Changeset 202470 in webkit

Timestamp:

Jun 25, 2016 9:34:23 PM (8 years ago)

Author:

benjamin@webkit.org

Message:

The active state of elements can break when focus changes
​https://bugs.webkit.org/show_bug.cgi?id=159112

Patch by Benjamin Poulain <​bpoulain@apple.com> on 2016-06-25
Reviewed by Antti Koivisto.

Source/WebCore:

The pseudo class :active was behaving weirdly when used
with label elements with an associated form element.
The form element would get the :active state on the first click
then no longer get the state until the focus changes.

What was happenning is setFocusedElement() was clearing active
for some unknown reason. When you really do that on an active element,
you end up in an inconsistent state where no invalidation works.

The two tests illustrates 2 ways this breaks.

The test "pseudo-active-on-labeled-element-not-canceled-by-focus" clicks
several time on a lable element. The first time, the input element gets
the focus. The second time, it already has the focus, setFocusedElement()
clears :active before finding the focusable element and end up clearing
the active state on a target in the active chain.

The test "pseudo-active-with-programmatic-focus.html" shows how to invalidate
arbitrary elements using JavaScript. This can cause severely broken active
chains where invalidation never cleans some ancestors.

Tests: fast/css/pseudo-active-on-labeled-element-not-canceled-by-focus.html

fast/css/pseudo-active-with-programmatic-focus.html

• dom/Document.cpp:

(WebCore::Document::setFocusedElement): Deleted.

• page/EventHandler.cpp:

(WebCore::EventHandler::handleMouseDoubleClickEvent):
This is WebKit1 specific. The double click event was dispatching
the mouseUp and Click with after doing an Active hit test.
This causes us to have :active state in and after mouseUp in WebKit1.

LayoutTests:

• fast/css/pseudo-active-on-labeled-element-not-canceled-by-focus-expected.txt: Added.
• fast/css/pseudo-active-on-labeled-element-not-canceled-by-focus.html: Added.
• fast/css/pseudo-active-with-programmatic-focus-expected.txt: Added.
• fast/css/pseudo-active-with-programmatic-focus.html: Added.

Location:

trunk

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/fast/css/pseudo-active-on-labeled-element-not-canceled-by-focus-expected.txt (added)
• LayoutTests/fast/css/pseudo-active-on-labeled-element-not-canceled-by-focus.html (added)
• LayoutTests/fast/css/pseudo-active-with-programmatic-focus-expected.txt (added)
• LayoutTests/fast/css/pseudo-active-with-programmatic-focus.html (added)
• LayoutTests/platform/ios-simulator/TestExpectations (modified) (1 diff)
• Source/WebCore/ChangeLog (modified) (1 diff)
• Source/WebCore/dom/Document.cpp (modified) (1 diff)
• Source/WebCore/page/EventHandler.cpp (modified) (1 diff)

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2016-06-25  Benjamin Poulain  <bpoulain@apple.com>
+
+        The active state of elements can break when focus changes
+        https://bugs.webkit.org/show_bug.cgi?id=159112
+
+        Reviewed by Antti Koivisto.
+
+        * fast/css/pseudo-active-on-labeled-element-not-canceled-by-focus-expected.txt: Added.
+        * fast/css/pseudo-active-on-labeled-element-not-canceled-by-focus.html: Added.
+        * fast/css/pseudo-active-with-programmatic-focus-expected.txt: Added.
+        * fast/css/pseudo-active-with-programmatic-focus.html: Added.
+
 2016-06-24  Jer Noble  <jer.noble@apple.com>
 

trunk/LayoutTests/platform/ios-simulator/TestExpectations

@@ -1436 +1436 @@
 fast/css/object-fit/object-fit-input-image.html [ ImageOnlyFailure ]
 fast/css/outline-auto-empty-rects.html [ Failure ]
+fast/css/pseudo-active-on-labeled-element-not-canceled-by-focus.html [ Failure ]
+fast/css/pseudo-active-with-programmatic-focus.html [ Failure ]
 fast/css/pseudo-first-line-border-width.html [ Failure ]
 fast/css/read-only-read-write-input-basics.html [ ImageOnlyFailure ]

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2016-06-25  Benjamin Poulain  <bpoulain@apple.com>
+
+        The active state of elements can break when focus changes
+        https://bugs.webkit.org/show_bug.cgi?id=159112
+
+        Reviewed by Antti Koivisto.
+
+        The pseudo class :active was behaving weirdly when used
+        with label elements with an associated form element.
+        The form element would get the :active state on the first click
+        then no longer get the state until the focus changes.
+
+        What was happenning is setFocusedElement() was clearing active
+        for some unknown reason. When you really do that on an active element,
+        you end up in an inconsistent state where no invalidation works.
+
+        The two tests illustrates 2 ways this breaks.
+
+        The test "pseudo-active-on-labeled-element-not-canceled-by-focus" clicks
+        several time on a lable element. The first time, the input element gets
+        the focus. The second time, it already has the focus, setFocusedElement()
+        clears :active before finding the focusable element and end up clearing
+        the active state on a target in the active chain.
+
+        The test "pseudo-active-with-programmatic-focus.html" shows how to invalidate
+        arbitrary elements using JavaScript. This can cause severely broken active
+        chains where invalidation never cleans some ancestors.
+
+        Tests: fast/css/pseudo-active-on-labeled-element-not-canceled-by-focus.html
+               fast/css/pseudo-active-with-programmatic-focus.html
+
+        * dom/Document.cpp:
+        (WebCore::Document::setFocusedElement): Deleted.
+
+        * page/EventHandler.cpp:
+        (WebCore::EventHandler::handleMouseDoubleClickEvent):
+        This is WebKit1 specific. The double click event was dispatching
+        the mouseUp and Click with after doing an Active hit test.
+        This causes us to have :active state in and after mouseUp in WebKit1.
+
 2016-06-24  Jer Noble  <jer.noble@apple.com>
 

trunk/Source/WebCore/dom/Document.cpp

@@ -3778 +3778 @@
     // Remove focus from the existing focus node (if any)
     if (oldFocusedElement) {
-        if (oldFocusedElement->active())
-            oldFocusedElement->setActive(false);
-
         oldFocusedElement->setFocus(false);
         setFocusNavigationStartingNode(nullptr);

trunk/Source/WebCore/page/EventHandler.cpp

@@ -1753 +1753 @@
     setLastKnownMousePosition(platformMouseEvent);
 
-    HitTestRequest request(HitTestRequest::Active | HitTestRequest::DisallowUserAgentShadowContent);
+    HitTestRequest request(HitTestRequest::Release | HitTestRequest::DisallowUserAgentShadowContent);
     MouseEventWithHitTestResults mouseEvent = prepareMouseEvent(request, platformMouseEvent);
     Frame* subframe = subframeForHitTestResult(mouseEvent);