This commit <http://trac.webkit.org/changeset/111387> broke an internal client of CSSImageValue. <rdar://problem/11305710>
Created attachment 140025 [details] Patçh
Comment on attachment 140025 [details] Patçh View in context: https://bugs.webkit.org/attachment.cgi?id=140025&action=review > Source/WebCore/css/CSSImageValue.cpp:114 > + if (!m_cssomWrapper) > + m_cssomWrapper = CSSPrimitiveValue::create(m_url, CSSPrimitiveValue::CSS_URI); > + return m_cssomWrapper; This will need to have m_isCSSOMSafe bit set or you will hit assert.
Comment on attachment 140025 [details] Patçh View in context: https://bugs.webkit.org/attachment.cgi?id=140025&action=review > Source/WebCore/css/CSSImageValue.h:62 > + mutable RefPtr<CSSValue> m_cssomWrapper; We don't cache the value wrapper to the underlying value elsewhere. This shouldn't be necessary as we have CSSStyleDeclaration level cache for keeping the identity.
Created attachment 140042 [details] Patch v2
Comment on attachment 140042 [details] Patch v2 View in context: https://bugs.webkit.org/attachment.cgi?id=140042&action=review r=me > Source/WebCore/css/CSSImageValue.cpp:114 > + RefPtr<CSSPrimitiveValue> uriValue = CSSPrimitiveValue::create(m_url, CSSPrimitiveValue::CSS_URI); > + uriValue->setCSSOMSafe(); > + return uriValue.release(); This could use a comment about why CSSImageValue gets turned into CSSPrimitiveValue.
Committed r115991: <http://trac.webkit.org/changeset/115991>