Crash on display-contents-replaced-001.html
authorantti@apple.com <antti@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 30 May 2017 08:35:40 +0000 (08:35 +0000)
committerantti@apple.com <antti@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 30 May 2017 08:35:40 +0000 (08:35 +0000)
https://bugs.webkit.org/show_bug.cgi?id=172596

Reviewed by Andreas Kling.

Source/WebCore:

This is crashing because some code can't handle display:contents on form controls. Turns
out the draft specification tell us to disable it for them in any case.

See https://drafts.csswg.org/css-display-3/#unbox

* css/StyleResolver.cpp:
(WebCore::hasEffectiveDisplayNoneForDisplayContents):

    For certain HTML elements (replaced elements, form controls) display:contents should
    behave like display:none.
    Also disable it for SVG and MathML elements.

(WebCore::StyleResolver::adjustRenderStyle):

    Also compute to display:none when there is no associated element (pseudos etc).

LayoutTests:

* TestExpectations: Enable the test.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217549 268f45cc-cd09-0410-ab3c-d52691b4dbfc

LayoutTests/ChangeLog
LayoutTests/TestExpectations
Source/WebCore/ChangeLog
Source/WebCore/css/StyleResolver.cpp

index a42f7bd..69d2566 100644 (file)
@@ -1,3 +1,12 @@
+2017-05-29  Antti Koivisto  <antti@apple.com>
+
+        Crash on display-contents-replaced-001.html
+        https://bugs.webkit.org/show_bug.cgi?id=172596
+
+        Reviewed by Andreas Kling.
+
+        * TestExpectations: Enable the test.
+
 2017-05-30  Zan Dobersek  <zdobersek@igalia.com>
 
         [GCrypt] RSA-OAEP support
index cf47244..516912d 100644 (file)
@@ -1178,8 +1178,6 @@ webkit.org/b/157477 imported/w3c/web-platform-tests/css/css-display-3/display-co
 webkit.org/b/157477 imported/w3c/web-platform-tests/css/css-display-3/display-contents-dynamic-list-001-inline.html [ ImageOnlyFailure ]
 webkit.org/b/157477 imported/w3c/web-platform-tests/css/css-display-3/display-contents-dynamic-list-001-none.html [ ImageOnlyFailure ]
 
-webkit.org/b/172596 imported/w3c/web-platform-tests/css/css-display-3/display-contents-replaced-001.html [ Skip ]
-
 ### END OF display: contents failures
 ########################################
 
index 800752f..780af47 100644 (file)
@@ -1,3 +1,26 @@
+2017-05-29  Antti Koivisto  <antti@apple.com>
+
+        Crash on display-contents-replaced-001.html
+        https://bugs.webkit.org/show_bug.cgi?id=172596
+
+        Reviewed by Andreas Kling.
+
+        This is crashing because some code can't handle display:contents on form controls. Turns
+        out the draft specification tell us to disable it for them in any case.
+
+        See https://drafts.csswg.org/css-display-3/#unbox
+
+        * css/StyleResolver.cpp:
+        (WebCore::hasEffectiveDisplayNoneForDisplayContents):
+
+            For certain HTML elements (replaced elements, form controls) display:contents should
+            behave like display:none.
+            Also disable it for SVG and MathML elements.
+
+        (WebCore::StyleResolver::adjustRenderStyle):
+
+            Also compute to display:none when there is no associated element (pseudos etc).
+
 2017-05-30  Zan Dobersek  <zdobersek@igalia.com>
 
         [GCrypt] RSA-OAEP support
index fc2eedf..e4f0bf5 100644 (file)
@@ -87,6 +87,7 @@
 #include "KeyframeList.h"
 #include "LinkHash.h"
 #include "LocaleToScriptMapping.h"
+#include "MathMLElement.h"
 #include "MathMLNames.h"
 #include "MediaList.h"
 #include "MediaQueryEvaluator.h"
@@ -784,6 +785,47 @@ void StyleResolver::adjustStyleForInterCharacterRuby()
         style->setWritingMode(LeftToRightWritingMode);
 }
 
+static bool hasEffectiveDisplayNoneForDisplayContents(const Element& element)
+{
+    // https://drafts.csswg.org/css-display-3/#unbox-html
+    static NeverDestroyed<HashSet<AtomicString>> tagNames = [] {
+        static const HTMLQualifiedName* const tagList[] = {
+            &brTag,
+            &wbrTag,
+            &meterTag,
+            &appletTag,
+            &progressTag,
+            &canvasTag,
+            &embedTag,
+            &objectTag,
+            &audioTag,
+            &iframeTag,
+            &imgTag,
+            &videoTag,
+            &frameTag,
+            &framesetTag,
+            &inputTag,
+            &textareaTag,
+            &selectTag,
+        };
+        HashSet<AtomicString> set;
+        for (auto& name : tagList)
+            set.add(name->localName());
+        return set;
+    }();
+
+    // https://drafts.csswg.org/css-display-3/#unbox-svg
+    // FIXME: <g>, <use> and <tspan> have special (?) behavior for display:contents in the current draft spec.
+    if (is<SVGElement>(element))
+        return true;
+    // Not sure MathML code can handle it.
+    if (is<MathMLElement>(element))
+        return true;
+    if (!is<HTMLElement>(element))
+        return false;
+    return tagNames.get().contains(element.localName());
+}
+
 void StyleResolver::adjustRenderStyle(RenderStyle& style, const RenderStyle& parentStyle, const RenderStyle* parentBoxStyle, const Element* element)
 {
     // If the composed tree parent has display:contents, the parent box style will be different from the parent style.
@@ -795,10 +837,11 @@ void StyleResolver::adjustRenderStyle(RenderStyle& style, const RenderStyle& par
     style.setOriginalDisplay(style.display());
 
     if (style.display() == CONTENTS) {
-        // FIXME: Enable for all elements.
         bool elementSupportsDisplayContents = is<HTMLSlotElement>(element) || RuntimeEnabledFeatures::sharedFeatures().displayContentsEnabled();
         if (!elementSupportsDisplayContents)
             style.setDisplay(INLINE);
+        else if (!element || hasEffectiveDisplayNoneForDisplayContents(*element))
+            style.setDisplay(NONE);
     }
 
     if (style.display() != NONE && style.display() != CONTENTS) {