[ContentChangeObserver] Skip anonymous renderers when checking for "willRespondToMous...
authorzalan@apple.com <zalan@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 26 Mar 2019 17:27:05 +0000 (17:27 +0000)
committerzalan@apple.com <zalan@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 26 Mar 2019 17:27:05 +0000 (17:27 +0000)
https://bugs.webkit.org/show_bug.cgi?id=196259
<rdar://problem/49240029>

Reviewed by Dean Jackson.

Source/WebCore:

Anonymous renderers don't have associated DOM nodes so they can't have event listeners either. Let's skip them.

Test: fast/events/touch/ios/content-observation/crash-on-anonymous-renderer.html

* page/ios/ContentChangeObserver.cpp:
(WebCore::ContentChangeObserver::StyleChangeScope::isConsideredClickable const):

LayoutTests:

* fast/events/touch/ios/content-observation/crash-on-anonymous-renderer-expected.txt: Added.
* fast/events/touch/ios/content-observation/crash-on-anonymous-renderer.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@243503 268f45cc-cd09-0410-ab3c-d52691b4dbfc

LayoutTests/ChangeLog
LayoutTests/fast/events/touch/ios/content-observation/crash-on-anonymous-renderer-expected.txt [new file with mode: 0644]
LayoutTests/fast/events/touch/ios/content-observation/crash-on-anonymous-renderer.html [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/page/ios/ContentChangeObserver.cpp

index c8af4ef..7166973 100644 (file)
@@ -1,3 +1,14 @@
+2019-03-26  Zalan Bujtas  <zalan@apple.com>
+
+        [ContentChangeObserver] Skip anonymous renderers when checking for "willRespondToMouseClickEvents"
+        https://bugs.webkit.org/show_bug.cgi?id=196259
+        <rdar://problem/49240029>
+
+        Reviewed by Dean Jackson.
+
+        * fast/events/touch/ios/content-observation/crash-on-anonymous-renderer-expected.txt: Added.
+        * fast/events/touch/ios/content-observation/crash-on-anonymous-renderer.html: Added.
+
 2019-03-26  Shawn Roberts  <sroberts@apple.com>
 
         Layout tests fast/events/wheel-event-destroys-overflow.html 
diff --git a/LayoutTests/fast/events/touch/ios/content-observation/crash-on-anonymous-renderer-expected.txt b/LayoutTests/fast/events/touch/ios/content-observation/crash-on-anonymous-renderer-expected.txt
new file mode 100644 (file)
index 0000000..964b72b
--- /dev/null
@@ -0,0 +1,3 @@
+PASS if no crash.
+inline text with
+text inside block
diff --git a/LayoutTests/fast/events/touch/ios/content-observation/crash-on-anonymous-renderer.html b/LayoutTests/fast/events/touch/ios/content-observation/crash-on-anonymous-renderer.html
new file mode 100644 (file)
index 0000000..40c09a1
--- /dev/null
@@ -0,0 +1,54 @@
+<html>
+<head>
+<title>This tests the case when visible content has anonymous renderers.</title>
+<script src="../../../../../resources/basic-gestures.js"></script>
+<style>
+#tapthis {
+    width: 400px;
+    height: 400px;
+    border: 1px solid green;
+}
+
+#becomesVisible {
+    position: absolute;
+    left: -1000px;
+    width: 100px;
+    height: 100px;
+    background-color: green;
+}
+</style>
+<script>
+async function test() {
+    if (!window.testRunner || !testRunner.runUIScript)
+        return;
+    if (window.internals)
+        internals.settings.setContentChangeObserverEnabled(true);
+
+    testRunner.waitUntilDone();
+    testRunner.dumpAsText();
+
+    let rect = tapthis.getBoundingClientRect();
+    let x = rect.left + rect.width / 2;
+    let y = rect.top + rect.height / 2;
+
+    await tapAtPoint(x, y);
+}
+</script>
+</head>
+<body onload="test()">
+<div id=tapthis>PASS if no crash.</div>
+<div id=becomesVisible>inline text with <div>text inside block</div></div>
+<script>
+tapthis.addEventListener("mousemove", function( event ) {
+    becomesVisible.style.left = "100px";
+    document.body.offsetHeight;
+    if (window.testRunner)
+        testRunner.notifyDone();
+}, false);
+
+tapthis.addEventListener("click", function( event ) {   
+    result.innerHTML = "clicked";
+}, false);
+</script>
+</body>
+</html>
index 6b429a1..06c28b6 100644 (file)
@@ -1,3 +1,18 @@
+2019-03-26  Zalan Bujtas  <zalan@apple.com>
+
+        [ContentChangeObserver] Skip anonymous renderers when checking for "willRespondToMouseClickEvents"
+        https://bugs.webkit.org/show_bug.cgi?id=196259
+        <rdar://problem/49240029>
+
+        Reviewed by Dean Jackson.
+
+        Anonymous renderers don't have associated DOM nodes so they can't have event listeners either. Let's skip them.
+
+        Test: fast/events/touch/ios/content-observation/crash-on-anonymous-renderer.html
+
+        * page/ios/ContentChangeObserver.cpp:
+        (WebCore::ContentChangeObserver::StyleChangeScope::isConsideredClickable const):
+
 2019-03-26  Antoine Quint  <graouts@apple.com>
 
         Remove mousemoveEventHandlingPreventsDefault internal setting and quirk
index 247f08d..1cddbcd 100644 (file)
@@ -502,6 +502,8 @@ bool ContentChangeObserver::StyleChangeScope::isConsideredClickable() const
     // In case when the visible content already had renderers it's not sufficient to check the "newly visible" element only since it might just be the container for the clickable content.  
     ASSERT(m_element.renderer());
     for (auto& descendant : descendantsOfType<RenderElement>(*element.renderer())) {
+        if (!descendant.element())
+            continue;
         if (descendant.element()->willRespondToMouseClickEvents())
             return true;
     }