Chromium Code Reviews
|
|
Chromium Code Reviews
Issue
2532023002:
Avoid updateStyleAndLayoutTree in determineAccessibilityRole (Closed)
|
Created:
4 years ago by kojii Modified:
4 years ago CC:
aboxhall+watch_chromium.org, aboxhall, blink-reviews, chromium-reviews, dmazzoni+watch_chromium.org, dmazzoni, dtseng+watch_chromium.org, haraken, je_julie, nektar+watch_chromium.org, nektarios, yuzo+watch_chromium.org Target Ref:
refs/pending/heads/master Project:
chromium Visibility:
Public. |
DescriptionAvoid updateStyleAndLayoutTree in determineAccessibilityRole
This patch avoids updating layout tree in
AXNodeObject::determineAccessibilityRole().
Element::isFocusable() requires styles to be updated. However, when
layout code calls determineAccessibilityRole(), updating layout tree
should be avoided since it may destroy the calling object.
This patch replaces it to supportsFocus(), since the main purpose is
to give elements with tabIndex explicitly set get some role.
This is a speculative fix.
BUG=590369, 647602, 665168
Committed: https://crrev.com/338b38e06760302a8010bfea008865f55db4db0c
Cr-Commit-Position: refs/heads/master@{#435009}
Patch Set 1 : Approach 1 #Patch Set 2 : Approach 2 #Patch Set 3 : dmazzoni/tkent review #Messages
Total messages: 30 (22 generated)
The CQ bit was checked by kojii@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
Description was changed from ========== WIP: ax-update BUG= ========== to ========== WIP: ax-update BUG=590369, 647602, 665168 ==========
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: This issue passed the CQ dry run.
The CQ bit was checked by kojii@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
Description was changed from ========== WIP: ax-update BUG=590369, 647602, 665168 ========== to ========== Avoid updateStyleAndLayoutTree in determineAccessibilityRole This patch avoids updating layout tree in AXNodeObject::determineAccessibilityRole(). Element::isFocusable() requires styles to be updated. However, when layout code calls determineAccessibilityRole(), updating layout tree should be avoided since it may destroy the calling object. This patch gives up computing isFocusable() if layout tree needs updates. The roleValue should then be updated when the next layout occurs. BUG=590369, 647602, 665168 ==========
Description was changed from ========== Avoid updateStyleAndLayoutTree in determineAccessibilityRole This patch avoids updating layout tree in AXNodeObject::determineAccessibilityRole(). Element::isFocusable() requires styles to be updated. However, when layout code calls determineAccessibilityRole(), updating layout tree should be avoided since it may destroy the calling object. This patch gives up computing isFocusable() if layout tree needs updates. The roleValue should then be updated when the next layout occurs. BUG=590369, 647602, 665168 ========== to ========== Avoid updateStyleAndLayoutTree in determineAccessibilityRole This patch avoids updating layout tree in AXNodeObject::determineAccessibilityRole(). Element::isFocusable() requires styles to be updated. However, when layout code calls determineAccessibilityRole(), updating layout tree should be avoided since it may destroy the calling object. This patch gives up computing isFocusable() if layout tree needs updates. The roleValue() should then be updated when the next layout occurs. BUG=590369, 647602, 665168 ==========
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: This issue passed the CQ dry run.
kojii@chromium.org changed reviewers: + dmazzoni@chromium.org, eae@chromium.org, tkent@chromium.org
tkent@, dmazzoni@, PTAL. cc/eae@ if any opinions, approach 4 (discarded) is layout. I investigated 4 possible approaches and currently I'm currently in favor of the approach 2. Approach 1 (PS1): Prevent updating layout only when AXObjectCache::textChanged is called for a LayoutObject. Since the LayoutObject needs updates, assumes determineAccessibleRole will be called again and will be correct eventually, but if the assumption doesn't stand, we'll see incorrect role value when a canvas fallback content with ::first-letter is dynamically updated. Approach 2 (PS2): Simplified approach 1. If the assumption in PS1 stands, we don't have to limit it only for AXObjectCache::textChanged(LayoutObject*). This approach always disables updating layout. Safer and simpler. More breakage is possible though if the assumption doesn't stand, but it's still limited to canvas fallback content with ::first-letter is dynamically updated, so not a common case. Approach 3 (discarded, crrev.com/2530343002): Tried to delay determineAccessibleRole() by moving from AXNodeObject::init() to roleValue(). This approach didn't work well because roleValue() is so often called, mostly deep in the callstacks. Hard to avoid calling it during textChanged(), and easy to break in future. Approach 4 (discarded): Define LayoutText::setText() can destroy itself, and fix its callers. There are many callers of setText(), from attach, detach, layout, or timer. To fix them all isn't realistic, hard to test, and easy to break in future. I'm trying to create a stable repro, but I'm not succeeding yet.
Description was changed from ========== Avoid updateStyleAndLayoutTree in determineAccessibilityRole This patch avoids updating layout tree in AXNodeObject::determineAccessibilityRole(). Element::isFocusable() requires styles to be updated. However, when layout code calls determineAccessibilityRole(), updating layout tree should be avoided since it may destroy the calling object. This patch gives up computing isFocusable() if layout tree needs updates. The roleValue() should then be updated when the next layout occurs. BUG=590369, 647602, 665168 ========== to ========== Avoid updateStyleAndLayoutTree in determineAccessibilityRole This patch avoids updating layout tree in AXNodeObject::determineAccessibilityRole(). Element::isFocusable() requires styles to be updated. However, when layout code calls determineAccessibilityRole(), updating layout tree should be avoided since it may destroy the calling object. This patch gives up computing isFocusable() if layout tree needs updates. The roleValue() should then be updated when the next layout occurs. This fix is speculative. BUG=590369, 647602, 665168 ==========
Description was changed from ========== Avoid updateStyleAndLayoutTree in determineAccessibilityRole This patch avoids updating layout tree in AXNodeObject::determineAccessibilityRole(). Element::isFocusable() requires styles to be updated. However, when layout code calls determineAccessibilityRole(), updating layout tree should be avoided since it may destroy the calling object. This patch gives up computing isFocusable() if layout tree needs updates. The roleValue() should then be updated when the next layout occurs. This fix is speculative. BUG=590369, 647602, 665168 ========== to ========== Avoid updateStyleAndLayoutTree in determineAccessibilityRole This patch avoids updating layout tree in AXNodeObject::determineAccessibilityRole(). Element::isFocusable() requires styles to be updated. However, when layout code calls determineAccessibilityRole(), updating layout tree should be avoided since it may destroy the calling object. This patch gives up computing isFocusable() if layout tree needs updates. The roleValue() should then be updated when the next layout occurs. This is a speculative fix. BUG=590369, 647602, 665168 ==========
On 2016/11/28 at 12:57:11, kojii wrote: > tkent@, dmazzoni@, PTAL. cc/eae@ if any opinions, approach 4 (discarded) is layout. > > I investigated 4 possible approaches and currently I'm currently in favor of the approach 2. > > Approach 1 (PS1): Prevent updating layout only when AXObjectCache::textChanged is called for a LayoutObject. Since the LayoutObject needs updates, assumes determineAccessibleRole will be called again and will be correct eventually, but if the assumption doesn't stand, we'll see incorrect role value when a canvas fallback content with ::first-letter is dynamically updated. > > Approach 2 (PS2): Simplified approach 1. If the assumption in PS1 stands, we don't have to limit it only for AXObjectCache::textChanged(LayoutObject*). This approach always disables updating layout. Safer and simpler. More breakage is possible though if the assumption doesn't stand, but it's still limited to canvas fallback content with ::first-letter is dynamically updated, so not a common case. If we're sure that determineAccessibleRole will be called again, PS2 is acceptable for a short-term security fix, I think. However, if so, can we skip the first call of determineAccesibleRole? Can we postpone AX tree update until layout clean state?
In this particular case, let's call Element::supportsFocus() instead. The main purpose of that line is to make sure that a generic element with tabIndex explicitly set gets some role. The layout checks for focusability aren't critical here; a false positive would be harmless. If there are other places in the accessibility code where you see the same issue, we can consider them separately. There may be cases where we want to do something different.
The CQ bit was checked by kojii@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
Thank you Dominic and tkent for the prompt reviews. On 2016/11/28 at 23:25:29, dmazzoni wrote: > In this particular case, let's call > Element::supportsFocus() instead. The main > purpose of that line is to make sure that a > generic element with tabIndex explicitly set > gets some role. The layout checks for > focusability aren't critical here; a false > positive would be harmless. I see, thank you for the great advice! Fixed accordingly in PS3. > If there are other places in the accessibility > code where you see the same issue, we can > consider them separately. There may be cases > where we want to do something different. I'll make sure to consult you, thank you!
Description was changed from ========== Avoid updateStyleAndLayoutTree in determineAccessibilityRole This patch avoids updating layout tree in AXNodeObject::determineAccessibilityRole(). Element::isFocusable() requires styles to be updated. However, when layout code calls determineAccessibilityRole(), updating layout tree should be avoided since it may destroy the calling object. This patch gives up computing isFocusable() if layout tree needs updates. The roleValue() should then be updated when the next layout occurs. This is a speculative fix. BUG=590369, 647602, 665168 ========== to ========== Avoid updateStyleAndLayoutTree in determineAccessibilityRole This patch avoids updating layout tree in AXNodeObject::determineAccessibilityRole(). Element::isFocusable() requires styles to be updated. However, when layout code calls determineAccessibilityRole(), updating layout tree should be avoided since it may destroy the calling object. This patch replaces it to supportsFocus(), since the main purpose is to give elements with tabIndex explicitly set get some role. This is a speculative fix. BUG=590369, 647602, 665168 ==========
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: This issue passed the CQ dry run.
lgtm
The CQ bit was checked by dmazzoni@chromium.org
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
CQ is committing da patch.
Bot data: {"patchset_id": 40001, "attempt_start_ts": 1480436180934630,
"parent_rev": "19c4bcb5329e0de604d4dcc2496043ad0aa01d82", "commit_rev":
"84e2fa6a0258d85d64bce3d9a78522cc3c4ec252"}
Message was sent while issue was closed.
Committed patchset #3 (id:40001)
Message was sent while issue was closed.
Description was changed from ========== Avoid updateStyleAndLayoutTree in determineAccessibilityRole This patch avoids updating layout tree in AXNodeObject::determineAccessibilityRole(). Element::isFocusable() requires styles to be updated. However, when layout code calls determineAccessibilityRole(), updating layout tree should be avoided since it may destroy the calling object. This patch replaces it to supportsFocus(), since the main purpose is to give elements with tabIndex explicitly set get some role. This is a speculative fix. BUG=590369, 647602, 665168 ========== to ========== Avoid updateStyleAndLayoutTree in determineAccessibilityRole This patch avoids updating layout tree in AXNodeObject::determineAccessibilityRole(). Element::isFocusable() requires styles to be updated. However, when layout code calls determineAccessibilityRole(), updating layout tree should be avoided since it may destroy the calling object. This patch replaces it to supportsFocus(), since the main purpose is to give elements with tabIndex explicitly set get some role. This is a speculative fix. BUG=590369, 647602, 665168 Committed: https://crrev.com/338b38e06760302a8010bfea008865f55db4db0c Cr-Commit-Position: refs/heads/master@{#435009} ==========
Message was sent while issue was closed.
Patchset 3 (id:??) landed as https://crrev.com/338b38e06760302a8010bfea008865f55db4db0c Cr-Commit-Position: refs/heads/master@{#435009} |
