Changeset 247161 in webkit
- Timestamp:
- Jul 5, 2019 9:58:06 AM (5 years ago)
- Location:
- trunk
- Files:
-
- 3 added
- 8 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r247158 r247161 1 2019-07-05 Wenson Hsieh <wenson_hsieh@apple.com> 2 3 Click events on outer page are not being dispatched correctly after touch-zooming within an iframe 4 https://bugs.webkit.org/show_bug.cgi?id=185001 5 <rdar://problem/40569615> 6 7 Reviewed by Simon Fraser. 8 9 Add a new layout test to verify that after interacting with an element with touch event handlers in a cross- 10 origin subframe, the user is still able to click on elements on the top level document. 11 12 * http/tests/events/touch/ios/click-after-handling-touch-in-cross-origin-frame.https-expected.txt: Added. 13 * http/tests/events/touch/ios/click-after-handling-touch-in-cross-origin-frame.https.html: Added. 14 * http/tests/events/touch/ios/resources/touch-target.html: Added. 15 1 16 2019-07-05 Wenson Hsieh <wenson_hsieh@apple.com> 2 17 -
trunk/Source/WebKit/ChangeLog
r247158 r247161 1 2019-07-05 Wenson Hsieh <wenson_hsieh@apple.com> 2 3 Click events on outer page are not being dispatched correctly after touch-zooming within an iframe 4 https://bugs.webkit.org/show_bug.cgi?id=185001 5 <rdar://problem/40569615> 6 7 Reviewed by Simon Fraser. 8 9 Mitigations introduced in r227759 prevent a touch inside a document of origin A to result in a click event being 10 dispatched on an element inside a document of origin B. It accomplishes this by keeping track of the security 11 origin of the last touch via m_potentialTapSecurityOrigin on WebPage. However, there exists a corner case in 12 which m_potentialTapSecurityOrigin, set after touching a document in a subframe, may persist even after the user 13 has finished interacting, causing taps in subsequent documents to not result in synthetic click events due to 14 mismatched potential tap origins. 15 16 This may happen if the first user gesture happens inside an element in a subframe with touch event handlers, but 17 no click event handler (and the touch is additionally not over some clickable element). In this case, 18 m_potentialTapNode is set to null in WebPage::potentialTapAtPosition, and when we consult it in 19 WebPage::commitPotentialTap, we just end up calling commitPotentialTapFailed(); and return early. This means 20 that m_potentialTapNode, m_potentialTapLocation, and (importantly) m_potentialTapSecurityOrigin are not reset. 21 This causes subsequent taps in the top-level document to never dispatch click events, if the security origin 22 does not match with that of the subframe. 23 24 To fix this, we add a new async IPC message from the UI process to the web process to ensure that our current 25 security origin is reset before attempting to handle a tap. 26 27 Test: http/tests/events/touch/ios/click-after-handling-touch-in-cross-origin-frame.https.html 28 29 * UIProcess/WebPageProxy.cpp: 30 (WebKit::WebPageProxy::resetPotentialTapSecurityOrigin): 31 32 Reset any stale potential tap security origin if needed. 33 34 * UIProcess/WebPageProxy.h: 35 * UIProcess/ios/WKContentViewInteraction.mm: 36 (-[WKContentView _webTouchEventsRecognized:]): 37 38 Send the new IPC message when starting a touch. 39 40 * WebProcess/WebPage/WebPage.cpp: 41 (WebKit::WebPage::resetPotentialTapSecurityOrigin): 42 * WebProcess/WebPage/WebPage.h: 43 * WebProcess/WebPage/WebPage.messages.in: 44 1 45 2019-07-05 Wenson Hsieh <wenson_hsieh@apple.com> 2 46 -
trunk/Source/WebKit/UIProcess/WebPageProxy.cpp
r247146 r247161 2658 2658 } 2659 2659 2660 void WebPageProxy::resetPotentialTapSecurityOrigin() 2661 { 2662 if (!hasRunningProcess()) 2663 return; 2664 2665 m_process->send(Messages::WebPage::ResetPotentialTapSecurityOrigin(), m_pageID); 2666 } 2667 2660 2668 void WebPageProxy::handleTouchEventAsynchronously(const NativeWebTouchEvent& event) 2661 2669 { -
trunk/Source/WebKit/UIProcess/WebPageProxy.h
r247146 r247161 829 829 830 830 #if ENABLE(IOS_TOUCH_EVENTS) 831 void resetPotentialTapSecurityOrigin(); 831 832 void handleTouchEventSynchronously(NativeWebTouchEvent&); 832 833 void handleTouchEventAsynchronously(const NativeWebTouchEvent&); -
trunk/Source/WebKit/UIProcess/ios/WKContentViewInteraction.mm
r247132 r247161 1316 1316 _layerTreeTransactionIdAtLastTouchStart = downcast<WebKit::RemoteLayerTreeDrawingAreaProxy>(*_page->drawingArea()).lastCommittedLayerTreeTransactionID(); 1317 1317 1318 #if ENABLE(TOUCH_EVENTS) 1319 _page->resetPotentialTapSecurityOrigin(); 1320 #endif 1321 1318 1322 WebKit::InteractionInformationRequest positionInformationRequest { WebCore::IntPoint(_lastInteractionLocation) }; 1319 1323 [self doAfterPositionInformationUpdate:[assistant = WeakObjCPtr<WKActionSheetAssistant>(_actionSheetAssistant.get())] (WebKit::InteractionInformationAtPosition information) { -
trunk/Source/WebKit/WebProcess/WebPage/WebPage.cpp
r247158 r247161 2917 2917 } 2918 2918 2919 void WebPage::resetPotentialTapSecurityOrigin() 2920 { 2921 m_potentialTapSecurityOrigin = nullptr; 2922 } 2923 2919 2924 void WebPage::updatePotentialTapSecurityOrigin(const WebTouchEvent& touchEvent, bool wasHandled) 2920 2925 { -
trunk/Source/WebKit/WebProcess/WebPage/WebPage.h
r247158 r247161 1321 1321 #if ENABLE(IOS_TOUCH_EVENTS) 1322 1322 void touchEventSync(const WebTouchEvent&, CompletionHandler<void(bool)>&&); 1323 void resetPotentialTapSecurityOrigin(); 1323 1324 void updatePotentialTapSecurityOrigin(const WebTouchEvent&, bool wasHandled); 1324 1325 #elif ENABLE(TOUCH_EVENTS) -
trunk/Source/WebKit/WebProcess/WebPage/WebPage.messages.in
r246938 r247161 127 127 128 128 #if ENABLE(IOS_TOUCH_EVENTS) 129 ResetPotentialTapSecurityOrigin() 129 130 TouchEventSync(WebKit::WebTouchEvent event) -> (bool handled) Synchronous 130 131 #endif
Note: See TracChangeset
for help on using the changeset viewer.