[Webkit-unassigned] [Bug 176053] Element positioned with getBoundingClientRect() inside position fixed element is rendered in wrong place

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Jan 10 20:03:59 PST 2018


https://bugs.webkit.org/show_bug.cgi?id=176053

--- Comment #7 from Simon Fraser (smfr) <simon.fraser at apple.com> ---
When you click the button here's what happens:
1. You read scrollTop (pageYOffset)
2. The main content is set as position:fixed, and given a negative top offset. This removes it from the main flow, so the previously scrollable document now has no scrolling content and shrinks; at this point it's scrollTop should be 0
3. The popup is positioned using an offset inside the position:fixed computed from the old scrollTop and getBoundingClientRect().top.

The bug on iOS is that at step 2, we don't synchronously set the new 0,0 scroll position in the document; this happens later in a message from the UI process. This causes getBoundingClientRect() to use a wrong FrameView::documentToClientOffset() since visibleContentRect().location() is stale.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20180111/7d30fe2e/attachment-0001.html>


More information about the webkit-unassigned mailing list