[Webkit-unassigned] [Bug 80628] New: Overrides of Node::removedFromDocument should not depend on Node::inDocument being true

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Mar 8 12:41:21 PST 2012 

https://bugs.webkit.org/show_bug.cgi?id=80628

           Summary: Overrides of Node::removedFromDocument should not
                    depend on Node::inDocument being true
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Unspecified
        OS/Version: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: HTML DOM
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: adamk at chromium.org
                CC: eric at webkit.org, mjs at apple.com, darin at apple.com,
                    abarth at webkit.org, rniwa at webkit.org


In http://trac.webkit.org/changeset/108152, I fixed a bug whose root cause was that Node::inDocument() did not match the true in-document state. That is, Node::inDocument was true when a Node was not part of the Document tree.

After fixing that bug, I tried adding an assertion to inDocument() to ensure it would always return the "correct" value. But it turns out that many callers of inDocument() actually depend on this out-of-sync behavior: those that are called from overrides of Node::removedFromDocument. Essentially what these callers are attempting to determine is, "was this node in the document".

What I propose is that we should make the InDocumentFlag state of a node match its true state as closely as possible; ideally, clearing the flag as soon as its parent is set to 0.

In order to support the "was this node in the document" use case, we would then need some other mechanism. What this should be is less obvious to me. One idea would be for such callers to override Node::willRemove, and to fix willRemove to happen just before the node is actually removed from the tree (i.e., not calling it too early). This would work well for one of the main offenders I ran into, radio buttons. See HTMLInputElement::removedFromDocument().

A more modest but more invasive approach would be to force any overrides of removedFromDocument to pass along with "we are being removed from the document" state to all methods it calls, rather than letting them use the inDocument flag as a proxy. Or we could add a IsBeingRemovedFromDocument flag.

I'm interested in the insights of those with more history on the InDocumentFlag, the removedFromDocument & insertedIntoDocument methods, and the willRemove method.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list