[webkit-dev] Top Crasher: Shadow DOM and Editing Collide Again
Ryosuke Niwa
rniwa at webkit.org
Wed Aug 31 18:41:53 PDT 2011
FYI, I have a patch up for review on
https://bugs.webkit.org/show_bug.cgi?id=66241. This patch changes the way
text nodes inside the shadow DOM of input and textarea elements are created
and updated.
- Ryosuke
On Tue, Aug 30, 2011 at 11:08 PM, Ryosuke Niwa <rniwa at webkit.org> wrote:
> After reading Dimitri's analysis and talking to him on IRC, I'm convinced
> that we don't have to call setInnerTextValue in updateFromElement. I've
> uploaded a work-in-progress patch to the bug 66241<http://webkit.org/b/66241> that
> realizes this idea.
>
> - Ryosuke
>
>
> On Mon, Aug 29, 2011 at 2:34 PM, Ryosuke Niwa <rniwa at webkit.org> wrote:
>
>> On Mon, Aug 29, 2011 at 1:46 PM, Dimitri Glazkov <dglazkov at chromium.org>wrote:
>>>
>>> I just realized what's going on here. The lifetime of the shadow DOM
>>> _used_ to be tied to the HTMLTextAreaElement's RenderObjects. Kent-san
>>> changed that and now the shadow DOM's lifecycle matches that of the
>>> rest of the DOM.
>>
>>
>> Yes!
>>
>>
>>> However, the update cycle still assumes that the
>>> shadow DOM lives on the RenderObjects, and does this really freaky
>>> thing with shuttling updated value via an extra style recalc (see
>>>
>>> http://codesearch.google.com/codesearch#OAMlx_jo-ck/src/third_party/WebKit/Source/WebCore/html/HTMLTextAreaElement.cpp&l=349
>>> ).
>>> We should just fix that and move updating code out of
>>> updateFromElement.
>>>
>>
>> Right. I think making updateFromElement not call setInnerTextValue will
>> fix this bug for good.
>>
>> - Ryosuke
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-dev/attachments/20110831/173ffdfa/attachment.html>
More information about the webkit-dev
mailing list