[webkit-changes] [271382] trunk

Mon, 11 Jan 2021 14:57:45 -0800

Title: [271382] trunk
Revision
271382
Author
[email protected]
Date
2021-01-11 14:57:05 -0800 (Mon, 11 Jan 2021)

Log Message

Relax assertion in Element::dispatchFocusOutEvent() for non-web process case
https://bugs.webkit.org/show_bug.cgi?id=220478

Patch by Julian Gonzalez <[email protected]> on 2021-01-11
Reviewed by Ryosuke Niwa.

Source/WebCore:

Relax an assertion in Element::dispatchFocusOutEvent()
(and Element::dispatchFocusInEvent()) that can mistakenly
fire in DumpRenderTree. Also, use
RELEASE_ASSERT_WITH_SECURITY_IMPLICATION() instead of
ASSERT_WITH_SECURITY_IMPLICATION().

Test: editing/inserting/caret-surround.html

* dom/Element.cpp:
(WebCore::Element::dispatchFocusInEvent):
(WebCore::Element::dispatchFocusOutEvent):

LayoutTests:

Add a test that verifies we do not crash
due to the assertion failure.

* editing/inserting/caret-surround-expected.txt: Added.
* editing/inserting/caret-surround.html: Added.

Modified Paths

Added Paths

Diff

Modified: trunk/LayoutTests/ChangeLog (271381 => 271382)


--- trunk/LayoutTests/ChangeLog	2021-01-11 22:29:21 UTC (rev 271381)
+++ trunk/LayoutTests/ChangeLog	2021-01-11 22:57:05 UTC (rev 271382)
@@ -1,3 +1,16 @@
+2021-01-11  Julian Gonzalez  <[email protected]>
+
+        Relax assertion in Element::dispatchFocusOutEvent() for non-web process case
+        https://bugs.webkit.org/show_bug.cgi?id=220478
+
+        Reviewed by Ryosuke Niwa.
+
+        Add a test that verifies we do not crash
+        due to the assertion failure.
+
+        * editing/inserting/caret-surround-expected.txt: Added.
+        * editing/inserting/caret-surround.html: Added.
+
 2021-01-11  Sihui Liu  <[email protected]>
 
         Make SpeechRecognition permission error more informative

Added: trunk/LayoutTests/editing/inserting/caret-surround-expected.txt (0 => 271382)


--- trunk/LayoutTests/editing/inserting/caret-surround-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/editing/inserting/caret-surround-expected.txt	2021-01-11 22:57:05 UTC (rev 271382)
@@ -0,0 +1,2 @@
+This tests that we do not hit an assertion while unfocusing.
+

Added: trunk/LayoutTests/editing/inserting/caret-surround.html (0 => 271382)


--- trunk/LayoutTests/editing/inserting/caret-surround.html	                        (rev 0)
+++ trunk/LayoutTests/editing/inserting/caret-surround.html	2021-01-11 22:57:05 UTC (rev 271382)
@@ -0,0 +1,25 @@
+<html>
+<head>
+<script>
+function testonload() {
+    if (window.testRunner)
+        testRunner.dumpAsText();
+
+    caretrange = document.caretRangeFromPoint();
+    button.style.setProperty("content", "url()");
+    button.autofocus = true;
+    caretrange.surroundContents(textarea);
+}
+function togglehandler() {
+    textarea.selectionStart = 0;
+}
+</script>
+</head>
+<body _onload_=testonload()>This tests that we do not hit an assertion while unfocusing.
+<textarea id="textarea">PASS</textarea>
+<details _ontoggle_="togglehandler()" open="true">
+<img src=""
+<button id="button"></button>
+</details>
+</body>
+</html>

Modified: trunk/Source/WebCore/ChangeLog (271381 => 271382)


--- trunk/Source/WebCore/ChangeLog	2021-01-11 22:29:21 UTC (rev 271381)
+++ trunk/Source/WebCore/ChangeLog	2021-01-11 22:57:05 UTC (rev 271382)
@@ -1,3 +1,22 @@
+2021-01-11  Julian Gonzalez  <[email protected]>
+
+        Relax assertion in Element::dispatchFocusOutEvent() for non-web process case
+        https://bugs.webkit.org/show_bug.cgi?id=220478
+
+        Reviewed by Ryosuke Niwa.
+
+        Relax an assertion in Element::dispatchFocusOutEvent()
+        (and Element::dispatchFocusInEvent()) that can mistakenly
+        fire in DumpRenderTree. Also, use
+        RELEASE_ASSERT_WITH_SECURITY_IMPLICATION() instead of
+        ASSERT_WITH_SECURITY_IMPLICATION().
+
+        Test: editing/inserting/caret-surround.html
+
+        * dom/Element.cpp:
+        (WebCore::Element::dispatchFocusInEvent):
+        (WebCore::Element::dispatchFocusOutEvent):
+
 2021-01-11  Sihui Liu  <[email protected]>
 
         Keep newly created IDBObjectStores in deleted map when IDBTransaction is aborted

Modified: trunk/Source/WebCore/dom/Element.cpp (271381 => 271382)


--- trunk/Source/WebCore/dom/Element.cpp	2021-01-11 22:29:21 UTC (rev 271381)
+++ trunk/Source/WebCore/dom/Element.cpp	2021-01-11 22:57:05 UTC (rev 271382)
@@ -3117,7 +3117,7 @@
 
 void Element::dispatchFocusInEvent(const AtomString& eventType, RefPtr<Element>&& oldFocusedElement)
 {
-    ASSERT_WITH_SECURITY_IMPLICATION(ScriptDisallowedScope::InMainThread::isScriptAllowed());
+    RELEASE_ASSERT_WITH_SECURITY_IMPLICATION(ScriptDisallowedScope::InMainThread::isScriptAllowed() || !isInWebProcess());
     ASSERT(eventType == eventNames().focusinEvent || eventType == eventNames().DOMFocusInEvent);
     dispatchScopedEvent(FocusEvent::create(eventType, Event::CanBubble::Yes, Event::IsCancelable::No, document().windowProxy(), 0, WTFMove(oldFocusedElement)));
 }
@@ -3124,7 +3124,7 @@
 
 void Element::dispatchFocusOutEvent(const AtomString& eventType, RefPtr<Element>&& newFocusedElement)
 {
-    ASSERT_WITH_SECURITY_IMPLICATION(ScriptDisallowedScope::InMainThread::isScriptAllowed());
+    RELEASE_ASSERT_WITH_SECURITY_IMPLICATION(ScriptDisallowedScope::InMainThread::isScriptAllowed() || !isInWebProcess());
     ASSERT(eventType == eventNames().focusoutEvent || eventType == eventNames().DOMFocusOutEvent);
     dispatchScopedEvent(FocusEvent::create(eventType, Event::CanBubble::Yes, Event::IsCancelable::No, document().windowProxy(), 0, WTFMove(newFocusedElement)));
 }

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to