Title: [281896] branches/safari-612-branch
- Revision
- 281896
- Author
- [email protected]
- Date
- 2021-09-01 18:04:59 -0700 (Wed, 01 Sep 2021)
Log Message
Cherry-pick r281700. rdar://problem/82650954
REGRESSION (r276882): Shadow trees may use stale style information after inline stylesheet is mutated via CSSOM
https://bugs.webkit.org/show_bug.cgi?id=228917
rdar://81483998
Reviewed by Alan Bujtas.
Source/WebCore:
If a stylesheet in a shadow tree is mutated via CSSOM we fail to remove cached style resolver for the mutated sheet
and may end up with stale style.
Test: fast/shadow-dom/shadow-stylesheet-mutation.html
* style/StyleScope.cpp:
(WebCore::Style::Scope::unshareShadowTreeResolverBeforeMutation):
Remove an assert relevant to the previous call site only.
(WebCore::Style::Scope::scheduleUpdate):
Unshare shadow tree resolver immeditaly when stylesheet contents or interpretation changes.
LayoutTests:
Original reduction by Thomas Ladd.
* fast/shadow-dom/shadow-stylesheet-mutation-expected.html: Added.
* fast/shadow-dom/shadow-stylesheet-mutation.html: Added.
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@281700 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Modified Paths
Added Paths
Diff
Modified: branches/safari-612-branch/LayoutTests/ChangeLog (281895 => 281896)
--- branches/safari-612-branch/LayoutTests/ChangeLog 2021-09-02 01:04:56 UTC (rev 281895)
+++ branches/safari-612-branch/LayoutTests/ChangeLog 2021-09-02 01:04:59 UTC (rev 281896)
@@ -1,5 +1,54 @@
2021-09-01 Russell Epstein <[email protected]>
+ Cherry-pick r281700. rdar://problem/82650954
+
+ REGRESSION (r276882): Shadow trees may use stale style information after inline stylesheet is mutated via CSSOM
+ https://bugs.webkit.org/show_bug.cgi?id=228917
+ rdar://81483998
+
+ Reviewed by Alan Bujtas.
+
+ Source/WebCore:
+
+ If a stylesheet in a shadow tree is mutated via CSSOM we fail to remove cached style resolver for the mutated sheet
+ and may end up with stale style.
+
+ Test: fast/shadow-dom/shadow-stylesheet-mutation.html
+
+ * style/StyleScope.cpp:
+ (WebCore::Style::Scope::unshareShadowTreeResolverBeforeMutation):
+
+ Remove an assert relevant to the previous call site only.
+
+ (WebCore::Style::Scope::scheduleUpdate):
+
+ Unshare shadow tree resolver immeditaly when stylesheet contents or interpretation changes.
+
+ LayoutTests:
+
+ Original reduction by Thomas Ladd.
+
+ * fast/shadow-dom/shadow-stylesheet-mutation-expected.html: Added.
+ * fast/shadow-dom/shadow-stylesheet-mutation.html: Added.
+
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@281700 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2021-08-27 Antti Koivisto <[email protected]>
+
+ REGRESSION (r276882): Shadow trees may use stale style information after inline stylesheet is mutated via CSSOM
+ https://bugs.webkit.org/show_bug.cgi?id=228917
+ rdar://81483998
+
+ Reviewed by Alan Bujtas.
+
+ Original reduction by Thomas Ladd.
+
+ * fast/shadow-dom/shadow-stylesheet-mutation-expected.html: Added.
+ * fast/shadow-dom/shadow-stylesheet-mutation.html: Added.
+
+2021-09-01 Russell Epstein <[email protected]>
+
Cherry-pick r281367. rdar://problem/82651467
Prevent AudioSession category from moving out of PlayAndRecord too quickly
Added: branches/safari-612-branch/LayoutTests/fast/shadow-dom/shadow-stylesheet-mutation-expected.html (0 => 281896)
--- branches/safari-612-branch/LayoutTests/fast/shadow-dom/shadow-stylesheet-mutation-expected.html (rev 0)
+++ branches/safari-612-branch/LayoutTests/fast/shadow-dom/shadow-stylesheet-mutation-expected.html 2021-09-02 01:04:59 UTC (rev 281896)
@@ -0,0 +1 @@
+<div style="color:green">This should be green</div>
Added: branches/safari-612-branch/LayoutTests/fast/shadow-dom/shadow-stylesheet-mutation.html (0 => 281896)
--- branches/safari-612-branch/LayoutTests/fast/shadow-dom/shadow-stylesheet-mutation.html (rev 0)
+++ branches/safari-612-branch/LayoutTests/fast/shadow-dom/shadow-stylesheet-mutation.html 2021-09-02 01:04:59 UTC (rev 281896)
@@ -0,0 +1,9 @@
+<div id=host></div>
+<script>
+const shadow = host.attachShadow({ mode: "open" });
+shadow.innerHTML = `<style></style><div>This should be green</div>`;
+const style = shadow.querySelector("style");
+style.sheet.addRule("div", "color: red");
+host.offsetWidth;
+style.sheet.addRule("div", "color: green");
+</script>
Modified: branches/safari-612-branch/Source/WebCore/ChangeLog (281895 => 281896)
--- branches/safari-612-branch/Source/WebCore/ChangeLog 2021-09-02 01:04:56 UTC (rev 281895)
+++ branches/safari-612-branch/Source/WebCore/ChangeLog 2021-09-02 01:04:59 UTC (rev 281896)
@@ -1,5 +1,63 @@
2021-09-01 Russell Epstein <[email protected]>
+ Cherry-pick r281700. rdar://problem/82650954
+
+ REGRESSION (r276882): Shadow trees may use stale style information after inline stylesheet is mutated via CSSOM
+ https://bugs.webkit.org/show_bug.cgi?id=228917
+ rdar://81483998
+
+ Reviewed by Alan Bujtas.
+
+ Source/WebCore:
+
+ If a stylesheet in a shadow tree is mutated via CSSOM we fail to remove cached style resolver for the mutated sheet
+ and may end up with stale style.
+
+ Test: fast/shadow-dom/shadow-stylesheet-mutation.html
+
+ * style/StyleScope.cpp:
+ (WebCore::Style::Scope::unshareShadowTreeResolverBeforeMutation):
+
+ Remove an assert relevant to the previous call site only.
+
+ (WebCore::Style::Scope::scheduleUpdate):
+
+ Unshare shadow tree resolver immeditaly when stylesheet contents or interpretation changes.
+
+ LayoutTests:
+
+ Original reduction by Thomas Ladd.
+
+ * fast/shadow-dom/shadow-stylesheet-mutation-expected.html: Added.
+ * fast/shadow-dom/shadow-stylesheet-mutation.html: Added.
+
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@281700 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2021-08-27 Antti Koivisto <[email protected]>
+
+ REGRESSION (r276882): Shadow trees may use stale style information after inline stylesheet is mutated via CSSOM
+ https://bugs.webkit.org/show_bug.cgi?id=228917
+ rdar://81483998
+
+ Reviewed by Alan Bujtas.
+
+ If a stylesheet in a shadow tree is mutated via CSSOM we fail to remove cached style resolver for the mutated sheet
+ and may end up with stale style.
+
+ Test: fast/shadow-dom/shadow-stylesheet-mutation.html
+
+ * style/StyleScope.cpp:
+ (WebCore::Style::Scope::unshareShadowTreeResolverBeforeMutation):
+
+ Remove an assert relevant to the previous call site only.
+
+ (WebCore::Style::Scope::scheduleUpdate):
+
+ Unshare shadow tree resolver immeditaly when stylesheet contents or interpretation changes.
+
+2021-09-01 Russell Epstein <[email protected]>
+
Cherry-pick r281662. rdar://problem/82651998
REGRESSION(r275754): Using MarkOnlyThis to make the preferred width dirty introduces unexpected state
Modified: branches/safari-612-branch/Source/WebCore/style/StyleScope.cpp (281895 => 281896)
--- branches/safari-612-branch/Source/WebCore/style/StyleScope.cpp 2021-09-02 01:04:56 UTC (rev 281895)
+++ branches/safari-612-branch/Source/WebCore/style/StyleScope.cpp 2021-09-02 01:04:59 UTC (rev 281896)
@@ -133,7 +133,6 @@
void Scope::unshareShadowTreeResolverBeforeMutation()
{
ASSERT(m_shadowRoot);
- ASSERT(!m_resolver->isSharedBetweenShadowTrees());
documentScope().m_sharedShadowTreeResolvers.remove(makeResolverSharingKey());
}
@@ -631,8 +630,10 @@
{
if (update == UpdateType::ContentsOrInterpretation) {
// :host and ::slotted rules might go away.
- if (m_shadowRoot)
+ if (m_shadowRoot) {
Invalidator::invalidateHostAndSlottedStyleIfNeeded(*m_shadowRoot);
+ unshareShadowTreeResolverBeforeMutation();
+ }
// FIXME: Animation code may trigger resource load in middle of style recalc and that can add a rule to a content extension stylesheet.
// Fix and remove isResolvingTreeStyle() test below, see https://bugs.webkit.org/show_bug.cgi?id=194335
// FIXME: The m_isUpdatingStyleResolver test is here because extension stylesheets can get us here from Resolver::appendAuthorStyleSheets.
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
