Title: [259950] releases/WebKitGTK/webkit-2.28
- Revision
- 259950
- Author
- carlo...@webkit.org
- Date
- 2020-04-12 06:03:13 -0700 (Sun, 12 Apr 2020)
Log Message
Merge r258532 - A change event gets dispatched when textarea gets changed without focus
https://bugs.webkit.org/show_bug.cgi?id=202144
Patch by ChangSeok Oh <changs...@webkit.org> on 2020-03-16
Reviewed by Ryosuke Niwa.
Source/WebCore:
A crash happens in WebCore::ValidationMessage::buildBubbleTree. An immediate reason
is that DOM tree is modified in buildBubbleTree triggered by a timer.
The function calls document.updateLayout() that causes a change event
for textarea to fire when something changed in the textarea.
This bug is not reproduced on Mac because buildBubbleTree is not called.
See ValidationMessage::setMessage.
On the other hand, the root cause of this issue is triggering the change event
for textarea even if it is not focused when a change is made. This behavior
is different to what Gecko and Chromium do. When loading the test, they do not
trigger the change event although the textarea is filled by the script
since the textarea is not focused. Only when we manually make a change (meaning
the textarea is focused by user input), the event gets dispatched. To fix it,
setChangedSinceLastFormControlChangeEvent(true) is moved below the focus check
in HTMLTextAreaElement::subtreeHasChanged();
Test: fast/forms/textfield-onchange-without-focus.html
* html/HTMLTextAreaElement.cpp:
(WebCore::HTMLTextAreaElement::subtreeHasChanged):
LayoutTests:
The test should be identical to the extected result without crash.
* fast/forms/textfield-onchange-without-focus-expected.html: Added.
* fast/forms/textfield-onchange-without-focus.html: Added.
Modified Paths
Added Paths
Diff
Modified: releases/WebKitGTK/webkit-2.28/LayoutTests/ChangeLog (259949 => 259950)
--- releases/WebKitGTK/webkit-2.28/LayoutTests/ChangeLog 2020-04-12 13:03:07 UTC (rev 259949)
+++ releases/WebKitGTK/webkit-2.28/LayoutTests/ChangeLog 2020-04-12 13:03:13 UTC (rev 259950)
@@ -1,3 +1,15 @@
+2020-03-16 ChangSeok Oh <changs...@webkit.org>
+
+ A change event gets dispatched when textarea gets changed without focus
+ https://bugs.webkit.org/show_bug.cgi?id=202144
+
+ Reviewed by Ryosuke Niwa.
+
+ The test should be identical to the extected result without crash.
+
+ * fast/forms/textfield-onchange-without-focus-expected.html: Added.
+ * fast/forms/textfield-onchange-without-focus.html: Added.
+
2020-03-06 Enrique Ocaña González <eoca...@igalia.com>
[GStreamer] Streaming aac/mp3 audio doesn't always work
Added: releases/WebKitGTK/webkit-2.28/LayoutTests/fast/forms/textfield-onchange-without-focus-expected.html (0 => 259950)
--- releases/WebKitGTK/webkit-2.28/LayoutTests/fast/forms/textfield-onchange-without-focus-expected.html (rev 0)
+++ releases/WebKitGTK/webkit-2.28/LayoutTests/fast/forms/textfield-onchange-without-focus-expected.html 2020-04-12 13:03:13 UTC (rev 259950)
@@ -0,0 +1,22 @@
+<!DOCTYPE html>
+<script>
+function test() {
+ const select = document.querySelector('select');
+ select.setCustomValidity('validity');
+ select.reportValidity();
+
+ const textarea = document.querySelector('textarea');
+ textarea.setRangeText('lol');
+ select.autofocus = true;
+
+ setTimeout(() => {
+ select.reportValidity();
+ textarea.blur();
+ }, 0);
+}
+</script>
+<body _onload_='test()'>
+ <p>The onchange should not be triggered by textarea when it got something changed without being focused. Pass if not crashed, and the focused select box is displayed.</p>
+ <select></select>
+ <textarea></textarea>
+</body>
Added: releases/WebKitGTK/webkit-2.28/LayoutTests/fast/forms/textfield-onchange-without-focus.html (0 => 259950)
--- releases/WebKitGTK/webkit-2.28/LayoutTests/fast/forms/textfield-onchange-without-focus.html (rev 0)
+++ releases/WebKitGTK/webkit-2.28/LayoutTests/fast/forms/textfield-onchange-without-focus.html 2020-04-12 13:03:13 UTC (rev 259950)
@@ -0,0 +1,22 @@
+<!DOCTYPE html>
+<script>
+function test() {
+ const select = document.querySelector('select');
+ select.setCustomValidity('validity');
+ select.reportValidity();
+
+ const textarea = document.querySelector('textarea');
+ textarea.setRangeText('lol');
+ select.autofocus = true;
+
+ setTimeout(() => {
+ select.reportValidity();
+ textarea.blur();
+ }, 0);
+}
+</script>
+<body _onload_='test()'>
+ <p>The onchange should not be triggered by textarea when it got something changed without being focused. Pass if not crashed, and the focused select box is displayed.</p>
+ <select></select>
+ <textarea _onchange_="document.all[2].appendChild(document.querySelector('select'));"></textarea>
+</body>
Modified: releases/WebKitGTK/webkit-2.28/Source/WebCore/ChangeLog (259949 => 259950)
--- releases/WebKitGTK/webkit-2.28/Source/WebCore/ChangeLog 2020-04-12 13:03:07 UTC (rev 259949)
+++ releases/WebKitGTK/webkit-2.28/Source/WebCore/ChangeLog 2020-04-12 13:03:13 UTC (rev 259950)
@@ -1,3 +1,30 @@
+2020-03-16 ChangSeok Oh <changs...@webkit.org>
+
+ A change event gets dispatched when textarea gets changed without focus
+ https://bugs.webkit.org/show_bug.cgi?id=202144
+
+ Reviewed by Ryosuke Niwa.
+
+ A crash happens in WebCore::ValidationMessage::buildBubbleTree. An immediate reason
+ is that DOM tree is modified in buildBubbleTree triggered by a timer.
+ The function calls document.updateLayout() that causes a change event
+ for textarea to fire when something changed in the textarea.
+ This bug is not reproduced on Mac because buildBubbleTree is not called.
+ See ValidationMessage::setMessage.
+ On the other hand, the root cause of this issue is triggering the change event
+ for textarea even if it is not focused when a change is made. This behavior
+ is different to what Gecko and Chromium do. When loading the test, they do not
+ trigger the change event although the textarea is filled by the script
+ since the textarea is not focused. Only when we manually make a change (meaning
+ the textarea is focused by user input), the event gets dispatched. To fix it,
+ setChangedSinceLastFormControlChangeEvent(true) is moved below the focus check
+ in HTMLTextAreaElement::subtreeHasChanged();
+
+ Test: fast/forms/textfield-onchange-without-focus.html
+
+ * html/HTMLTextAreaElement.cpp:
+ (WebCore::HTMLTextAreaElement::subtreeHasChanged):
+
2020-03-17 Philippe Normand <pnorm...@igalia.com>
[GStreamer][MSE] Playback rate update support
Modified: releases/WebKitGTK/webkit-2.28/Source/WebCore/html/HTMLTextAreaElement.cpp (259949 => 259950)
--- releases/WebKitGTK/webkit-2.28/Source/WebCore/html/HTMLTextAreaElement.cpp 2020-04-12 13:03:07 UTC (rev 259949)
+++ releases/WebKitGTK/webkit-2.28/Source/WebCore/html/HTMLTextAreaElement.cpp 2020-04-12 13:03:13 UTC (rev 259950)
@@ -284,7 +284,6 @@
void HTMLTextAreaElement::subtreeHasChanged()
{
- setChangedSinceLastFormControlChangeEvent(true);
setFormControlValueMatchesRenderer(false);
updateValidity();
@@ -291,6 +290,8 @@
if (!focused())
return;
+ setChangedSinceLastFormControlChangeEvent(true);
+
if (RefPtr<Frame> frame = document().frame())
frame->editor().textDidChangeInTextArea(this);
// When typing in a textarea, childrenChanged is not called, so we need to force the directionality check.
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
