:02:13 OK.
+
RefPtr<DocumentFragment> fragment = createFragmentForInnerOuterHTML(markup, contextElement, AllowScriptingContent, "insertAdjacentHTML", es);
if (!fragment)
return;
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698