-
schenney@chromium.org authored
https://bugs.webkit.org/show_bug.cgi?id=83979 Reviewed by Nikolas Zimmermann. .: This test will crash upon load in Chromium, unless the associated fix is in. * ManualTests/bugzilla-83979.svg: Added. Source/WebCore: According to the SVG spec, there are numerous restrictions on the content of nodes (that is, their children). Specific to this problem, SVGFilter elements may only contain SVGFilterPrimitive elements, and those may only contain animation related elements. This patch enforces the restriction on filters in the render tree, thus preventing us from having (for instance) content that is inside a filter yet filtered by the filter. Manual test: ManualTests/bugzilla-83979.svg * svg/SVGFilterElement.cpp: (WebCore::SVGFilterElement::childShouldCreateRenderer): Added to only allow renderers for fe* children (WebCore): * svg/SVGFilterElement.h: (SVGFilterElement): * svg/SVGFilterPrimitiveStandardAttributes.h: Do not allow any children at all for fe* elements. (SVGFilterPrimitiveStandardAttributes): git-svn-id: http://svn.webkit.org/repository/webkit/trunk@116647 268f45cc-cd09-0410-ab3c-d52691b4dbfc
3c2c72bb