script: Stop trusting pointers to DOM nodes that layout provides.

Pointers to DOM nodes from layout could go stale if incremental reflow does not correctly destroy dead nodes. Therefore, we ask the JavaScript garbage collector to verify that each DOM node is indeed a valid pointer before calling event handlers on it, and fail otherwise.
author: Patrick Walton <pcwalton@mimiga.net> 2014-01-13 21:00:18 -0800
committer: Patrick Walton <pcwalton@mimiga.net> 2014-01-14 21:51:24 -0800
commit: 7d447dbc062429b97d75bebd6fdea7878fbd049d (patch)
tree: 5903ac1ee64a8a9edf6cf4308daad8a96b5186cf /src/components/main/layout/layout_task.rs
parent: 563d6ef91a43a4ebefb87281db7e4813d2afcee6 (diff)
download: servo-7d447dbc062429b97d75bebd6fdea7878fbd049d.tar.gz
servo-7d447dbc062429b97d75bebd6fdea7878fbd049d.zip
1 files changed, 4 insertions, 10 deletions
diff --git a/src/components/main/layout/layout_task.rs b/src/components/main/layout/layout_task.rs
index 1810ff38772..7b2dbfe1014 100644
--- a/src/components/main/layout/layout_task.rs
+++ b/src/components/main/layout/layout_task.rs
@@ -29,7 +29,7 @@ use gfx::opts::Opts;
 use gfx::render_task::{RenderMsg, RenderChan, RenderLayer};
 use gfx::{render_task, color};
 use script::dom::event::ReflowEvent;
-use script::dom::node::{AbstractNode, ElementNodeTypeId, LayoutDataRef};
+use script::dom::node::{ElementNodeTypeId, LayoutDataRef};
 use script::dom::element::{HTMLBodyElementTypeId, HTMLHtmlElementTypeId};
 use script::layout_interface::{AddStylesheetMsg, ContentBoxQuery};
 use script::layout_interface::{ContentBoxesQuery, ContentBoxesResponse, ExitNowMsg, LayoutQuery};
@@ -608,15 +608,9 @@ impl LayoutTask {
                                 bounds.origin.x <= x &&
                                 y < bounds.origin.y + bounds.size.height &&
                                 bounds.origin.y <= y {
-                            // FIXME(pcwalton): This `unsafe` block is too unsafe, since incorrect
-                            // incremental flow construction could create this. Paranoid validation
-                            // against the set of valid nodes should occur in the script task to
-                            // ensure that this is a valid address instead of transmuting here.
-                            let node: AbstractNode = unsafe {
-                                item.base().extra.to_script_node()
-                            };
-                            let resp = Some(HitTestResponse(node));
-                            return resp;
+                            return Some(HitTestResponse(item.base()
+                                                            .extra
+                                                            .to_untrusted_node_address()))
                         }
                     }
author	Patrick Walton <pcwalton@mimiga.net>	2014-01-13 21:00:18 -0800
committer	Patrick Walton <pcwalton@mimiga.net>	2014-01-14 21:51:24 -0800
commit	7d447dbc062429b97d75bebd6fdea7878fbd049d (patch)
tree	5903ac1ee64a8a9edf6cf4308daad8a96b5186cf /src/components/main/layout/layout_task.rs
parent	563d6ef91a43a4ebefb87281db7e4813d2afcee6 (diff)
download	servo-7d447dbc062429b97d75bebd6fdea7878fbd049d.tar.gz servo-7d447dbc062429b97d75bebd6fdea7878fbd049d.zip