Title: [231418] releases/WebKitGTK/webkit-2.20
- Revision
- 231418
- Author
- [email protected]
- Date
- 2018-05-07 01:26:42 -0700 (Mon, 07 May 2018)
Log Message
Merge r229505 - Turn off offset*/scroll* optimization for input elements with shadow content
https://bugs.webkit.org/show_bug.cgi?id=182383
<rdar://problem/37114190>
Reviewed by Antti Koivisto.
Source/WebCore:
We normally ensure clean tree before calling offsetHeight/Width, scrollHeight/Width.
In certain cases (see updateLayoutIfDimensionsOutOfDate() for details), it's okay to return
the previously computed values even when some part of the tree is dirty.
In case of shadow content, updateLayoutIfDimensionsOutOfDate() might return false (no need to layout)
for the root, while true (needs layout) for the shadow content.
This could confuse the caller (Element::scrollWidth/Height etc) and lead to incorrect result.
Test: fast/forms/scrollheight-with-mutation-crash.html
* dom/Document.cpp:
(WebCore::Document::updateLayoutIfDimensionsOutOfDate):
LayoutTests:
* fast/forms/scrollheight-with-mutation-crash-expected.txt: Added.
* fast/forms/scrollheight-with-mutation-crash.html: Added.
Modified Paths
Added Paths
Diff
Modified: releases/WebKitGTK/webkit-2.20/LayoutTests/ChangeLog (231417 => 231418)
--- releases/WebKitGTK/webkit-2.20/LayoutTests/ChangeLog 2018-05-07 08:26:36 UTC (rev 231417)
+++ releases/WebKitGTK/webkit-2.20/LayoutTests/ChangeLog 2018-05-07 08:26:42 UTC (rev 231418)
@@ -1,3 +1,14 @@
+2018-03-09 Zalan Bujtas <[email protected]>
+
+ Turn off offset*/scroll* optimization for input elements with shadow content
+ https://bugs.webkit.org/show_bug.cgi?id=182383
+ <rdar://problem/37114190>
+
+ Reviewed by Antti Koivisto.
+
+ * fast/forms/scrollheight-with-mutation-crash-expected.txt: Added.
+ * fast/forms/scrollheight-with-mutation-crash.html: Added.
+
2018-04-10 Wenson Hsieh <[email protected]>
FrameSelection::appearanceUpdateTimerFired should be robust against layout passes underneath it
Added: releases/WebKitGTK/webkit-2.20/LayoutTests/fast/forms/scrollheight-with-mutation-crash-expected.txt (0 => 231418)
--- releases/WebKitGTK/webkit-2.20/LayoutTests/fast/forms/scrollheight-with-mutation-crash-expected.txt (rev 0)
+++ releases/WebKitGTK/webkit-2.20/LayoutTests/fast/forms/scrollheight-with-mutation-crash-expected.txt 2018-05-07 08:26:42 UTC (rev 231418)
@@ -0,0 +1 @@
+PASS if no crash.
Added: releases/WebKitGTK/webkit-2.20/LayoutTests/fast/forms/scrollheight-with-mutation-crash.html (0 => 231418)
--- releases/WebKitGTK/webkit-2.20/LayoutTests/fast/forms/scrollheight-with-mutation-crash.html (rev 0)
+++ releases/WebKitGTK/webkit-2.20/LayoutTests/fast/forms/scrollheight-with-mutation-crash.html 2018-05-07 08:26:42 UTC (rev 231418)
@@ -0,0 +1,20 @@
+<style>
+input:enabled {
+ content: url(#foo);
+ width: 10vmin;
+}
+
+keygen {
+ -webkit-transform: scale(12, 125);
+}
+</style>
+PASS if no crash.
+<keygen id=keygen>
+<input id=input type="search">
+<script>
+if (window.testRunner)
+ testRunner.dumpAsText();
+document.body.offsetHeight;
+keygen.remove();
+input.scrollHeight;
+</script>
Modified: releases/WebKitGTK/webkit-2.20/Source/WebCore/ChangeLog (231417 => 231418)
--- releases/WebKitGTK/webkit-2.20/Source/WebCore/ChangeLog 2018-05-07 08:26:36 UTC (rev 231417)
+++ releases/WebKitGTK/webkit-2.20/Source/WebCore/ChangeLog 2018-05-07 08:26:42 UTC (rev 231418)
@@ -1,3 +1,23 @@
+2018-03-09 Zalan Bujtas <[email protected]>
+
+ Turn off offset*/scroll* optimization for input elements with shadow content
+ https://bugs.webkit.org/show_bug.cgi?id=182383
+ <rdar://problem/37114190>
+
+ Reviewed by Antti Koivisto.
+
+ We normally ensure clean tree before calling offsetHeight/Width, scrollHeight/Width.
+ In certain cases (see updateLayoutIfDimensionsOutOfDate() for details), it's okay to return
+ the previously computed values even when some part of the tree is dirty.
+ In case of shadow content, updateLayoutIfDimensionsOutOfDate() might return false (no need to layout)
+ for the root, while true (needs layout) for the shadow content.
+ This could confuse the caller (Element::scrollWidth/Height etc) and lead to incorrect result.
+
+ Test: fast/forms/scrollheight-with-mutation-crash.html
+
+ * dom/Document.cpp:
+ (WebCore::Document::updateLayoutIfDimensionsOutOfDate):
+
2018-04-17 Michael Catanzaro <[email protected]>
[GTK] Webkit should spoof as Safari on a Mac for Outlook.com
Modified: releases/WebKitGTK/webkit-2.20/Source/WebCore/dom/Document.cpp (231417 => 231418)
--- releases/WebKitGTK/webkit-2.20/Source/WebCore/dom/Document.cpp 2018-05-07 08:26:36 UTC (rev 231417)
+++ releases/WebKitGTK/webkit-2.20/Source/WebCore/dom/Document.cpp 2018-05-07 08:26:42 UTC (rev 231418)
@@ -2078,6 +2078,10 @@
requireFullLayout = true;
}
+ // Turn off this optimization for input elements with shadow content.
+ if (is<HTMLInputElement>(element))
+ requireFullLayout = true;
+
bool isVertical = renderer && !renderer->isHorizontalWritingMode();
bool checkingLogicalWidth = ((dimensionsCheck & WidthDimensionsCheck) && !isVertical) || ((dimensionsCheck & HeightDimensionsCheck) && isVertical);
bool checkingLogicalHeight = ((dimensionsCheck & HeightDimensionsCheck) && !isVertical) || ((dimensionsCheck & WidthDimensionsCheck) && isVertical);
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
