-
https://webkit.org/b/119969antti@apple.com authored
Source/WebCore: Reviewed by Andreas Kling. PseudoElement no longer has parent and calling Element::insertedInto for them crashes as it tries to access it. Normally there are no pseudo elements when Element::insertedInto() is invoked as they get detached and attached along with rendering. However in this case the page inserts a <style> that uses ::before along with an element that it applies to. Stylesheet insertion triggers synchronous style recalc that attaches rendering to all newly insered elements. Later Element::insertedInto gets called for the element that has pseudo element and we crash. Test: fast/css-generated-content/insert-stylesheet-and-pseudo-crash.html * dom/Element.cpp: (WebCore::Element::insertedInto): (WebCore::Element::removedFrom): Remove calls to insertedInto/removedFrom for pseudo elements. They are not considered to be in document. When they are added normally during render tree attach these calls don't happen either. LayoutTests: Reviewed by Andreas Kling. * fast/css-generated-content/insert-stylesheet-and-pseudo-crash-expected.txt: Added. * fast/css-generated-content/insert-stylesheet-and-pseudo-crash.html: Added. git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154320 268f45cc-cd09-0410-ab3c-d52691b4dbfc3cf260a2
