-
inferno@chromium.org authored
https://bugs.webkit.org/show_bug.cgi?id=82159 Reviewed by Hajime Morita. Source/WebCore: Test: plugins/object-onfocus-mutation-crash.html * dom/ContainerNode.cpp: (WebCore::ContainerNode::resumePostAttachCallbacks): dispatching post attach callbacks when our attach depth is 1 can fire mutation events such as onfocus which can blow away |this|. Need to protect it with a RefPtr. * html/HTMLPlugInImageElement.cpp: (WebCore::HTMLPlugInImageElement::attach): add calls to suspend attach callbacks until the function completes. LayoutTests: * plugins/object-onfocus-mutation-crash-expected.txt: Added. * plugins/object-onfocus-mutation-crash.html: Added. git-svn-id: http://svn.webkit.org/repository/webkit/trunk@112051 268f45cc-cd09-0410-ab3c-d52691b4dbfc
ed38f84f