[webkit-changes] [275591] trunk

Wed, 07 Apr 2021 00:43:36 -0700

Title: [275591] trunk
Revision
275591
Author
rn...@webkit.org
Date
2021-04-07 00:42:44 -0700 (Wed, 07 Apr 2021)

Log Message

REGRESSION(r274812): Release assert in Document::updateLayout() after calling focus({preventScroll: true}) on a textarea
https://bugs.webkit.org/show_bug.cgi?id=224262

Reviewed by Antti Koivisto.

Source/WebCore:

The regression was caused by Element::focus not updating the selection when preventScroll is set to true.
Fixed it by always updating the selection whenever Element::focus is called.

Test: fast/forms/textarea/textarea-focus-prevent-scroll-crash.html

* dom/Element.cpp:
(WebCore::Element::focus):
(WebCore::Element::findTargetAndUpdateFocusAppearance): Renamed from revealFocusedElement.
* dom/Element.h:
* page/EventHandler.cpp:
(WebCore::EventHandler::dispatchMouseEvent):

LayoutTests:

Added a regression test.

* fast/forms/textarea/textarea-focus-prevent-scroll-crash-expected.txt: Added.
* fast/forms/textarea/textarea-focus-prevent-scroll-crash.html: Added.

Modified Paths

Added Paths

Diff

Modified: trunk/LayoutTests/ChangeLog (275590 => 275591)


--- trunk/LayoutTests/ChangeLog	2021-04-07 07:40:41 UTC (rev 275590)
+++ trunk/LayoutTests/ChangeLog	2021-04-07 07:42:44 UTC (rev 275591)
@@ -1,3 +1,15 @@
+2021-04-07  Ryosuke Niwa  <rn...@webkit.org>
+
+        REGRESSION(r274812): Release assert in Document::updateLayout() after calling focus({preventScroll: true}) on a textarea
+        https://bugs.webkit.org/show_bug.cgi?id=224262
+
+        Reviewed by Antti Koivisto.
+
+        Added a regression test.
+
+        * fast/forms/textarea/textarea-focus-prevent-scroll-crash-expected.txt: Added.
+        * fast/forms/textarea/textarea-focus-prevent-scroll-crash.html: Added.
+
 2021-04-06  Sihui Liu  <sihui_...@apple.com>
 
         [ Catalina WK2 Release ] http/tests/IndexedDB/storage-limit-1.https.html is a flaky failure

Added: trunk/LayoutTests/fast/forms/textarea/textarea-focus-prevent-scroll-crash-expected.txt (0 => 275591)


--- trunk/LayoutTests/fast/forms/textarea/textarea-focus-prevent-scroll-crash-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/fast/forms/textarea/textarea-focus-prevent-scroll-crash-expected.txt	2021-04-07 07:42:44 UTC (rev 275591)
@@ -0,0 +1,4 @@
+This tests calling focus({preventScroll: true}) and removing textarea's children.
+WebKit should not crash or hit any assertions.
+
+PASS

Added: trunk/LayoutTests/fast/forms/textarea/textarea-focus-prevent-scroll-crash.html (0 => 275591)


--- trunk/LayoutTests/fast/forms/textarea/textarea-focus-prevent-scroll-crash.html	                        (rev 0)
+++ trunk/LayoutTests/fast/forms/textarea/textarea-focus-prevent-scroll-crash.html	2021-04-07 07:42:44 UTC (rev 275591)
@@ -0,0 +1,25 @@
+<!DOCTYPE html>
+<html>
+<body>
+<p>This tests calling focus({preventScroll: true}) and removing textarea's children.<br>
+WebKit should not crash or hit any assertions.</p>
+<script>
+
+if (window.testRunner)
+    testRunner.dumpAsText();
+
+const input = document.createElement('input');
+document.body.appendChild(input);
+
+const textarea = document.createElement('textarea');
+input.appendChild(textarea);
+
+textarea.focus({preventScroll: true});
+document.body.offsetTop;
+textarea.replaceChildren();
+
+document.write('PASS');
+
+</script>
+</body>
+</html>

Modified: trunk/Source/WebCore/ChangeLog (275590 => 275591)


--- trunk/Source/WebCore/ChangeLog	2021-04-07 07:40:41 UTC (rev 275590)
+++ trunk/Source/WebCore/ChangeLog	2021-04-07 07:42:44 UTC (rev 275591)
@@ -1,3 +1,22 @@
+2021-04-07  Ryosuke Niwa  <rn...@webkit.org>
+
+        REGRESSION(r274812): Release assert in Document::updateLayout() after calling focus({preventScroll: true}) on a textarea
+        https://bugs.webkit.org/show_bug.cgi?id=224262
+
+        Reviewed by Antti Koivisto.
+
+        The regression was caused by Element::focus not updating the selection when preventScroll is set to true.
+        Fixed it by always updating the selection whenever Element::focus is called.
+
+        Test: fast/forms/textarea/textarea-focus-prevent-scroll-crash.html
+
+        * dom/Element.cpp:
+        (WebCore::Element::focus):
+        (WebCore::Element::findTargetAndUpdateFocusAppearance): Renamed from revealFocusedElement.
+        * dom/Element.h:
+        * page/EventHandler.cpp:
+        (WebCore::EventHandler::dispatchMouseEvent):
+
 2021-04-07  Stephan Szabo  <stephan.sz...@sony.com>
 
         [PlayStation] Provide a non-empty User Agent

Modified: trunk/Source/WebCore/dom/Element.cpp (275590 => 275591)


--- trunk/Source/WebCore/dom/Element.cpp	2021-04-07 07:40:41 UTC (rev 275590)
+++ trunk/Source/WebCore/dom/Element.cpp	2021-04-07 07:42:44 UTC (rev 275591)
@@ -3088,19 +3088,16 @@
             return;
     }
 
-    if (!options.preventScroll)
-        newTarget->revealFocusedElement(options.selectionRestorationMode);
+    newTarget->findTargetAndUpdateFocusAppearance(options.selectionRestorationMode, options.preventScroll ? SelectionRevealMode::DoNotReveal : SelectionRevealMode::Reveal);
 }
 
-void Element::revealFocusedElement(SelectionRestorationMode selectionMode)
+void Element::findTargetAndUpdateFocusAppearance(SelectionRestorationMode selectionMode, SelectionRevealMode revealMode)
 {
-    SelectionRevealMode revealMode = SelectionRevealMode::Reveal;
-
 #if PLATFORM(IOS_FAMILY)
     // Focusing a form element triggers animation in UIKit to scroll to the right position.
     // Calling updateFocusAppearance() would generate an unnecessary call to ScrollView::setScrollPosition(),
     // which would jump us around during this animation. See <rdar://problem/6699741>.
-    if (is<HTMLFormControlElement>(*this))
+    if (revealMode == SelectionRevealMode::Reveal && is<HTMLFormControlElement>(*this))
         revealMode = SelectionRevealMode::RevealUpToMainFrame;
 #endif

Modified: trunk/Source/WebCore/dom/Element.h (275590 => 275591)


--- trunk/Source/WebCore/dom/Element.h	2021-04-07 07:40:41 UTC (rev 275590)
+++ trunk/Source/WebCore/dom/Element.h	2021-04-07 07:42:44 UTC (rev 275591)
@@ -405,7 +405,7 @@
 
     static AXTextStateChangeIntent defaultFocusTextStateChangeIntent() { return AXTextStateChangeIntent(AXTextStateChangeTypeSelectionMove, AXTextSelection { AXTextSelectionDirectionDiscontiguous, AXTextSelectionGranularityUnknown, true }); }
     virtual void focus(const FocusOptions& = { });
-    void revealFocusedElement(SelectionRestorationMode);
+    void findTargetAndUpdateFocusAppearance(SelectionRestorationMode, SelectionRevealMode = SelectionRevealMode::Reveal);
     virtual RefPtr<Element> focusAppearanceUpdateTarget();
     virtual void updateFocusAppearance(SelectionRestorationMode, SelectionRevealMode = SelectionRevealMode::Reveal);
     virtual void blur();

Modified: trunk/Source/WebCore/page/EventHandler.cpp (275590 => 275591)


--- trunk/Source/WebCore/page/EventHandler.cpp	2021-04-07 07:40:41 UTC (rev 275590)
+++ trunk/Source/WebCore/page/EventHandler.cpp	2021-04-07 07:42:44 UTC (rev 275591)
@@ -2723,7 +2723,7 @@
         return false;
 
     if (element && m_mouseDownDelegatedFocus)
-        element->revealFocusedElement(SelectionRestorationMode::SelectAll);
+        element->findTargetAndUpdateFocusAppearance(SelectionRestorationMode::SelectAll);
 
     return true;
 }

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to