Diff
Modified: trunk/LayoutTests/ChangeLog (232122 => 232123)
--- trunk/LayoutTests/ChangeLog 2018-05-23 20:02:37 UTC (rev 232122)
+++ trunk/LayoutTests/ChangeLog 2018-05-23 20:22:18 UTC (rev 232123)
@@ -1,3 +1,17 @@
+2018-05-23 Chris Dumez <[email protected]>
+
+ RenderLayer::scrollRectToVisible() should not propagate a subframe's scroll to its cross-origin parent
+ https://bugs.webkit.org/show_bug.cgi?id=185664
+ <rdar://problem/36185260>
+
+ Reviewed by Simon Fraser.
+
+ Add layout test coverage.
+
+ * http/tests/navigation/fragment-navigation-cross-origin-subframe-no-scrolling-parent-expected.txt: Added.
+ * http/tests/navigation/fragment-navigation-cross-origin-subframe-no-scrolling-parent.html: Added.
+ * http/tests/navigation/resources/clear-fragment.html: Added.
+
2018-05-23 Youenn Fablet <[email protected]>
NetworkLoadChecker should check cached redirections
Added: trunk/LayoutTests/http/tests/navigation/fragment-navigation-cross-origin-subframe-no-scrolling-parent-expected.txt (0 => 232123)
--- trunk/LayoutTests/http/tests/navigation/fragment-navigation-cross-origin-subframe-no-scrolling-parent-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/navigation/fragment-navigation-cross-origin-subframe-no-scrolling-parent-expected.txt 2018-05-23 20:22:18 UTC (rev 232123)
@@ -0,0 +1,10 @@
+Tests that a fragment navigation in a cross-origin subframe does not scroll its parent.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS window.scrollY is 0
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
Added: trunk/LayoutTests/http/tests/navigation/fragment-navigation-cross-origin-subframe-no-scrolling-parent.html (0 => 232123)
--- trunk/LayoutTests/http/tests/navigation/fragment-navigation-cross-origin-subframe-no-scrolling-parent.html (rev 0)
+++ trunk/LayoutTests/http/tests/navigation/fragment-navigation-cross-origin-subframe-no-scrolling-parent.html 2018-05-23 20:22:18 UTC (rev 232123)
@@ -0,0 +1,20 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script src=""
+</head>
+<body>
+<script>
+description("Tests that a fragment navigation in a cross-origin subframe does not scroll its parent.");
+jsTestIsAsync = true;
+
+_onload_ = () => {
+ setTimeout(function() {
+ shouldBe("window.scrollY", "0");
+ finishJSTest();
+ }, 0);
+}
+</script>
+<iframe src="" style="position: relative; top: 800px;"></iframe>
+</body>
+</html>
Added: trunk/LayoutTests/http/tests/navigation/resources/clear-fragment.html (0 => 232123)
--- trunk/LayoutTests/http/tests/navigation/resources/clear-fragment.html (rev 0)
+++ trunk/LayoutTests/http/tests/navigation/resources/clear-fragment.html 2018-05-23 20:22:18 UTC (rev 232123)
@@ -0,0 +1,12 @@
+<!DOCTYPE html>
+<html>
+<body>
+<script>
+document.location.hash = '';
+</script>
+<div id="test">TEST</div>
+<script>
+test.offsetHeight;
+</script>
+</body>
+</html>
Modified: trunk/Source/WebCore/ChangeLog (232122 => 232123)
--- trunk/Source/WebCore/ChangeLog 2018-05-23 20:02:37 UTC (rev 232122)
+++ trunk/Source/WebCore/ChangeLog 2018-05-23 20:22:18 UTC (rev 232123)
@@ -1,3 +1,37 @@
+2018-05-23 Chris Dumez <[email protected]>
+
+ RenderLayer::scrollRectToVisible() should not propagate a subframe's scroll to its cross-origin parent
+ https://bugs.webkit.org/show_bug.cgi?id=185664
+ <rdar://problem/36185260>
+
+ Reviewed by Simon Fraser.
+
+ RenderLayer::scrollRectToVisible() should not propagate a subframe's scroll to its
+ cross-origin parent. There was logic in FrameLoader::scrollToFragmentWithParentBoundary()
+ to temporarily set the 'safeToPropagateScrollToParent' flag to false on the cross-origin
+ ancestor frame during the call to FrameView::scrollToFragment(). This would correctly
+ prevent RenderLayer::scrollRectToVisible() to propagate the scroll to the cross-origin
+ ancestor frame when scrollRectToVisible() is called synchronously. However,
+ scrollRectToVisible() can get called asynchronously in case of a dirty layout, as part
+ of the post layout tasks.
+
+ To address the issue, we get rid of the safeToPropagateScrollToParent flag on FrameView
+ and instead update FrameView::safeToPropagateScrollToParent() to do the cross-origin
+ check. FrameView::safeToPropagateScrollToParent() is called by RenderLayer::scrollRectToVisible()
+ and this is a lot more robust than relying on a flag which gets temporarily set.
+
+ Test: http/tests/navigation/fragment-navigation-cross-origin-subframe-no-scrolling-parent.html
+
+ * dom/Document.cpp:
+ * dom/Document.h:
+ * loader/FrameLoader.cpp:
+ (WebCore::FrameLoader::scrollToFragmentWithParentBoundary):
+ * page/FrameView.cpp:
+ (WebCore::FrameView::FrameView):
+ (WebCore::FrameView::reset):
+ (WebCore::FrameView::safeToPropagateScrollToParent const):
+ * page/FrameView.h:
+
2018-05-23 Youenn Fablet <[email protected]>
NetworkLoadChecker should check cached redirections
Modified: trunk/Source/WebCore/accessibility/AccessibilityObject.cpp (232122 => 232123)
--- trunk/Source/WebCore/accessibility/AccessibilityObject.cpp 2018-05-23 20:02:37 UTC (rev 232122)
+++ trunk/Source/WebCore/accessibility/AccessibilityObject.cpp 2018-05-23 20:22:18 UTC (rev 232123)
@@ -2984,7 +2984,7 @@
parentObject()->scrollToMakeVisible();
if (auto* renderer = this->renderer())
- renderer->scrollRectToVisible(SelectionRevealMode::Reveal, boundingBoxRect(), false, ScrollAlignment::alignCenterIfNotVisible, ScrollAlignment::alignCenterIfNotVisible);
+ renderer->scrollRectToVisible(SelectionRevealMode::Reveal, boundingBoxRect(), false, ScrollAlignment::alignCenterIfNotVisible, ScrollAlignment::alignCenterIfNotVisible, ShouldAllowCrossOriginScrolling::Yes);
}
void AccessibilityObject::scrollToMakeVisibleWithSubFocus(const IntRect& subfocus) const
Modified: trunk/Source/WebCore/dom/Document.cpp (232122 => 232123)
--- trunk/Source/WebCore/dom/Document.cpp 2018-05-23 20:02:37 UTC (rev 232122)
+++ trunk/Source/WebCore/dom/Document.cpp 2018-05-23 20:22:18 UTC (rev 232123)
@@ -3264,23 +3264,6 @@
return false;
}
-Frame* Document::findUnsafeParentScrollPropagationBoundary()
-{
- Frame* currentFrame = m_frame;
- if (!currentFrame)
- return nullptr;
-
- Frame* ancestorFrame = currentFrame->tree().parent();
-
- while (ancestorFrame) {
- if (!ancestorFrame->document()->securityOrigin().canAccess(securityOrigin()))
- return currentFrame;
- currentFrame = ancestorFrame;
- ancestorFrame = ancestorFrame->tree().parent();
- }
- return nullptr;
-}
-
void Document::didRemoveAllPendingStylesheet()
{
if (auto* parser = scriptableDocumentParser())
Modified: trunk/Source/WebCore/dom/Document.h (232122 => 232123)
--- trunk/Source/WebCore/dom/Document.h 2018-05-23 20:02:37 UTC (rev 232122)
+++ trunk/Source/WebCore/dom/Document.h 2018-05-23 20:22:18 UTC (rev 232123)
@@ -676,7 +676,6 @@
SocketProvider* socketProvider() final;
bool canNavigate(Frame* targetFrame);
- Frame* findUnsafeParentScrollPropagationBoundary();
bool usesStyleBasedEditability() const;
void setHasElementUsingStyleBasedEditability();
Modified: trunk/Source/WebCore/dom/Element.cpp (232122 => 232123)
--- trunk/Source/WebCore/dom/Element.cpp 2018-05-23 20:02:37 UTC (rev 232122)
+++ trunk/Source/WebCore/dom/Element.cpp 2018-05-23 20:22:18 UTC (rev 232123)
@@ -655,9 +655,9 @@
LayoutRect absoluteBounds = renderer()->absoluteAnchorRect(&insideFixed);
// Align to the top / bottom and to the closest edge.
if (alignToTop)
- renderer()->scrollRectToVisible(SelectionRevealMode::Reveal, absoluteBounds, insideFixed, ScrollAlignment::alignToEdgeIfNeeded, ScrollAlignment::alignTopAlways);
+ renderer()->scrollRectToVisible(SelectionRevealMode::Reveal, absoluteBounds, insideFixed, ScrollAlignment::alignToEdgeIfNeeded, ScrollAlignment::alignTopAlways, ShouldAllowCrossOriginScrolling::No);
else
- renderer()->scrollRectToVisible(SelectionRevealMode::Reveal, absoluteBounds, insideFixed, ScrollAlignment::alignToEdgeIfNeeded, ScrollAlignment::alignBottomAlways);
+ renderer()->scrollRectToVisible(SelectionRevealMode::Reveal, absoluteBounds, insideFixed, ScrollAlignment::alignToEdgeIfNeeded, ScrollAlignment::alignBottomAlways, ShouldAllowCrossOriginScrolling::No);
}
void Element::scrollIntoViewIfNeeded(bool centerIfNeeded)
@@ -670,9 +670,9 @@
bool insideFixed;
LayoutRect absoluteBounds = renderer()->absoluteAnchorRect(&insideFixed);
if (centerIfNeeded)
- renderer()->scrollRectToVisible(SelectionRevealMode::Reveal, absoluteBounds, insideFixed, ScrollAlignment::alignCenterIfNeeded, ScrollAlignment::alignCenterIfNeeded);
+ renderer()->scrollRectToVisible(SelectionRevealMode::Reveal, absoluteBounds, insideFixed, ScrollAlignment::alignCenterIfNeeded, ScrollAlignment::alignCenterIfNeeded, ShouldAllowCrossOriginScrolling::No);
else
- renderer()->scrollRectToVisible(SelectionRevealMode::Reveal, absoluteBounds, insideFixed, ScrollAlignment::alignToEdgeIfNeeded, ScrollAlignment::alignToEdgeIfNeeded);
+ renderer()->scrollRectToVisible(SelectionRevealMode::Reveal, absoluteBounds, insideFixed, ScrollAlignment::alignToEdgeIfNeeded, ScrollAlignment::alignToEdgeIfNeeded, ShouldAllowCrossOriginScrolling::No);
}
void Element::scrollIntoViewIfNotVisible(bool centerIfNotVisible)
@@ -685,9 +685,9 @@
bool insideFixed;
LayoutRect absoluteBounds = renderer()->absoluteAnchorRect(&insideFixed);
if (centerIfNotVisible)
- renderer()->scrollRectToVisible(SelectionRevealMode::Reveal, absoluteBounds, insideFixed, ScrollAlignment::alignCenterIfNotVisible, ScrollAlignment::alignCenterIfNotVisible);
+ renderer()->scrollRectToVisible(SelectionRevealMode::Reveal, absoluteBounds, insideFixed, ScrollAlignment::alignCenterIfNotVisible, ScrollAlignment::alignCenterIfNotVisible, ShouldAllowCrossOriginScrolling::No);
else
- renderer()->scrollRectToVisible(SelectionRevealMode::Reveal, absoluteBounds, insideFixed, ScrollAlignment::alignToEdgeIfNotVisible, ScrollAlignment::alignToEdgeIfNotVisible);
+ renderer()->scrollRectToVisible(SelectionRevealMode::Reveal, absoluteBounds, insideFixed, ScrollAlignment::alignToEdgeIfNotVisible, ScrollAlignment::alignToEdgeIfNotVisible, ShouldAllowCrossOriginScrolling::No);
}
void Element::scrollBy(const ScrollToOptions& options)
Modified: trunk/Source/WebCore/editing/FrameSelection.cpp (232122 => 232123)
--- trunk/Source/WebCore/editing/FrameSelection.cpp 2018-05-23 20:02:37 UTC (rev 232122)
+++ trunk/Source/WebCore/editing/FrameSelection.cpp 2018-05-23 20:22:18 UTC (rev 232123)
@@ -2363,7 +2363,7 @@
if (RenderLayer* layer = start.deprecatedNode()->renderer()->enclosingLayer()) {
if (!m_scrollingSuppressCount) {
layer->setAdjustForIOSCaretWhenScrolling(true);
- layer->scrollRectToVisible(revealMode, rect, insideFixed, alignment, alignment);
+ layer->scrollRectToVisible(revealMode, rect, insideFixed, alignment, alignment, ShouldAllowCrossOriginScrolling::Yes);
layer->setAdjustForIOSCaretWhenScrolling(false);
updateAppearance();
if (m_frame->page())
@@ -2374,7 +2374,7 @@
// FIXME: This code only handles scrolling the startContainer's layer, but
// the selection rect could intersect more than just that.
// See <rdar://problem/4799899>.
- if (start.deprecatedNode()->renderer()->scrollRectToVisible(revealMode, rect, insideFixed, alignment, alignment))
+ if (start.deprecatedNode()->renderer()->scrollRectToVisible(revealMode, rect, insideFixed, alignment, alignment, ShouldAllowCrossOriginScrolling::Yes))
updateAppearance();
#endif
}
Modified: trunk/Source/WebCore/loader/FrameLoader.cpp (232122 => 232123)
--- trunk/Source/WebCore/loader/FrameLoader.cpp 2018-05-23 20:02:37 UTC (rev 232122)
+++ trunk/Source/WebCore/loader/FrameLoader.cpp 2018-05-23 20:22:18 UTC (rev 232123)
@@ -3035,17 +3035,8 @@
if (!view)
return;
- // Leaking scroll position to a cross-origin ancestor would permit the so-called "framesniffing" attack.
- RefPtr<Frame> boundaryFrame(url.hasFragmentIdentifier() ? m_frame.document()->findUnsafeParentScrollPropagationBoundary() : 0);
-
- if (boundaryFrame)
- boundaryFrame->view()->setSafeToPropagateScrollToParent(false);
-
if (isSameDocumentReload(isNewNavigation, m_loadType) || itemAllowsScrollRestoration(history().currentItem()))
view->scrollToFragment(url);
-
- if (boundaryFrame)
- boundaryFrame->view()->setSafeToPropagateScrollToParent(true);
}
bool FrameLoader::shouldClose()
Modified: trunk/Source/WebCore/page/FrameView.cpp (232122 => 232123)
--- trunk/Source/WebCore/page/FrameView.cpp 2018-05-23 20:02:37 UTC (rev 232122)
+++ trunk/Source/WebCore/page/FrameView.cpp 2018-05-23 20:22:18 UTC (rev 232123)
@@ -179,7 +179,6 @@
, m_overflowStatusDirty(true)
, m_wasScrolledByUser(false)
, m_inProgrammaticScroll(false)
- , m_safeToPropagateScrollToParent(true)
, m_delayedScrollEventTimer(*this, &FrameView::sendScrollEvent)
, m_selectionRevealModeForFocusedElement(SelectionRevealMode::DoNotReveal)
, m_delayedScrollToFocusedElementTimer(*this, &FrameView::scrollToFocusedElementTimerFired)
@@ -264,7 +263,6 @@
m_updateEmbeddedObjectsTimer.stop();
m_firstLayoutCallbackPending = false;
m_wasScrolledByUser = false;
- m_safeToPropagateScrollToParent = true;
m_delayedScrollEventTimer.stop();
m_shouldScrollToFocusedElement = false;
m_delayedScrollToFocusedElementTimer.stop();
@@ -2323,7 +2321,7 @@
bool insideFixed;
LayoutRect absoluteBounds = renderer->absoluteAnchorRect(&insideFixed);
- renderer->scrollRectToVisible(m_selectionRevealModeForFocusedElement, absoluteBounds, insideFixed);
+ renderer->scrollRectToVisible(m_selectionRevealModeForFocusedElement, absoluteBounds, insideFixed, ScrollAlignment::alignCenterIfNeeded, ScrollAlignment::alignCenterIfNeeded, ShouldAllowCrossOriginScrolling::No);
}
void FrameView::contentsResized()
@@ -3059,6 +3057,23 @@
return true;
}
+bool FrameView::safeToPropagateScrollToParent() const
+{
+ auto* document = frame().document();
+ if (!document)
+ return false;
+
+ auto* parentFrame = frame().tree().parent();
+ if (!parentFrame)
+ return false;
+
+ auto* parentDocument = parentFrame->document();
+ if (!parentDocument)
+ return false;
+
+ return document->securityOrigin().canAccess(parentDocument->securityOrigin());
+}
+
void FrameView::scrollToAnchor()
{
RefPtr<ContainerNode> anchorNode = m_maintainScrollPositionAnchor;
@@ -3083,11 +3098,11 @@
// Scroll nested layers and frames to reveal the anchor.
// Align to the top and to the closest side (this matches other browsers).
if (anchorNode->renderer()->style().isHorizontalWritingMode())
- anchorNode->renderer()->scrollRectToVisible(SelectionRevealMode::Reveal, rect, insideFixed, ScrollAlignment::alignToEdgeIfNeeded, ScrollAlignment::alignTopAlways);
+ anchorNode->renderer()->scrollRectToVisible(SelectionRevealMode::Reveal, rect, insideFixed, ScrollAlignment::alignToEdgeIfNeeded, ScrollAlignment::alignTopAlways, ShouldAllowCrossOriginScrolling::No);
else if (anchorNode->renderer()->style().isFlippedBlocksWritingMode())
- anchorNode->renderer()->scrollRectToVisible(SelectionRevealMode::Reveal, rect, insideFixed, ScrollAlignment::alignRightAlways, ScrollAlignment::alignToEdgeIfNeeded);
+ anchorNode->renderer()->scrollRectToVisible(SelectionRevealMode::Reveal, rect, insideFixed, ScrollAlignment::alignRightAlways, ScrollAlignment::alignToEdgeIfNeeded, ShouldAllowCrossOriginScrolling::No);
else
- anchorNode->renderer()->scrollRectToVisible(SelectionRevealMode::Reveal, rect, insideFixed, ScrollAlignment::alignLeftAlways, ScrollAlignment::alignToEdgeIfNeeded);
+ anchorNode->renderer()->scrollRectToVisible(SelectionRevealMode::Reveal, rect, insideFixed, ScrollAlignment::alignLeftAlways, ScrollAlignment::alignToEdgeIfNeeded, ShouldAllowCrossOriginScrolling::No);
if (AXObjectCache* cache = frame().document()->existingAXObjectCache())
cache->handleScrolledToAnchor(anchorNode.get());
Modified: trunk/Source/WebCore/page/FrameView.h (232122 => 232123)
--- trunk/Source/WebCore/page/FrameView.h 2018-05-23 20:02:37 UTC (rev 232122)
+++ trunk/Source/WebCore/page/FrameView.h 2018-05-23 20:22:18 UTC (rev 232123)
@@ -337,8 +337,7 @@
WEBCORE_EXPORT bool wasScrolledByUser() const;
WEBCORE_EXPORT void setWasScrolledByUser(bool);
- bool safeToPropagateScrollToParent() const { return m_safeToPropagateScrollToParent; }
- void setSafeToPropagateScrollToParent(bool isSafe) { m_safeToPropagateScrollToParent = isSafe; }
+ bool safeToPropagateScrollToParent() const;
void addEmbeddedObjectToUpdate(RenderEmbeddedObject&);
void removeEmbeddedObjectToUpdate(RenderEmbeddedObject&);
@@ -823,7 +822,6 @@
bool m_wasScrolledByUser;
bool m_inProgrammaticScroll;
- bool m_safeToPropagateScrollToParent;
Timer m_delayedScrollEventTimer;
bool m_shouldScrollToFocusedElement { false };
SelectionRevealMode m_selectionRevealModeForFocusedElement;
Modified: trunk/Source/WebCore/rendering/RenderLayer.cpp (232122 => 232123)
--- trunk/Source/WebCore/rendering/RenderLayer.cpp 2018-05-23 20:02:37 UTC (rev 232122)
+++ trunk/Source/WebCore/rendering/RenderLayer.cpp 2018-05-23 20:22:18 UTC (rev 232123)
@@ -2504,7 +2504,7 @@
return box->hasHorizontalOverflow() || box->hasVerticalOverflow();
}
-void RenderLayer::scrollRectToVisible(SelectionRevealMode revealMode, const LayoutRect& absoluteRect, bool insideFixed, const ScrollAlignment& alignX, const ScrollAlignment& alignY)
+void RenderLayer::scrollRectToVisible(SelectionRevealMode revealMode, const LayoutRect& absoluteRect, bool insideFixed, const ScrollAlignment& alignX, const ScrollAlignment& alignY, ShouldAllowCrossOriginScrolling shouldAllowCrossOriginScrolling)
{
LOG_WITH_STREAM(Scrolling, stream << "Layer " << this << " scrollRectToVisible " << absoluteRect);
@@ -2556,7 +2556,7 @@
scrollOffset = scrollOffset.constrainedBetween(IntPoint(), IntPoint(frameView.contentsSize()));
frameView.setScrollPosition(scrollOffset);
- if (frameView.safeToPropagateScrollToParent()) {
+ if (shouldAllowCrossOriginScrolling == ShouldAllowCrossOriginScrolling::Yes || frameView.safeToPropagateScrollToParent()) {
parentLayer = ownerElement->renderer()->enclosingLayer();
// Convert the rect into the coordinate space of the parent frame's document.
newRect = frameView.contentsToContainingViewContents(enclosingIntRect(newRect));
@@ -2591,7 +2591,7 @@
}
if (parentLayer)
- parentLayer->scrollRectToVisible(revealMode, newRect, insideFixed, alignX, alignY);
+ parentLayer->scrollRectToVisible(revealMode, newRect, insideFixed, alignX, alignY, shouldAllowCrossOriginScrolling);
}
void RenderLayer::updateCompositingLayersAfterScroll()
@@ -2714,7 +2714,7 @@
void RenderLayer::autoscroll(const IntPoint& positionInWindow)
{
IntPoint currentDocumentPosition = renderer().view().frameView().windowToContents(positionInWindow);
- scrollRectToVisible(SelectionRevealMode::Reveal, LayoutRect(currentDocumentPosition, LayoutSize(1, 1)), false, ScrollAlignment::alignToEdgeIfNeeded, ScrollAlignment::alignToEdgeIfNeeded);
+ scrollRectToVisible(SelectionRevealMode::Reveal, LayoutRect(currentDocumentPosition, LayoutSize(1, 1)), false, ScrollAlignment::alignToEdgeIfNeeded, ScrollAlignment::alignToEdgeIfNeeded, ShouldAllowCrossOriginScrolling::Yes);
}
bool RenderLayer::canResize() const
Modified: trunk/Source/WebCore/rendering/RenderLayer.h (232122 => 232123)
--- trunk/Source/WebCore/rendering/RenderLayer.h 2018-05-23 20:02:37 UTC (rev 232122)
+++ trunk/Source/WebCore/rendering/RenderLayer.h 2018-05-23 20:22:18 UTC (rev 232123)
@@ -218,7 +218,7 @@
void availableContentSizeChanged(AvailableSizeChangeReason) override;
// "absoluteRect" is in scaled document coordinates.
- void scrollRectToVisible(SelectionRevealMode, const LayoutRect& absoluteRect, bool insideFixed, const ScrollAlignment& alignX, const ScrollAlignment& alignY);
+ void scrollRectToVisible(SelectionRevealMode, const LayoutRect& absoluteRect, bool insideFixed, const ScrollAlignment& alignX, const ScrollAlignment& alignY, ShouldAllowCrossOriginScrolling);
bool scrollsOverflow() const;
bool hasScrollbars() const { return m_hBar || m_vBar; }
Modified: trunk/Source/WebCore/rendering/RenderObject.cpp (232122 => 232123)
--- trunk/Source/WebCore/rendering/RenderObject.cpp 2018-05-23 20:02:37 UTC (rev 232122)
+++ trunk/Source/WebCore/rendering/RenderObject.cpp 2018-05-23 20:22:18 UTC (rev 232123)
@@ -414,7 +414,7 @@
return nullptr;
}
-bool RenderObject::scrollRectToVisible(SelectionRevealMode revealMode, const LayoutRect& absoluteRect, bool insideFixed, const ScrollAlignment& alignX, const ScrollAlignment& alignY)
+bool RenderObject::scrollRectToVisible(SelectionRevealMode revealMode, const LayoutRect& absoluteRect, bool insideFixed, const ScrollAlignment& alignX, const ScrollAlignment& alignY, ShouldAllowCrossOriginScrolling shouldAllowCrossOriginScrolling)
{
if (revealMode == SelectionRevealMode::DoNotReveal)
return false;
@@ -423,7 +423,7 @@
if (!enclosingLayer)
return false;
- enclosingLayer->scrollRectToVisible(revealMode, absoluteRect, insideFixed, alignX, alignY);
+ enclosingLayer->scrollRectToVisible(revealMode, absoluteRect, insideFixed, alignX, alignY, shouldAllowCrossOriginScrolling);
return true;
}
Modified: trunk/Source/WebCore/rendering/RenderObject.h (232122 => 232123)
--- trunk/Source/WebCore/rendering/RenderObject.h 2018-05-23 20:02:37 UTC (rev 232122)
+++ trunk/Source/WebCore/rendering/RenderObject.h 2018-05-23 20:22:18 UTC (rev 232123)
@@ -81,6 +81,8 @@
const int caretWidth = 1;
#endif
+enum class ShouldAllowCrossOriginScrolling { No, Yes };
+
#if ENABLE(DASHBOARD_SUPPORT)
struct AnnotatedRegionValue {
bool operator==(const AnnotatedRegionValue& o) const
@@ -158,7 +160,7 @@
WEBCORE_EXPORT RenderLayer* enclosingLayer() const;
// Scrolling is a RenderBox concept, however some code just cares about recursively scrolling our enclosing ScrollableArea(s).
- WEBCORE_EXPORT bool scrollRectToVisible(SelectionRevealMode, const LayoutRect& absoluteRect, bool insideFixed, const ScrollAlignment& alignX = ScrollAlignment::alignCenterIfNeeded, const ScrollAlignment& alignY = ScrollAlignment::alignCenterIfNeeded);
+ WEBCORE_EXPORT bool scrollRectToVisible(SelectionRevealMode, const LayoutRect& absoluteRect, bool insideFixed, const ScrollAlignment& alignX = ScrollAlignment::alignCenterIfNeeded, const ScrollAlignment& alignY = ScrollAlignment::alignCenterIfNeeded, ShouldAllowCrossOriginScrolling = ShouldAllowCrossOriginScrolling::No);
// Convenience function for getting to the nearest enclosing box of a RenderObject.
WEBCORE_EXPORT RenderBox& enclosingBox() const;
Modified: trunk/Source/WebKitLegacy/mac/WebView/WebFrame.mm (232122 => 232123)
--- trunk/Source/WebKitLegacy/mac/WebView/WebFrame.mm 2018-05-23 20:02:37 UTC (rev 232122)
+++ trunk/Source/WebKitLegacy/mac/WebView/WebFrame.mm 2018-05-23 20:22:18 UTC (rev 232123)
@@ -741,12 +741,12 @@
if (startNode && startNode->renderer()) {
#if !PLATFORM(IOS)
- startNode->renderer()->scrollRectToVisible(SelectionRevealMode::Reveal, enclosingIntRect(rangeRect), insideFixed, ScrollAlignment::alignToEdgeIfNeeded, ScrollAlignment::alignToEdgeIfNeeded);
+ startNode->renderer()->scrollRectToVisible(SelectionRevealMode::Reveal, enclosingIntRect(rangeRect), insideFixed, ScrollAlignment::alignToEdgeIfNeeded, ScrollAlignment::alignToEdgeIfNeeded, ShouldAllowCrossOriginScrolling::Yes);
#else
RenderLayer* layer = startNode->renderer()->enclosingLayer();
if (layer) {
layer->setAdjustForIOSCaretWhenScrolling(true);
- startNode->renderer()->scrollRectToVisible(SelectionRevealMode::Reveal, enclosingIntRect(rangeRect), insideFixed, ScrollAlignment::alignToEdgeIfNeeded, ScrollAlignment::alignToEdgeIfNeeded);
+ startNode->renderer()->scrollRectToVisible(SelectionRevealMode::Reveal, enclosingIntRect(rangeRect), insideFixed, ScrollAlignment::alignToEdgeIfNeeded, ScrollAlignment::alignToEdgeIfNeeded, ShouldAllowCrossOriginScrolling::Yes);
layer->setAdjustForIOSCaretWhenScrolling(false);
_private->coreFrame->selection().setCaretRectNeedsUpdate();
_private->coreFrame->selection().updateAppearance();
@@ -766,7 +766,7 @@
RenderLayer* layer = startNode->renderer()->enclosingLayer();
if (layer) {
layer->setAdjustForIOSCaretWhenScrolling(true);
- startNode->renderer()->scrollRectToVisible(SelectionRevealMode::Reveal, enclosingIntRect(rangeRect), insideFixed, ScrollAlignment::alignToEdgeIfNeeded, ScrollAlignment::alignToEdgeIfNeeded);
+ startNode->renderer()->scrollRectToVisible(SelectionRevealMode::Reveal, enclosingIntRect(rangeRect), insideFixed, ScrollAlignment::alignToEdgeIfNeeded, ScrollAlignment::alignToEdgeIfNeeded, ShouldAllowCrossOriginScrolling::Yes);
layer->setAdjustForIOSCaretWhenScrolling(false);
Frame *coreFrame = core(self);
