Bug 163849
| Summary: | [Render Tree Mutation] Immutable render tree during layout. | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | alan baradlay <zalan> |
| Component: | Layout and Rendering | Assignee: | alan baradlay <zalan> |
| Status: | NEW | ||
| Severity: | Normal | CC: | dbates, fred.wang, hyatt, joone, koivisto, simon.fraser |
| Priority: | P2 | ||
| Version: | WebKit Nightly Build | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Bug Depends on: | 163848 | ||
| Bug Blocks: | |||
alan baradlay
We've learned in the past that mutating the render tree during layout could lead to use-after-free type of security issues. We should try to transfer tree mutation logic from layout time to after style resolve time.
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |