[Webkit-unassigned] [Bug 151401] Amazon.com Additional Information links aren't clickable

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Nov 20 18:59:18 PST 2015 

https://bugs.webkit.org/show_bug.cgi?id=151401

--- Comment #5 from Jiewen Tan <jiewen_tan at apple.com> ---
First of all, I have reduced the whole amazon webpage into two sample webpages. (Thanks Simon and Zalan.) The first one is the bad.html which reproduces the bug. The second one is the good.html, which displays the same content without the bug. The only difference is that the last div block is deleted in the good.html. Notice, one has to resize the width of the window to reproduce the bug.

Here are the render trees of these two webpages:
good:
(R)elative/A(B)solute/Fi(X)ed/Stick(Y) positioned, (O)verflow clipping, (A)nonymous, (G)enerated, (F)loating, has(L)ayer, (C)omposited, (D)irty layout, Dirty (S)tyle
---G-L- --* RenderView  (0.00, 0.00) (858.00, 833.00) renderer->(0x1172ec540)
-----L- --    HTML RenderBlock  (0.00, 0.00) (858.00, 27.00) renderer->(0x117340678) node->(0x117fc3ea0)
------- --      BODY RenderBody  (8.00, 8.00) (842.00, 0.00) renderer->(0x117340da8) node->(0x117fc3750)
----F-- --        DIV RenderBlock  (0.00, 0.00) (500.00, 18.00) renderer->(0x117340e60) node->(0x117fc37b8)
------- --          RootInlineBox  (0.00, 0.00) (270.55, 18.00) (0x11733e7e0) renderer->(0x117340e60)
------- --            InlineTextBox  (0.00, 0.00) (270.55, 18.00) (0x11739b9c0) run(1, 42) "foobar foobar foobar foobar foobar foobar"
------- --          #text RenderText renderer->(0x117fa0240) node->(0x117374960) length->(42) " foobar foobar foobar foobar foobar foobar"
----F-- --        DIV RenderBlock  (442.00, 0.00) (400.00, 19.00) renderer->(0x1173408a0) node->(0x117fc3820)
------- --          RootInlineBox  (0.00, 0.00) (361.25, 18.00) (0x11733e738) renderer->(0x1173408a0)
------- --            InlineTextBox  (0.00, 0.00) (361.25, 18.00) (0x11739b900) run(0, 57) "Lorem ipsum dolor sit amet, consectetur adipisicing elit."
------- --          #text RenderText renderer->(0x117fa03c0) node->(0x117374a50) length->(57) "Lorem ipsum dolor sit amet, consectetur adipisicing edit."

bad:
(R)elative/A(B)solute/Fi(X)ed/Stick(Y) positioned, (O)verflow clipping, (A)nonymous, (G)enerated, (F)loating, has(L)ayer, (C)omposited, (D)irty layout, Dirty (S)tyle
---G-L- --* RenderView  (0.00, 0.00) (858.00, 833.00) renderer->(0x1172ec540)
-----L- --    HTML RenderBlock  (0.00, 0.00) (858.00, 34.00) renderer->(0x117340678) node->(0x1173f1f70)
------- --      BODY RenderBody  (8.00, 8.00) (842.00, 18.00) renderer->(0x117340da8) node->(0x117338820)
----F-- --        DIV RenderBlock  (0.00, 0.00) (500.00, 18.00) renderer->(0x117340e60) node->(0x117338888)
------- --          RootInlineBox  (0.00, 0.00) (270.55, 18.00) (0x117fd8e70) renderer->(0x117340e60)
------- --            InlineTextBox  (0.00, 0.00) (270.55, 18.00) (0x117fbbc00) run(1, 42) "foobar foobar foobar foobar foobar foobar"
------- --          #text RenderText renderer->(0x117fbb7e0) node->(0x1173f2230) length->(42) " foobar foobar foobar foobar foobar foobar"
----F-- --        DIV RenderBlock  (442.00, 0.00) (400.00, 19.00) renderer->(0x1173408a0) node->(0x1173388f0)
------- --          RootInlineBox  (0.00, 0.00) (361.25, 18.00) (0x117fd8f18) renderer->(0x1173408a0)
------- --            InlineTextBox  (0.00, 0.00) (361.25, 18.00) (0x117fbbae0) run(0, 57) "Lorem ipsum dolor sit amet, consectetur adipisicing elit."
------- --          #text RenderText renderer->(0x117fbb960) node->(0x1173f2f00) length->(57) "Lorem ipsum dolor sit amet, consectetur adipisicing elit."
------- --        DIV RenderBlock  (0.00, 18.00) (0.00, 0.00) renderer->(0x117340958) node->(0x117fc35b0)

A very importance fact here is the BODY renderer of the good one has 0 height while the bad one has 18.00 height. It has a crucial impact on WebCore while it is executing hitTest on them. G stands for good, and B stands for bad afterwards. Here is the stack trace of the two test cases.

RenderBlock::nodeAtPoint
RenderObject::hitTest
RenderLayer::hitTestContents
RenderLayer::hitTestContentsForFragments
RenderLayer::hitTestLayer
RenderLayer::hitTestList
RenderLayer::hitTestLayer
RenderLayer::hitTest
RenderView::hitTest

Things diverge at RenderBlock::nodeAtPoint. They both get to RenderBlock.cpp::l2477 with the renderer as the HTML RenderBlock. However, the hitTestContents will return true for B but false for G. Hence, B will terminate the executation with the result from hitTestContents which is the first DIV RenderBlock. At the meantime, G will return the result from hitTestFloats which is the InlineTextBox of the second DIV RenderBlock. The reason here is since B's BODY RenderBody has height, so WebCore will continue examining whether it hits the content of its children. Finally, WebCore confirms it at RenderObject.cpp::l1748 with the renderer as the first DIV RenderBlock. On the other side, since G's BODY RenderBody has no height, WebCore will return false at RenderBlock.cpp::l2423 without examing BODY's children. That's why we get different results.

A possible fix for this bug could be flipping the execution sequence of RenderBlock.cpp::l2477 and RenderBlock.cpp::l2481, as for the painting system, it will first paint contents than floats. And then for hit test, it should do it reversedly. I am currently running layout tests against my tentative fix. I am hoping to have comments from experts in this area.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20151121/2b3c491e/attachment-0001.html>

More information about the webkit-unassigned mailing list