Mirrors/servo
1
0
Fork 0
mirror of https://github.com/servo/servo.git synced 2025-06-21 15:49:04 +01:00
Code Issues Projects Releases Packages Wiki Activity

script: Stop trusting pointers to DOM nodes that layout provides.

Browse source 
Pointers to DOM nodes from layout could go stale if incremental reflow
does not correctly destroy dead nodes. Therefore, we ask the JavaScript
garbage collector to verify that each DOM node is indeed a valid pointer
before calling event handlers on it, and fail otherwise.
This commit is contained in:
Patrick Walton 2014-01-13 21:00:18 -08:00
parent 563d6ef91a
commit 7d447dbc06
8 changed files with 78 additions and 48 deletions
Download patch file Download diff file Expand all files Collapse all files

14
src/components/main/layout/layout_task.rs
View file

@ -29,7 +29,7 @@ use gfx::opts::Opts;
use gfx::render_task::{RenderMsg, RenderChan, RenderLayer};
use gfx::{render_task, color};
use script::dom::event::ReflowEvent;
use script::dom::node::{AbstractNode, ElementNodeTypeId, LayoutDataRef};
use script::dom::node::{ElementNodeTypeId, LayoutDataRef};
use script::dom::element::{HTMLBodyElementTypeId, HTMLHtmlElementTypeId};
use script::layout_interface::{AddStylesheetMsg, ContentBoxQuery};
use script::layout_interface::{ContentBoxesQuery, ContentBoxesResponse, ExitNowMsg, LayoutQuery};
@ -608,15 +608,9 @@ impl LayoutTask {
bounds.origin.x <= x &&
y < bounds.origin.y + bounds.size.height &&
bounds.origin.y <= y {
// FIXME(pcwalton): This `unsafe` block is too unsafe, since incorrect
// incremental flow construction could create this. Paranoid validation
// against the set of valid nodes should occur in the script task to
// ensure that this is a valid address instead of transmuting here.
let node: AbstractNode = unsafe {
item.base().extra.to_script_node()
};
let resp = Some(HitTestResponse(node));
return resp;
return Some(HitTestResponse(item.base()
.extra
.to_untrusted_node_address()))
}
}