[Webkit-unassigned] [Bug 186531] [Datalist][macOS] Add suggestions UI for TextFieldInputTypes

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Jun 18 18:41:18 PDT 2018 

https://bugs.webkit.org/show_bug.cgi?id=186531

--- Comment #19 from Aditya Keerthi <akeerthi at apple.com> ---
(In reply to Darin Adler from comment #17)
> Comment on attachment 342864 [details]
> Patch
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=342864&action=review
> 
> > Source/WebKit/UIProcess/WebPageProxy.cpp:4731
> > +    if (!m_dataListSuggestionsDropdown)
> > +        m_dataListSuggestionsDropdown = m_pageClient.createDataListSuggestionsDropdown(this);
> > +
> > +    m_dataListSuggestionsDropdown->show(info);
> 
> Under what circumstance is it OK for m_dataListSuggestionsDropdown to
> already be non-null here? I think we should be asserting it’s null and maybe
> returning early and doing nothing in that case. But maybe I am missing
> something. It seems to me that at least we would need to close the existing
> one before just calling show on it a second time.

This method can be called when m_dataListSuggestionsDropdown is non-null. For example, consider the case where the list of suggestions is already showing, the user enters a new character, and the suggestions are updated.

> > Source/WebKit/UIProcess/mac/WebDataListSuggestionsDropdownMac.h:26
> > +#pragma once
> 
> If this is included only from Objective-C, then we should use import on it
> and not add #pragma once to it.
> 
> If this is included from non-Objective-C then I think we need to use
> OBJC_CLASS rather than @class below.

The header is included from non-Objective-C, I have updated my patch to use OBJC_CLASS.

> > Source/WebKit/UIProcess/mac/WebDataListSuggestionsDropdownMac.h:59
> > +    NSView* m_view;
> 
> What guarantees we won’t use this pointer after the view has been
> deallocated?
>
> > Source/WebKit/UIProcess/mac/WebDataListSuggestionsDropdownMac.mm:73
> > +    NSView *_view;
> 
> What guarantees code won’t dereference this pointer after the view is
> deallocated?

If the view is deallocated, we will not be able to interact with the suggestions in any way, and the pointer will be unused.

> > Source/WebKit/UIProcess/mac/WebDataListSuggestionsDropdownMac.mm:46
> > +    RetainPtr<NSTextField> _textField;
> 
> What prevents this from creating a reference cycle that causes objects to
> leak?

_textField does not maintain a reference to the object that created it.

> > Source/WebKit/UIProcess/mac/WebDataListSuggestionsDropdownMac.mm:53
> > +- (BOOL)isActive;
> 
> Do we need this method? I don’t see any uses of it.

Removed.

> > Source/WebKit/UIProcess/mac/WebDataListSuggestionsDropdownMac.mm:57
> > +    RetainPtr<NSScrollView> _enclosingScrollView;
> 
> What prevents this from creating a reference cycle that causes objects to
> leak?
> 
> > Source/WebKit/UIProcess/mac/WebDataListSuggestionsDropdownMac.mm:70
> > +    RetainPtr<WKDataListSuggestionTable> _table;
> 
> What prevents this from creating a reference cycle that causes objects to
> leak? Maybe we have a guarantee that invalidate will always be called?
>
> > Source/WebKit/UIProcess/mac/WebDataListSuggestionsDropdownMac.mm:74
> > +    RetainPtr<NSWindow> _enclosingWindow;
> 
> What prevents this from creating a reference cycle that causes objects to
> leak? Maybe we have a guarantee that invalidate will always be called?

Invalidate is called whenever the suggestions are closed.

> > Source/WebKit/UIProcess/mac/WebDataListSuggestionsDropdownMac.mm:71
> > +    WebDataListSuggestionsDropdownMac *_dropdown;
> 
> The formatting here is not correct for a C++ object pointer. We put the *
> next to the type in cases like that.
> 
> What guarantees code won’t dereference this pointer after the dropdown is
> deleted?

The dropdown is only deallocated once the suggestions are closed. Consequently, the invalidate method is called, deallocating the objects that could have dereferenced this pointer.

> > Source/WebKit/UIProcess/mac/WebDataListSuggestionsDropdownMac.mm:238
> > +    if (!(self = [super initWithFrame:NSMakeRect(0, 0, rect.width() - 2, 0)]))
> 
> What is this magic number 2? The thickness of some border perhaps?

Removed the magic number as it was found to be unnecessary.

> > Source/WebKit/UIProcess/mac/WebDataListSuggestionsDropdownMac.mm:262
> > +    _activeRow = -1;
> 
> Do we really need to use a magic number -1 to represent no row active? In
> C++ we would use std::optional instead of a magic number. The mixed code
> that results from this where some places do "== -1" and others do "< 0" are
> inelegant and this can lead to problems.

Changed implementation to use std::optional.

> > Source/WebKit/UIProcess/mac/WebDataListSuggestionsDropdownMac.mm:280
> > +    _activeRow = row;
> 
> Why doesn’t this method have to do any invalidation? Is that a caller
> responsibility?

I moved some of the logic from the caller into this method.

> > Source/WebKit/UIProcess/mac/WebDataListSuggestionsDropdownMac.mm:287
> > +    [_enclosingScrollView flashScrollers];
> 
> Is this behavior really wanted any time reload is called? That seems strange.

Modified so that scrollers are only flashed the first time.

> > Source/WebKit/UIProcess/mac/WebDataListSuggestionsDropdownMac.mm:316
> > +    _suggestions = information.suggestions;
> 
> Unfortunate to have to copy the vector of suggestion strings here. Would be
> slightly nicer to use rvalue reference and move semantics to transfer
> ownership of the vector instead.

Updated to use move semantics.

> > Source/WebKit/UIProcess/mac/WebDataListSuggestionsDropdownMac.mm:336
> > +    NSInteger selectedRow = [_table currentActiveRow];
> 
> Do we have a strong guarantee that currentActiveRow won’t be larger than the
> current size of _suggestions? If not, this could lead to security bugs;
> might be better to do range checking here.

We have a semantic guarantee based on the current use of the variable. However, I have included the range check for safety.

> > Source/WebKit/UIProcess/mac/WebDataListSuggestionsDropdownMac.mm:391
> > +    return NSMakeRect(NSMinX(windowRect) - dropdownShadowHeight, NSMinY(windowRect) - height - dropdownShadowHeight - 2, rect.width() + dropdownShadowHeight*2, height + dropdownShadowHeight);
> 
> Spaces around "*" in WebKit coding style. Unclear what the magic "- 2" is
> for exactly, maybe some border width?

I put this value in a constant, a margin for the suggestions view.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20180619/e8b8feb2/attachment-0001.html>

More information about the webkit-unassigned mailing list