RELEASE_ASSERT(!m_document.isResolvingTreeStyle()) in com.apple.WebKit.WebContent...
authorantti@apple.com <antti@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 6 Feb 2019 15:44:28 +0000 (15:44 +0000)
committerantti@apple.com <antti@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 6 Feb 2019 15:44:28 +0000 (15:44 +0000)
https://bugs.webkit.org/show_bug.cgi?id=194333
<rdar://problem/47822929>

Reviewed by Zalan Bujtas.

Source/WebCore:

Content extensions may mutate the extension stylesheet in the middle of a style resolution as a result of
the legacy animation code triggering a resource load.

Test: http/tests/contentextensions/css-display-none-keyframe.html

* style/StyleScope.cpp:
(WebCore::Style::Scope::scheduleUpdate):

Avoid clearing the style resolver if we are in the middle of a style resolution.
A better fix that avoid doing this in the first place is tracked by https://bugs.webkit.org/show_bug.cgi?id=194335.

LayoutTests:

* http/tests/contentextensions/css-display-none-keyframe-expected.txt: Added.
* http/tests/contentextensions/css-display-none-keyframe.html: Added.
* http/tests/contentextensions/css-display-none-keyframe.html.json: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@241018 268f45cc-cd09-0410-ab3c-d52691b4dbfc

LayoutTests/ChangeLog
LayoutTests/http/tests/contentextensions/css-display-none-keyframe-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/contentextensions/css-display-none-keyframe.html [new file with mode: 0644]
LayoutTests/http/tests/contentextensions/css-display-none-keyframe.html.json [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/style/StyleScope.cpp

index f71a17d..6a50547 100644 (file)
@@ -1,3 +1,15 @@
+2019-02-06  Antti Koivisto  <antti@apple.com>
+
+        RELEASE_ASSERT(!m_document.isResolvingTreeStyle()) in com.apple.WebKit.WebContent at WebCore: WebCore::StyleResolver::~StyleResolver
+        https://bugs.webkit.org/show_bug.cgi?id=194333
+        <rdar://problem/47822929>
+
+        Reviewed by Zalan Bujtas.
+
+        * http/tests/contentextensions/css-display-none-keyframe-expected.txt: Added.
+        * http/tests/contentextensions/css-display-none-keyframe.html: Added.
+        * http/tests/contentextensions/css-display-none-keyframe.html.json: Added.
+
 2019-02-05  Ryosuke Niwa  <rniwa@webkit.org>
 
         REGRESSION (r240909): Release assert in FrameLoader::loadURL when navigating with a non-existent target name
diff --git a/LayoutTests/http/tests/contentextensions/css-display-none-keyframe-expected.txt b/LayoutTests/http/tests/contentextensions/css-display-none-keyframe-expected.txt
new file mode 100644 (file)
index 0000000..cf7d8dc
--- /dev/null
@@ -0,0 +1 @@
+Test content extension inserting a display:none rule triggered by a resource in a keyframe.
diff --git a/LayoutTests/http/tests/contentextensions/css-display-none-keyframe.html b/LayoutTests/http/tests/contentextensions/css-display-none-keyframe.html
new file mode 100644 (file)
index 0000000..c1c6fd6
--- /dev/null
@@ -0,0 +1,27 @@
+<!DOCTYPE HTML><!-- webkit-test-runner [ experimental:WebAnimationsCSSIntegrationEnabled=false ] -->
+<script>
+if (window.testRunner) {
+    testRunner.dumpAsText();
+    testRunner.waitUntilDone();
+}
+</script>
+<style>
+@keyframes bgimage {
+    from {
+        background-image: url("non-existent.png");
+    }
+    to {
+        background-image: url("non-existent-2.png");
+    }
+}
+div {
+    animation-duration: 0.1s;
+    animation-name: bgimage;
+}
+</style>
+<div onanimationend="testRunner.notifyDone()">
+Test content extension inserting a display:none rule triggered by a resource in a keyframe.
+</div>
+<div class="hidden">
+FAIL
+</div>
diff --git a/LayoutTests/http/tests/contentextensions/css-display-none-keyframe.html.json b/LayoutTests/http/tests/contentextensions/css-display-none-keyframe.html.json
new file mode 100644 (file)
index 0000000..87e8c4d
--- /dev/null
@@ -0,0 +1,11 @@
+[
+    {
+        "action": {
+            "type": "css-display-none",
+            "selector": ".hidden"
+        },
+        "trigger": {
+            "url-filter": ".*png"
+        }
+    }
+]
index 993cd56..c1eac99 100644 (file)
@@ -1,3 +1,22 @@
+2019-02-06  Antti Koivisto  <antti@apple.com>
+
+        RELEASE_ASSERT(!m_document.isResolvingTreeStyle()) in com.apple.WebKit.WebContent at WebCore: WebCore::StyleResolver::~StyleResolver
+        https://bugs.webkit.org/show_bug.cgi?id=194333
+        <rdar://problem/47822929>
+
+        Reviewed by Zalan Bujtas.
+
+        Content extensions may mutate the extension stylesheet in the middle of a style resolution as a result of
+        the legacy animation code triggering a resource load.
+
+        Test: http/tests/contentextensions/css-display-none-keyframe.html
+
+        * style/StyleScope.cpp:
+        (WebCore::Style::Scope::scheduleUpdate):
+
+        Avoid clearing the style resolver if we are in the middle of a style resolution.
+        A better fix that avoid doing this in the first place is tracked by https://bugs.webkit.org/show_bug.cgi?id=194335.
+
 2019-02-06  Pablo Saavedra  <psaavedra@igalia.com>
 
         Build failure after r240315
index 6b4f10a..f0591f4 100644 (file)
@@ -602,8 +602,10 @@ void Scope::scheduleUpdate(UpdateType update)
         // :host and ::slotted rules might go away.
         if (m_shadowRoot && m_resolver)
             invalidateHostAndSlottedStyleIfNeeded(*m_shadowRoot, *m_resolver);
+        // FIXME: Animation code may trigger resource load in middle of style recalc and that can add a rule to a content extension stylesheet.
+        //        Fix and remove isResolvingTreeStyle() test below, see https://bugs.webkit.org/show_bug.cgi?id=194335
         // FIXME: The m_isUpdatingStyleResolver test is here because extension stylesheets can get us here from StyleResolver::appendAuthorStyleSheets.
-        if (!m_isUpdatingStyleResolver)
+        if (!m_isUpdatingStyleResolver && !m_document.isResolvingTreeStyle())
             clearResolver();
     }