LibWeb: Don't crash in offset_parent() if no ancestor element found

The specification says the final step of this algorithm is to return
null. Previously, the browser would crash if the content of an iframe
was appended to the document before its offsetParent property was
queried.
This commit is contained in:
Tim Ledbetter 2024-02-29 21:53:58 +00:00 committed by Tim Flynn
parent 3da6916383
commit 5b4533cab8
Notes: sideshowbarker 2024-07-17 07:48:42 +09:00
3 changed files with 25 additions and 1 deletions

View File

@ -0,0 +1 @@
iframe offsetParent value: null

View File

@ -0,0 +1,22 @@
<!DOCTYPE html>
<script src="include.js"></script>
<script>
function offsetParentOfChildDocument() {
const frameDocument = document.querySelector("iframe").contentDocument;
const frameRoot = frameDocument.documentElement;
document.documentElement.append(frameRoot);
document.dispatchEvent(new CustomEvent("offsetParentCalled", { detail: { iframeOffsetParent: frameRoot.offsetParent }}));
}
asyncTest(done => {
document.addEventListener("offsetParentCalled", event => {
println(`iframe offsetParent value: ${event.detail.iframeOffsetParent}`);
done();
});
});
</script>
<iframe srcdoc="
<script>
window.parent.offsetParentOfChildDocument();
</script>
">

View File

@ -205,7 +205,8 @@ JS::GCPtr<DOM::Element> HTMLElement::offset_parent() const
return const_cast<Element*>(ancestor);
}
VERIFY_NOT_REACHED();
// 3. Return null.
return nullptr;
}
// https://www.w3.org/TR/cssom-view-1/#dom-htmlelement-offsettop