Fix crashes in GC creating a document fragment on a background thread
https://bugs.webkit.org/show_bug.cgi?id=175111
Patch by Sam Weinig <sam@webkit.org> on 2017-08-02
Reviewed by Chris Dumez.
r220095 (https://webkit.org/b/175006) change JSHTMLTemplateElement from using a
private name + property to manager the lifetime of the reference DocumentFragment
to using the idiomatic visitAdditionalChildren. Unfortunately, the function to access
the DocumentFragment lazily creates it. If this lazy creation happens on a GC thread,
badness ensues. This introduces an accessor that returns the DocumentFragment if it
has been created or null if it has not.
* bindings/js/JSHTMLTemplateElementCustom.cpp:
(WebCore::JSHTMLTemplateElement::visitAdditionalChildren):
* html/HTMLTemplateElement.cpp:
(WebCore::HTMLTemplateElement::contentIfAvailable):
* html/HTMLTemplateElement.h:
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@220177
268f45cc-cd09-0410-ab3c-
d52691b4dbfc
git://git.webkit.org / WebKit-https.git / commit