LibWeb: Omit origin check for content document in FrameBox::paint()

Once we paint, it's way too late for this check to happen anyway.

Additionally, the spec's steps for retrieving the content document
assume that both the browsing context's active document and the
container's node document are non-null, which evidently isn't always the
case here, as seen by crashes on the SerenityOS 2nd and 3rd birthday
pages (I'm not sure about the details though).

Fixes #12565.
This commit is contained in:
Linus Groh 2022-02-16 22:51:25 +00:00
parent 27c30ca063
commit c7f8c20f8b
Notes: sideshowbarker 2024-07-17 18:39:34 +09:00
3 changed files with 9 additions and 1 deletions

View file

@ -60,4 +60,11 @@ const DOM::Document* BrowsingContextContainer::content_document() const
return document;
}
DOM::Document const* BrowsingContextContainer::content_document_without_origin_check() const
{
if (!m_nested_browsing_context)
return nullptr;
return m_nested_browsing_context->active_document();
}
}

View file

@ -19,6 +19,7 @@ public:
const BrowsingContext* nested_browsing_context() const { return m_nested_browsing_context; }
const DOM::Document* content_document() const;
DOM::Document const* content_document_without_origin_check() const;
virtual void inserted() override;

View file

@ -36,7 +36,7 @@ void FrameBox::paint(PaintContext& context, PaintPhase phase)
ReplacedBox::paint(context, phase);
if (phase == PaintPhase::Foreground) {
auto* hosted_document = dom_node().content_document();
auto* hosted_document = dom_node().content_document_without_origin_check();
if (!hosted_document)
return;
auto* hosted_layout_tree = hosted_document->layout_node();