Changeset 187593 in webkit

Timestamp:

Jul 30, 2015 11:32:45 AM (9 years ago)

Author:

Simon Fraser

Message:

Selecting in an iframe can cause main page scrolling
​https://bugs.webkit.org/show_bug.cgi?id=147431
rdar://problem/19244589

Reviewed by Zalan Bujtas.

Source/WebCore:

The RenderLayer auatoscroll code walks up the RenderLayer hierarchy, crossing
frame boundaries. However, as it crosses into an ancestor frame it failed to
map the target rect into the coordinate space of the new frame, which caused
us to scroll to an incorrect location in that parent frame.

Test: fast/events/autoscroll-in-iframe.html

• rendering/RenderLayer.cpp:

(WebCore::parentLayerCrossFrame): Make the layer a reference, and pass in
an optional rect. When crossing frame boundaries, map the rect from the
contents of the child frame to the contents of the parent frame.
(WebCore::RenderLayer::enclosingScrollableLayer): Pass optional rect.
(WebCore::RenderLayer::scrollRectToVisible):
(WebCore::RenderLayer::hasScrollableOrRubberbandableAncestor):

• rendering/RenderLayer.h:

LayoutTests:

Test that uses eventSender to select in an iframe after scrolling the
main page.

• fast/events/autoscroll-in-iframe-expected.txt: Added.
• fast/events/autoscroll-in-iframe.html: Added.

Location:

trunk

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/fast/events/autoscroll-in-iframe-expected.txt (added)
• LayoutTests/fast/events/autoscroll-in-iframe.html (added)
• Source/WebCore/ChangeLog (modified) (1 diff)
• Source/WebCore/rendering/RenderLayer.cpp (modified) (4 diffs)
• Source/WebCore/rendering/RenderLayer.h (modified) (1 diff)

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2015-07-30  Simon Fraser  <simon.fraser@apple.com>
+
+        Selecting in an iframe can cause main page scrolling
+        https://bugs.webkit.org/show_bug.cgi?id=147431
+        rdar://problem/19244589
+
+        Reviewed by Zalan Bujtas.
+        
+        Test that uses eventSender to select in an iframe after scrolling the
+        main page.
+
+        * fast/events/autoscroll-in-iframe-expected.txt: Added.
+        * fast/events/autoscroll-in-iframe.html: Added.
+
 2015-07-29  Matt Rajca  <mrajca@apple.com>
 

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2015-07-30  Simon Fraser  <simon.fraser@apple.com>
+
+        Selecting in an iframe can cause main page scrolling
+        https://bugs.webkit.org/show_bug.cgi?id=147431
+        rdar://problem/19244589
+
+        Reviewed by Zalan Bujtas.
+        
+        The RenderLayer auatoscroll code walks up the RenderLayer hierarchy, crossing
+        frame boundaries. However, as it crosses into an ancestor frame it failed to
+        map the target rect into the coordinate space of the new frame, which caused
+        us to scroll to an incorrect location in that parent frame.
+
+        Test: fast/events/autoscroll-in-iframe.html
+
+        * rendering/RenderLayer.cpp:
+        (WebCore::parentLayerCrossFrame): Make the layer a reference, and pass in
+        an optional rect. When crossing frame boundaries, map the rect from the
+        contents of the child frame to the contents of the parent frame.
+        (WebCore::RenderLayer::enclosingScrollableLayer): Pass optional rect.
+        (WebCore::RenderLayer::scrollRectToVisible):
+        (WebCore::RenderLayer::hasScrollableOrRubberbandableAncestor):
+        * rendering/RenderLayer.h:
+
 2015-07-30  Simon Fraser  <simon.fraser@apple.com>
 

trunk/Source/WebCore/rendering/RenderLayer.cpp

@@ -1450 +1450 @@
 }
 
-static RenderLayer* parentLayerCrossFrame(const RenderLayer* layer)
-{
-    ASSERT(layer);
-    if (layer->parent())
-        return layer->parent();
-
-    HTMLFrameOwnerElement* ownerElement = layer->renderer().document().ownerElement();
+static RenderLayer* parentLayerCrossFrame(const RenderLayer& layer, LayoutRect* rect = nullptr)
+{
+    if (layer.parent())
+        return layer.parent();
+
+    HTMLFrameOwnerElement* ownerElement = layer.renderer().document().ownerElement();
     if (!ownerElement)
         return nullptr;
@@ -1464 +1463 @@
         return nullptr;
 
+    // Convert the rect into the coordinate space of the parent frame's document.
+    if (rect) {
+        IntRect viewRect = layer.renderer().frame().view()->convertToContainingView(enclosingIntRect(*rect));
+        *rect = ownerRenderer->frame().view()->viewToContents(viewRect);
+    }
+
     return ownerRenderer->enclosingLayer();
 }
 
-RenderLayer* RenderLayer::enclosingScrollableLayer() const
-{
-    for (RenderLayer* nextLayer = parentLayerCrossFrame(this); nextLayer; nextLayer = parentLayerCrossFrame(nextLayer)) {
+RenderLayer* RenderLayer::enclosingScrollableLayer(LayoutRect* rect) const
+{
+    for (RenderLayer* nextLayer = parentLayerCrossFrame(*this, rect); nextLayer; nextLayer = parentLayerCrossFrame(*nextLayer, rect)) {
         if (is<RenderBox>(nextLayer->renderer()) && downcast<RenderBox>(nextLayer->renderer()).canBeScrolledAndHasScrollableArea())
             return nextLayer;
@@ -2532 +2537 @@
     
     if (renderer().frame().eventHandler().autoscrollInProgress())
-        parentLayer = enclosingScrollableLayer();
+        parentLayer = enclosingScrollableLayer(&newRect);
 
     if (parentLayer)
@@ -3183 +3188 @@
 bool RenderLayer::hasScrollableOrRubberbandableAncestor()
 {
-    for (RenderLayer* nextLayer = parentLayerCrossFrame(this); nextLayer; nextLayer = parentLayerCrossFrame(nextLayer)) {
+    for (RenderLayer* nextLayer = parentLayerCrossFrame(*this); nextLayer; nextLayer = parentLayerCrossFrame(*nextLayer)) {
         if (nextLayer->isScrollableOrRubberbandable())
             return true;

trunk/Source/WebCore/rendering/RenderLayer.h

@@ -405 +405 @@
 
     // Returns the nearest enclosing layer that is scrollable.
-    RenderLayer* enclosingScrollableLayer() const;
+    RenderLayer* enclosingScrollableLayer(LayoutRect* = nullptr) const;
 
     // The layer relative to which clipping rects for this layer are computed.