Context Navigation

← Previous Changeset
Next Changeset →

Changeset 259950 in webkit

Timestamp:

Apr 12, 2020 6:03:13 AM (4 years ago)

Author:

Carlos Garcia Campos

Message:

Merge r258532 - A change event gets dispatched when textarea gets changed without focus
https://bugs.webkit.org/show_bug.cgi?id=202144

Patch by ChangSeok Oh <ChangSeok Oh> on 2020-03-16
Reviewed by Ryosuke Niwa.

Source/WebCore:

A crash happens in WebCore::ValidationMessage::buildBubbleTree. An immediate reason
is that DOM tree is modified in buildBubbleTree triggered by a timer.
The function calls document.updateLayout() that causes a change event
for textarea to fire when something changed in the textarea.
This bug is not reproduced on Mac because buildBubbleTree is not called.
See ValidationMessage::setMessage.
On the other hand, the root cause of this issue is triggering the change event
for textarea even if it is not focused when a change is made. This behavior
is different to what Gecko and Chromium do. When loading the test, they do not
trigger the change event although the textarea is filled by the script
since the textarea is not focused. Only when we manually make a change (meaning
the textarea is focused by user input), the event gets dispatched. To fix it,
setChangedSinceLastFormControlChangeEvent(true) is moved below the focus check
in HTMLTextAreaElement::subtreeHasChanged();

Test: fast/forms/textfield-onchange-without-focus.html

html/HTMLTextAreaElement.cpp:

(WebCore::HTMLTextAreaElement::subtreeHasChanged):

LayoutTests:

The test should be identical to the extected result without crash.

fast/forms/textfield-onchange-without-focus-expected.html: Added.
fast/forms/textfield-onchange-without-focus.html: Added.

Location:

releases/WebKitGTK/webkit-2.28

Files:

: 2 added
: 3 edited

LayoutTests/ChangeLog (modified) (1 diff)
LayoutTests/fast/forms/textfield-onchange-without-focus-expected.html (added)
LayoutTests/fast/forms/textfield-onchange-without-focus.html (added)
Source/WebCore/ChangeLog (modified) (1 diff)
Source/WebCore/html/HTMLTextAreaElement.cpp (modified) (2 diffs)

Legend:

: Unmodified
: Added
: Removed

releases/WebKitGTK/webkit-2.28/LayoutTests/ChangeLog

-                      r257994
+                      r259950
+-03-16  ChangSeok Oh  <changseok@webkit.org>
+        A change event gets dispatched when textarea gets changed without focus
+        https://bugs.webkit.org/show_bug.cgi?id=202144
+        Reviewed by Ryosuke Niwa.
+        The test should be identical to the extected result without crash.
+        * fast/forms/textfield-onchange-without-focus-expected.html: Added.
+        * fast/forms/textfield-onchange-without-focus.html: Added.
 -03-06  Enrique Ocaña González  <eocanha@igalia.com>

releases/WebKitGTK/webkit-2.28/Source/WebCore/ChangeLog

-                      r259947
+                      r259950
+-03-16  ChangSeok Oh  <changseok@webkit.org>
+        A change event gets dispatched when textarea gets changed without focus
+        https://bugs.webkit.org/show_bug.cgi?id=202144
+        Reviewed by Ryosuke Niwa.
+        A crash happens in WebCore::ValidationMessage::buildBubbleTree. An immediate reason
+        is that DOM tree is modified in buildBubbleTree triggered by a timer.
+        The function calls document.updateLayout() that causes a change event
+        for textarea to fire when something changed in the textarea.
+        This bug is not reproduced on Mac because buildBubbleTree is not called.
+        See ValidationMessage::setMessage.
+        On the other hand, the root cause of this issue is triggering the change event
+        for textarea even if it is not focused when a change is made. This behavior
+        is different to what Gecko and Chromium do. When loading the test, they do not
+        trigger the change event although the textarea is filled by the script
+        since the textarea is not focused. Only when we manually make a change (meaning
+        the textarea is focused by user input), the event gets dispatched. To fix it,
+        setChangedSinceLastFormControlChangeEvent(true) is moved below the focus check
+        in HTMLTextAreaElement::subtreeHasChanged();
+        Test: fast/forms/textfield-onchange-without-focus.html
+        * html/HTMLTextAreaElement.cpp:
+        (WebCore::HTMLTextAreaElement::subtreeHasChanged):
 -03-17  Philippe Normand  <pnormand@igalia.com>

releases/WebKitGTK/webkit-2.28/Source/WebCore/html/HTMLTextAreaElement.cpp

-                      r248914
+                      r259950
 void HTMLTextAreaElement::subtreeHasChanged()
+{
-    setChangedSinceLastFormControlChangeEvent(true);
     setFormControlValueMatchesRenderer(false);
     updateValidity();
 …
     if (!focused())
         return;
+    setChangedSinceLastFormControlChangeEvent(true);
     if (RefPtr<Frame> frame = document().frame())

Note: See TracChangeset for help on using the changeset viewer.