Assert that Node::insertedInto doesn't fire an event
authorrniwa@webkit.org <rniwa@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 17 Oct 2017 05:52:38 +0000 (05:52 +0000)
committerrniwa@webkit.org <rniwa@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 17 Oct 2017 05:52:38 +0000 (05:52 +0000)
https://bugs.webkit.org/show_bug.cgi?id=178376
<rdar://problem/35022857>

Reviewed by Daniel Bates.

Fixed the assertion in notifyChildNodeInserted since this function MUST NOT dispatch an event,
and moved a bunch of event-dispatching code from Node::insertedInto into Node::finishedInsertingSubtree.

No new tests since the existing tests cover the behavioral change.

* dom/ContainerNodeAlgorithms.cpp:
(WebCore::notifyChildNodeInserted): Fixed the assertion.
* dom/ProcessingInstruction.cpp:
(WebCore::ProcessingInstruction::insertedInto):
(WebCore::ProcessingInstruction::finishedInsertingSubtree): Extracted from insertedInto since
checkStyleSheet can dispatch an event.
* dom/ProcessingInstruction.h:
* html/HTMLBodyElement.cpp:
(WebCore::HTMLBodyElement::insertedInto):
(WebCore::HTMLBodyElement::finishedInsertingSubtree): Extracted from insertedInto since
setIntegralAttribute could dispatch DOMAttrModified synchronously.
* html/HTMLBodyElement.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@223458 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebCore/ChangeLog
Source/WebCore/dom/ContainerNodeAlgorithms.cpp
Source/WebCore/dom/ProcessingInstruction.cpp
Source/WebCore/dom/ProcessingInstruction.h
Source/WebCore/html/HTMLBodyElement.cpp
Source/WebCore/html/HTMLBodyElement.h

index e147274..2237bff 100644 (file)
@@ -1,3 +1,29 @@
+2017-10-16  Ryosuke Niwa  <rniwa@webkit.org>
+
+        Assert that Node::insertedInto doesn't fire an event
+        https://bugs.webkit.org/show_bug.cgi?id=178376
+        <rdar://problem/35022857>
+
+        Reviewed by Daniel Bates.
+
+        Fixed the assertion in notifyChildNodeInserted since this function MUST NOT dispatch an event,
+        and moved a bunch of event-dispatching code from Node::insertedInto into Node::finishedInsertingSubtree.
+
+        No new tests since the existing tests cover the behavioral change.
+
+        * dom/ContainerNodeAlgorithms.cpp:
+        (WebCore::notifyChildNodeInserted): Fixed the assertion.
+        * dom/ProcessingInstruction.cpp:
+        (WebCore::ProcessingInstruction::insertedInto):
+        (WebCore::ProcessingInstruction::finishedInsertingSubtree): Extracted from insertedInto since
+        checkStyleSheet can dispatch an event.
+        * dom/ProcessingInstruction.h:
+        * html/HTMLBodyElement.cpp:
+        (WebCore::HTMLBodyElement::insertedInto):
+        (WebCore::HTMLBodyElement::finishedInsertingSubtree): Extracted from insertedInto since
+        setIntegralAttribute could dispatch DOMAttrModified synchronously.
+        * html/HTMLBodyElement.h:
+
 2017-10-16  Chris Dumez  <cdumez@apple.com>
 
         ServiceWorkerRegistration should subclass RefCounted<>
index ffb201a..4e3ea3b 100644 (file)
@@ -85,7 +85,7 @@ static void notifyNodeInsertedIntoTree(ContainerNode& insertionPoint, Node& node
 
 void notifyChildNodeInserted(ContainerNode& insertionPoint, Node& node, NodeVector& postInsertionNotificationTargets)
 {
-    RELEASE_ASSERT(NoEventDispatchAssertion::isEventDispatchAllowedInSubtree(insertionPoint));
+    NoEventDispatchAssertion assertNoEventDispatch;
 
     InspectorInstrumentation::didInsertDOMNode(node.document(), node);
 
index 0cab4e8..9ff35a4 100644 (file)
@@ -280,8 +280,12 @@ Node::InsertionNotificationRequest ProcessingInstruction::insertedInto(Container
     if (!insertionPoint.isConnected())
         return InsertionDone;
     document().styleScope().addStyleSheetCandidateNode(*this, m_createdByParser);
+    return InsertionShouldCallFinishedInsertingSubtree;
+}
+
+void ProcessingInstruction::finishedInsertingSubtree()
+{
     checkStyleSheet();
-    return InsertionDone;
 }
 
 void ProcessingInstruction::removedFrom(ContainerNode& insertionPoint)
index d154433..a50a2e5 100644 (file)
@@ -59,6 +59,7 @@ private:
     Ref<Node> cloneNodeInternal(Document&, CloningOperation) override;
 
     InsertionNotificationRequest insertedInto(ContainerNode&) override;
+    void finishedInsertingSubtree() override;
     void removedFrom(ContainerNode&) override;
 
     void checkStyleSheet();
index b1ee9c4..0133c88 100644 (file)
@@ -199,7 +199,14 @@ Node::InsertionNotificationRequest HTMLBodyElement::insertedInto(ContainerNode&
     auto* ownerElement = document().ownerElement();
     if (!is<HTMLFrameElementBase>(ownerElement))
         return InsertionDone;
-    
+
+    return InsertionShouldCallFinishedInsertingSubtree;
+}
+
+void HTMLBodyElement::finishedInsertingSubtree()
+{
+    auto* ownerElement = document().ownerElement();
+    RELEASE_ASSERT(is<HTMLFrameElementBase>(ownerElement));
     auto& ownerFrameElement = downcast<HTMLFrameElementBase>(*ownerElement);
 
     // Read values from the owner before setting any attributes, since setting an attribute can run arbitrary
@@ -211,8 +218,6 @@ Node::InsertionNotificationRequest HTMLBodyElement::insertedInto(ContainerNode&
         setIntegralAttribute(marginwidthAttr, marginWidth);
     if (marginHeight != -1)
         setIntegralAttribute(marginheightAttr, marginHeight);
-
-    return InsertionDone;
 }
 
 bool HTMLBodyElement::isURLAttribute(const Attribute& attribute) const
index a736393..698b47d 100644 (file)
@@ -45,6 +45,7 @@ private:
     void collectStyleForPresentationAttribute(const QualifiedName&, const AtomicString&, MutableStyleProperties&) final;
 
     InsertionNotificationRequest insertedInto(ContainerNode&) final;
+    void finishedInsertingSubtree() final;
 
     bool isURLAttribute(const Attribute&) const final;