https://bugs.webkit.org/show_bug.cgi?id=50312
Reviewed by Alexey Proskuryakov.
Source/WebCore:
Removed the ASSERT and updated the comment.
Test: fast/frames/assert-on-insertedIntoDocument.html
* html/HTMLFrameElementBase.cpp:
(WebCore::HTMLFrameElementBase::insertedIntoDocument):
LayoutTests:
* fast/frames/assert-on-insertedIntoDocument-expected.txt: Added.
* fast/frames/assert-on-insertedIntoDocument.html: Added.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@105463
268f45cc-cd09-0410-ab3c-
d52691b4dbfc
+2012-01-19 Eric Seidel <eric@webkit.org>
+
+ Assertion failure in WebCore::HTMLFrameElementBase::insertedIntoDocument()
+ https://bugs.webkit.org/show_bug.cgi?id=50312
+
+ Reviewed by Alexey Proskuryakov.
+
+ * fast/frames/assert-on-insertedIntoDocument-expected.txt: Added.
+ * fast/frames/assert-on-insertedIntoDocument.html: Added.
+
2012-01-19 Alexey Proskuryakov <ap@apple.com>
[WK2] fast/url/degenerate-file-base.html fails
--- /dev/null
+
+PASS - this test did not ASSERT in debug mode.
--- /dev/null
+<body>
+<script>
+if (window.layoutTestController)
+ layoutTestController.dumpAsText();
+
+var subtree = document.createElement('div');
+var styleElement = document.createElement('style');
+styleElement.textContent = "iframe { border: 3px solid blue; }";
+subtree.appendChild(styleElement);
+subtree.appendChild(document.createElement('iframe'));
+document.body.appendChild(subtree);
+</script>
+<div>PASS - this test did not ASSERT in debug mode.</div>
+</body>
\ No newline at end of file
+2012-01-19 Eric Seidel <eric@webkit.org>
+
+ Assertion failure in WebCore::HTMLFrameElementBase::insertedIntoDocument()
+ https://bugs.webkit.org/show_bug.cgi?id=50312
+
+ Reviewed by Alexey Proskuryakov.
+
+ Removed the ASSERT and updated the comment.
+
+ Test: fast/frames/assert-on-insertedIntoDocument.html
+
+ * html/HTMLFrameElementBase.cpp:
+ (WebCore::HTMLFrameElementBase::insertedIntoDocument):
+
2012-01-19 James Robinson <jamesr@chromium.org>
[chromium] Remove CCLayerDelegate, add ContentLayerDelegate for painting
if (!document()->frame())
return;
- // Loads may cause synchronous javascript execution (e.g. beforeload or
- // src=javascript), which could try to access the renderer before the normal
- // parser machinery would call lazyAttach() and set us as needing style
- // resolve. Any code which expects this to be attached will resolve style
- // before using renderer(), so this will make sure we attach in time.
- // FIXME: Normally lazyAttach marks the renderer as attached(), but we don't
- // want to do that here, as as callers expect to call attach() right after
- // this and attach() will ASSERT(!attached())
- ASSERT(!renderer()); // This recalc is unecessary if we already have a renderer.
- lazyAttach(DoNotSetAttached);
+ // JavaScript in src=javascript: and beforeonload can access the renderer
+ // during attribute parsing *before* the normal parser machinery would
+ // attach the element. To support this, we lazyAttach here, but only
+ // if we don't already have a renderer (if we're inserted
+ // as part of a DocumentFragment, insertedIntoDocument from an earlier element
+ // could have forced a style resolve and already attached us).
+ if (!renderer())
+ lazyAttach(DoNotSetAttached);
setNameAndOpenURL();
}