Context Navigation

← Previous Changeset
Next Changeset →

Changeset 234577 in webkit

Timestamp:

Aug 3, 2018 11:35:37 PM (6 years ago)

Author:

rniwa@webkit.org

Message:

innerHTML should not synchronously create a custom element
https://bugs.webkit.org/show_bug.cgi?id=188327
<rdar://problem/42923114>

Reviewed by Daniel Bates.

LayoutTests/imported/w3c:

Rebaselined the test now that all test cases are passing.

web-platform-tests/custom-elements/connected-callbacks-html-fragment-parsing-expected.txt:

Source/WebCore:

Fixed the bug that the fragment parsing algorithm was synchronously constructing a custom element instead of
enqueuing an element to upgrade.

The fragment parsing algorithm creates an element for a token with *will execute script* flag set to false:
https://html.spec.whatwg.org/multipage/parsing.html#create-an-element-for-the-token
which results in creating an element with synchronous custom elements flag *not* set:
https://dom.spec.whatwg.org/#concept-create-element

When synchronous custom elements flag is false, we're supposed to create an element and enqueue a custom element
upgrade reaction. createHTMLElementOrFindCustomElementInterface was missing this last logic.

Also fixed a bug that Element::enqueueToUpgrade would hit a debug assertion when a custom element which has been
enqueued to upgrade is enqueued to upgrade for the second time. In this case, we need to put the element into the
current element queue (https://html.spec.whatwg.org/multipage/custom-elements.html#current-element-queue) again.

While the specification simply enqueues another upgrade reaction and bails out immediately in the first step of
the upgrade, WebKit's implementation simply avoids this redundancy in the first place:
https://html.spec.whatwg.org/multipage/custom-elements.html#concept-upgrade-an-element

Existing tests such as imported/w3c/web-platform-tests/custom-elements/reactions/Document.html exercises this
code path after the fragment parsing algorithm fix.

Tests: imported/w3c/web-platform-tests/custom-elements/connected-callbacks-html-fragment-parsing.html

dom/CustomElementReactionQueue.cpp:

(WebCore::CustomElementReactionQueueItem::type const): Added for an assertion.
(WebCore::CustomElementReactionQueue::enqueueElementUpgrade): Enqueue this element to the current element queue
by calling ensureCurrentQueue and avoid inserting a redundant upgrade reaction.

dom/CustomElementReactionQueue.h:
dom/Element.cpp:

(WebCore::Element::enqueueToUpgrade): Handle the case when a custom element is enqueued to upgrade for the second
time while it had been waiting in some element queue. In this case, the reaction queue for this element has
already been created and we simply need to put this element back into the current element queue (i.e. this element
now belongs to both element queues).

html/parser/HTMLConstructionSite.cpp:

(WebCore::findCustomElementInterface): Extracted out of createHTMLElementOrFindCustomElementInterface.
(WebCore::HTMLConstructionSite::createHTMLElementOrFindCustomElementInterface): Fixed the bug that the HTML parser
was synchronously constructing a custom element even for the fragment parsing algorithm.

Location:

trunk

Files:

: 7 edited

LayoutTests/imported/w3c/ChangeLog (modified) (1 diff)
LayoutTests/imported/w3c/web-platform-tests/custom-elements/connected-callbacks-html-fragment-parsing-expected.txt (modified) (1 diff)
Source/WebCore/ChangeLog (modified) (1 diff)
Source/WebCore/dom/CustomElementReactionQueue.cpp (modified) (2 diffs)
Source/WebCore/dom/CustomElementReactionQueue.h (modified) (1 diff)
Source/WebCore/dom/Element.cpp (modified) (1 diff)
Source/WebCore/html/parser/HTMLConstructionSite.cpp (modified) (2 diffs)

Legend:

: Unmodified
: Added
: Removed

trunk/LayoutTests/imported/w3c/ChangeLog

-                      r234539
+                      r234577
+-08-03  Ryosuke Niwa  <rniwa@webkit.org>
+        innerHTML should not synchronously create a custom element
+        https://bugs.webkit.org/show_bug.cgi?id=188327
+        <rdar://problem/42923114>
+        Reviewed by Daniel Bates.
+        Rebaselined the test now that all test cases are passing.
+        * web-platform-tests/custom-elements/connected-callbacks-html-fragment-parsing-expected.txt:
 -08-02  Ryosuke Niwa  <rniwa@webkit.org>

trunk/LayoutTests/imported/w3c/web-platform-tests/custom-elements/connected-callbacks-html-fragment-parsing-expected.txt

-                      r234039
+                      r234577
+FAIL Inserting a custom element into the document using HTML fragment parsing must enqueue a custom element upgrade reaction, not synchronously invoke its constructor assert_equals: expected 1 but got 2
+FAIL Inserting a custom element into the document of the template elements using HTML fragment parsing must enqueue a custom element upgrade reaction, not synchronously invoke its constructor assert_equals: expected 1 but got 2
+FAIL Inserting a custom element into a new document using HTML fragment parsing must enqueue a custom element upgrade reaction, not synchronously invoke its constructor assert_equals: expected 1 but got 2
+FAIL Inserting a custom element into a cloned document using HTML fragment parsing must enqueue a custom element upgrade reaction, not synchronously invoke its constructor assert_equals: expected 1 but got 2
+FAIL Inserting a custom element into a document created by createHTMLDocument using HTML fragment parsing must enqueue a custom element upgrade reaction, not synchronously invoke its constructor assert_equals: expected 1 but got 2
+FAIL Inserting a custom element into an HTML document created by createDocument using HTML fragment parsing must enqueue a custom element upgrade reaction, not synchronously invoke its constructor assert_equals: expected 1 but got 2
+FAIL Inserting a custom element into the document of an iframe using HTML fragment parsing must enqueue a custom element upgrade reaction, not synchronously invoke its constructor assert_equals: expected 1 but got 2
+FAIL Inserting a custom element into an HTML document fetched by XHR using HTML fragment parsing must enqueue a custom element upgrade reaction, not synchronously invoke its constructor assert_equals: expected 1 but got 2
+PASS Inserting a custom element into the document using HTML fragment parsing must enqueue a custom element upgrade reaction, not synchronously invoke its constructor
+PASS Inserting a custom element into the document of the template elements using HTML fragment parsing must enqueue a custom element upgrade reaction, not synchronously invoke its constructor
+PASS Inserting a custom element into a new document using HTML fragment parsing must enqueue a custom element upgrade reaction, not synchronously invoke its constructor
+PASS Inserting a custom element into a cloned document using HTML fragment parsing must enqueue a custom element upgrade reaction, not synchronously invoke its constructor
+PASS Inserting a custom element into a document created by createHTMLDocument using HTML fragment parsing must enqueue a custom element upgrade reaction, not synchronously invoke its constructor
+PASS Inserting a custom element into an HTML document created by createDocument using HTML fragment parsing must enqueue a custom element upgrade reaction, not synchronously invoke its constructor
+PASS Inserting a custom element into the document of an iframe using HTML fragment parsing must enqueue a custom element upgrade reaction, not synchronously invoke its constructor
+PASS Inserting a custom element into an HTML document fetched by XHR using HTML fragment parsing must enqueue a custom element upgrade reaction, not synchronously invoke its constructor

trunk/Source/WebCore/ChangeLog

-                      r234569
+                      r234577
+-08-03  Ryosuke Niwa  <rniwa@webkit.org>
+        innerHTML should not synchronously create a custom element
+        https://bugs.webkit.org/show_bug.cgi?id=188327
+        <rdar://problem/42923114>
+        Reviewed by Daniel Bates.
+        Fixed the bug that the fragment parsing algorithm was synchronously constructing a custom element instead of
+        enqueuing an element to upgrade.
+        The fragment parsing algorithm creates an element for a token with *will execute script* flag set to false:
+        https://html.spec.whatwg.org/multipage/parsing.html#create-an-element-for-the-token
+        which results in creating an element with synchronous custom elements flag *not* set:
+        https://dom.spec.whatwg.org/#concept-create-element
+        When synchronous custom elements flag is false, we're supposed to create an element and enqueue a custom element
+        upgrade reaction. createHTMLElementOrFindCustomElementInterface was missing this last logic.
+        Also fixed a bug that Element::enqueueToUpgrade would hit a debug assertion when a custom element which has been
+        enqueued to upgrade is enqueued to upgrade for the second time. In this case, we need to put the element into the
+        current element queue (https://html.spec.whatwg.org/multipage/custom-elements.html#current-element-queue) again.
+        While the specification simply enqueues another upgrade reaction and bails out immediately in the first step of
+        the upgrade, WebKit's implementation simply avoids this redundancy in the first place:
+        https://html.spec.whatwg.org/multipage/custom-elements.html#concept-upgrade-an-element
+        Existing tests such as imported/w3c/web-platform-tests/custom-elements/reactions/Document.html exercises this
+        code path after the fragment parsing algorithm fix.
+        Tests: imported/w3c/web-platform-tests/custom-elements/connected-callbacks-html-fragment-parsing.html
+        * dom/CustomElementReactionQueue.cpp:
+        (WebCore::CustomElementReactionQueueItem::type const): Added for an assertion.
+        (WebCore::CustomElementReactionQueue::enqueueElementUpgrade): Enqueue this element to the current element queue
+        by calling ensureCurrentQueue and avoid inserting a redundant upgrade reaction.
+        * dom/CustomElementReactionQueue.h:
+        * dom/Element.cpp:
+        (WebCore::Element::enqueueToUpgrade): Handle the case when a custom element is enqueued to upgrade for the second
+        time while it had been waiting in some element queue. In this case, the reaction queue for this element has
+        already been created and we simply need to put this element back into the current element queue (i.e. this element
+        now belongs to both element queues).
+        * html/parser/HTMLConstructionSite.cpp:
+        (WebCore::findCustomElementInterface): Extracted out of createHTMLElementOrFindCustomElementInterface.
+        (WebCore::HTMLConstructionSite::createHTMLElementOrFindCustomElementInterface): Fixed the bug that the HTML parser
+        was synchronously constructing a custom element even for the fragment parsing algorithm.
 -08-03  Ben Richards  <benton_richards@apple.com>

trunk/Source/WebCore/dom/CustomElementReactionQueue.cpp

-                      r234539
+                      r234577
     { }
+    Type type() const { return m_type; }
     void invoke(Element& element, JSCustomElementInterface& elementInterface)
+    {
 …
+}
+void CustomElementReactionQueue::enqueueElementUpgrade(Element& element)
+{
+    auto& queue = ensureCurrentQueue(element);
+    queue.m_items.append({CustomElementReactionQueueItem::Type::ElementUpgrade});
+void CustomElementReactionQueue::enqueueElementUpgrade(Element& element, bool alreadyScheduledToUpgrade)
+{
+    auto& queue = ensureCurrentQueue(element);
+    if (alreadyScheduledToUpgrade) {
+        ASSERT(queue.m_items.size() == 1);
+        ASSERT(queue.m_items[0].type() == CustomElementReactionQueueItem::Type::ElementUpgrade);
+    } else
+        queue.m_items.append({CustomElementReactionQueueItem::Type::ElementUpgrade});
+}

trunk/Source/WebCore/dom/CustomElementReactionQueue.h

r234539	r234577
50	50	~CustomElementReactionQueue();
51	51
52		static void enqueueElementUpgrade(Element&);
	52	static void enqueueElementUpgrade(Element&, bool alreadyScheduledToUpgrade);
53	53	static void enqueueElementUpgradeIfDefined(Element&);
54	54	static void enqueueConnectedCallbackIfNeeded(Element&);

trunk/Source/WebCore/dom/Element.cpp

-                      r234507
+                      r234577
     auto& data = ensureElementRareData();
     ASSERT(!data.customElementReactionQueue());
     data.setCustomElementReactionQueue(std::make_unique<CustomElementReactionQueue>(elementInterface));
     data.customElementReactionQueue()->enqueueElementUpgrade(*this);
+    bool alreadyScheduledToUpgrade = data.customElementReactionQueue();
+    if (!alreadyScheduledToUpgrade)
+        data.setCustomElementReactionQueue(std::make_unique<CustomElementReactionQueue>(elementInterface));
+    data.customElementReactionQueue()->enqueueElementUpgrade(*this, alreadyScheduledToUpgrade);
+}

trunk/Source/WebCore/html/parser/HTMLConstructionSite.cpp

-                      r225117
+                      r234577
+}
+static inline JSCustomElementInterface* findCustomElementInterface(Document& ownerDocument, const AtomicString& localName)
+{
+    auto* window = ownerDocument.domWindow();
+    if (!window)
+        return nullptr;
+    auto* registry = window->customElementRegistry();
+    if (LIKELY(!registry))
+        return nullptr;
+    return registry->findInterface(localName);
+}
 RefPtr<Element> HTMLConstructionSite::createHTMLElementOrFindCustomElementInterface(AtomicHTMLToken& token, JSCustomElementInterface** customElementInterface)
+{
 …
     RefPtr<Element> element = HTMLElementFactory::createKnownElement(localName, ownerDocument, insideTemplateElement ? nullptr : form(), true);
     if (UNLIKELY(!element)) {
+        auto window = makeRefPtr(ownerDocument.domWindow());
+        if (customElementInterface && window) {
+            auto registry = makeRefPtr(window->customElementRegistry());
+            if (UNLIKELY(registry)) {
+                if (auto elementInterface = makeRefPtr(registry->findInterface(localName))) {
+                    *customElementInterface = elementInterface.get();
+                    return nullptr;
+                }
+        if (auto* elementInterface = findCustomElementInterface(ownerDocument, localName)) {
+            if (!m_isParsingFragment) {
+                *customElementInterface = elementInterface;
+                return nullptr;
+            }
+            element = HTMLElement::create(QualifiedName { nullAtom(), localName, xhtmlNamespaceURI }, ownerDocument);
+            element->setIsCustomElementUpgradeCandidate();
+            element->enqueueToUpgrade(*elementInterface);
+        } else {
+            QualifiedName qualifiedName { nullAtom(), localName, xhtmlNamespaceURI };
+            if (Document::validateCustomElementName(localName) == CustomElementNameValidationStatus::Valid) {
+                element = HTMLElement::create(qualifiedName, ownerDocument);
+                element->setIsCustomElementUpgradeCandidate();
+            } else
+                element = HTMLUnknownElement::create(qualifiedName, ownerDocument);
+        }
-        QualifiedName qualifiedName(nullAtom(), localName, xhtmlNamespaceURI);
-        if (Document::validateCustomElementName(localName) == CustomElementNameValidationStatus::Valid) {
-            element = HTMLElement::create(qualifiedName, ownerDocument);
-            element->setIsCustomElementUpgradeCandidate();
-        } else
-            element = HTMLUnknownElement::create(qualifiedName, ownerDocument);
+    }
     ASSERT(element);

Note: See TracChangeset for help on using the changeset viewer.