<rdar://problem/6302405> Crash (null-deref) when using :before pseudoselector with...
authoroliver@apple.com <oliver@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 11 Dec 2008 22:33:51 +0000 (22:33 +0000)
committeroliver@apple.com <oliver@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 11 Dec 2008 22:33:51 +0000 (22:33 +0000)
commit847b00f6d52146ff42b9f0fba13ab3490e5e23cd
tree57376e3fa42adc987c346bb04d3cf72629e82b08
parent3e9bbf179aa0e85d4f3e3ce39e7137f6e98df5a2
<rdar://problem/6302405> Crash (null-deref) when using :before pseudoselector with content CSS rule in SVG
<https://bugs.webkit.org/show_bug.cgi?id=22804>

Reviewed by Adele Peterson.

This issue was caused by css generated content resulting in non-svg flowboxes
being injected into SVG content.  As SVG spec does not describe behaviour in
this case, and neither Opera nor Firefox displays such generated content, so
now we make svg text layout and rendering just ignore any such content.

Test: svg/css/crash-css-generated-content.xhtml

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@39218 268f45cc-cd09-0410-ab3c-d52691b4dbfc
LayoutTests/ChangeLog
LayoutTests/svg/css/crash-css-generated-content-expected.txt [new file with mode: 0644]
LayoutTests/svg/css/crash-css-generated-content.xhtml [new file with mode: 0644]
WebCore/ChangeLog
WebCore/rendering/SVGRootInlineBox.cpp