[Webkit-unassigned] [Bug 46868] [Chromium] Input Method inserts conversion candidates unexpectedly
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Sep 29 19:58:16 PDT 2010
https://bugs.webkit.org/show_bug.cgi?id=46868
--- Comment #1 from Kenichi Ishibashi <bashi at google.com> 2010-09-29 19:58:16 PST ---
I've investigated deeply this issue. This issue will happen on the textarea that has an event listener which invokes style recalculation.
When IME composition changes, WebKit calls the event listener at first and style recalculation is scheduled. Then, the IME composition is processed by Editor::setComposition(). In the typical sequence, it uses CompositionEditCommand::replaceTextInNode() to set the current IME composition into the text node which is on the textarea node. The replaceTextInNode() function is composed of DeleteFromTextNodeCommand and InsertIntoTextNodeCommand, and after invoking DeleteFromTextNodeCommand, it invokes style recalculation if it needed (and it's needed in this case).
At this point, a state mismatch occurred. Although the content of the text node has changed by deletion command, the textarea node still keeps previous text and the m_valueMatchesRenderer flag, which indicates whether the text is up-to-date, does not update yet. As the result, when WebKit recalculation the style of the textarea, it inserts the IME candidate text into the text node unexpectedly.
I wrote a repro for this issue and I'll attach the file.
I'll post a trial patch to fix this issue and would like to ask some advice.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list