Accessibility code assumes an area element's parent is a map element
authorrniwa@webkit.org <rniwa@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 12 Jun 2013 19:52:04 +0000 (19:52 +0000)
committerrniwa@webkit.org <rniwa@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 12 Jun 2013 19:52:04 +0000 (19:52 +0000)
commite280515e73078a224ca50adf1d96f4795cd341d4
treef49a7b92f3602844f73d6e31a6842ee0dde6dc9d
parent2a26c49d3d728d9f533556cc99dcc50c0eb818c7
Accessibility code assumes an area element's parent is a map element
https://bugs.webkit.org/show_bug.cgi?id=117496

Reviewed by Chris Fleizach.

Source/WebCore:

We can't make such an assumption. Scripts can insert any element between area and map elements.

Merge https://chromium.googlesource.com/chromium/blink/+/b6f486284f08c52904701c93e1ec0b7d6e76af9f.

Test: accessibility/image-map-with-indirect-area-crash.html

* accessibility/AccessibilityRenderObject.cpp:
(WebCore::AccessibilityRenderObject::accessibilityImageMapHitTest):

LayoutTests:

Add a regression test from https://chromium.googlesource.com/chromium/blink/+/b6f486284f08c52904701c93e1ec0b7d6e76af9f.

* accessibility/image-map-with-indirect-area-crash-expected.txt: Added.
* accessibility/image-map-with-indirect-area-crash.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@151519 268f45cc-cd09-0410-ab3c-d52691b4dbfc
LayoutTests/ChangeLog
LayoutTests/accessibility/image-map-with-indirect-area-crash-expected.txt [new file with mode: 0644]
LayoutTests/accessibility/image-map-with-indirect-area-crash.html [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/accessibility/AccessibilityRenderObject.cpp