From b7512deada35f028348c399e70ce7412d41998f9 Mon Sep 17 00:00:00 2001 From: Shannon Booth Date: Sun, 19 Jan 2025 12:35:13 +1300 Subject: [PATCH] LibWeb/SVG: Fix crash when SVG use element is used on an external SVG We were previously crashing when invoking 'scroll to the fragment' on such documents as it was unable to find the active document. This is as a result of our AD-HOC implementation not setting up the document fully to mark it is active before running the parser. Fixes a crash on https://tweakers.net. --- Libraries/LibWeb/SVG/SVGDecodedImageData.cpp | 6 +++++- Tests/LibWeb/Layout/data/svg-with-id.svg | 3 +++ .../expected/svg/svg-use-element-crashtest.txt | 17 +++++++++++++++++ .../input/svg/svg-use-element-crashtest.html | 3 +++ 4 files changed, 28 insertions(+), 1 deletion(-) create mode 100644 Tests/LibWeb/Layout/data/svg-with-id.svg create mode 100644 Tests/LibWeb/Layout/expected/svg/svg-use-element-crashtest.txt create mode 100644 Tests/LibWeb/Layout/input/svg/svg-use-element-crashtest.html diff --git a/Libraries/LibWeb/SVG/SVGDecodedImageData.cpp b/Libraries/LibWeb/SVG/SVGDecodedImageData.cpp index 9b5e347997b..ba63721aef5 100644 --- a/Libraries/LibWeb/SVG/SVGDecodedImageData.cpp +++ b/Libraries/LibWeb/SVG/SVGDecodedImageData.cpp @@ -13,6 +13,8 @@ #include #include #include +#include +#include #include #include #include @@ -44,10 +46,12 @@ ErrorOr> SVGDecodedImageData::create(JS::Realm& rea navigation_params->opener_policy = HTML::OpenerPolicy {}; // FIXME: Use Navigable::navigate() instead of manually replacing the navigable's document. - auto document = DOM::Document::create_and_initialize(DOM::Document::Type::HTML, "text/html"_string, navigation_params).release_value_but_fixme_should_propagate_errors(); + auto document = MUST(DOM::Document::create_and_initialize(DOM::Document::Type::HTML, "text/html"_string, navigation_params)); navigable->set_ongoing_navigation({}); navigable->active_document()->destroy(); navigable->active_session_history_entry()->document_state()->set_document(document); + auto& window = verify_cast(HTML::relevant_global_object(document)); + document->browsing_context()->window_proxy()->set_window(window); auto parser = HTML::HTMLParser::create_with_uncertain_encoding(document, data); parser->run(document->url()); diff --git a/Tests/LibWeb/Layout/data/svg-with-id.svg b/Tests/LibWeb/Layout/data/svg-with-id.svg new file mode 100644 index 00000000000..95994a03d60 --- /dev/null +++ b/Tests/LibWeb/Layout/data/svg-with-id.svg @@ -0,0 +1,3 @@ + + + \ No newline at end of file diff --git a/Tests/LibWeb/Layout/expected/svg/svg-use-element-crashtest.txt b/Tests/LibWeb/Layout/expected/svg/svg-use-element-crashtest.txt new file mode 100644 index 00000000000..ae014b01aae --- /dev/null +++ b/Tests/LibWeb/Layout/expected/svg/svg-use-element-crashtest.txt @@ -0,0 +1,17 @@ +Viewport <#document> at (0,0) content-size 800x600 children: not-inline + BlockContainer at (0,0) content-size 800x600 [BFC] children: not-inline + BlockContainer at (8,8) content-size 784x150 children: inline + frag 0 from SVGSVGBox start: 0, length: 0, rect: [8,8 300x150] baseline: 150 + SVGSVGBox at (8,8) content-size 300x150 [SVG] children: inline + TextNode <#text> + SVGGraphicsBox at (8,8) content-size 300x150 children: not-inline + SVGGraphicsBox at (8,8) content-size 300x150 [BFC] children: not-inline + TextNode <#text> + TextNode <#text> + +ViewportPaintable (Viewport<#document>) [0,0 800x600] + PaintableWithLines (BlockContainer) [0,0 800x600] + PaintableWithLines (BlockContainer) [8,8 784x150] + SVGSVGPaintable (SVGSVGBox) [8,8 300x150] + SVGGraphicsPaintable (SVGGraphicsBox) [8,8 300x150] + SVGGraphicsPaintable (SVGGraphicsBox#myid) [8,8 300x150] diff --git a/Tests/LibWeb/Layout/input/svg/svg-use-element-crashtest.html b/Tests/LibWeb/Layout/input/svg/svg-use-element-crashtest.html new file mode 100644 index 00000000000..ba6d46f370c --- /dev/null +++ b/Tests/LibWeb/Layout/input/svg/svg-use-element-crashtest.html @@ -0,0 +1,3 @@ + + +