[Webkit-unassigned] [Bug 217240] New: REGRESSION (r257839): Broken focus when 'display' changes in an attribute selector

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Oct 2 11:14:01 PDT 2020 

https://bugs.webkit.org/show_bug.cgi?id=217240

            Bug ID: 217240
           Summary: REGRESSION (r257839): Broken focus when 'display'
                    changes in an attribute selector
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Layout and Rendering
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: ajuma at chromium.org
                CC: bfulgham at webkit.org, koivisto at iki.fi,
                    simon.fraser at apple.com, wenson_hsieh at apple.com,
                    zalan at apple.com

Created attachment 410344

  --> https://bugs.webkit.org/attachment.cgi?id=410344&action=review

Test case

This is similar to bug 216754 and bug 216257 but still broken after those fixes.

The conditions needed for this bug are:
1) An element E is display:none because of an attribute selector
2) Script asks for E's computed style's display property
3) The attribute from the attribute selector changes so that E is now display:block
4) Some descendant D of E is focused using D.focus()

After r257839, we end up using the stale computed style stored at step (2) when checking for hidden ancestors in Element::isVisibleWithoutResolvingFullStyle(), so incorrectly conclude that D is not visible.

I've attached a test case. 

In practice, this is happening on m.youtube.com in Chrome for iOS, where tapping on the search button will fail to focus the search field. In that case, the code asking for the computed style is actually in Chrome's injected logic for autofill and translation. However, the attached test case reproduces the bug more generally (in MiniBrowser and Safari).

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20201002/15126237/attachment-0001.htm>

More information about the webkit-unassigned mailing list