Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(38)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 2692423006: Fix stale focusedElement in unloaded document. (Closed)

Created:
3 years, 10 months ago by kochi
Modified:
3 years, 10 months ago
Reviewers:
tkent
CC:
blink-reviews, blink-reviews-dom_chromium.org, chromium-reviews, dglazkov+blink, eae+blinkwatch, rwlbuis, sof
Target Ref:
refs/pending/heads/master
Project:
chromium
Visibility:
Public.

Description

Fix stale focusedElement in unloaded document. When appendChild()/adoptNode() moves a node between different documents, any focused node under moving node will be cleared, but it is done before "unload" event is dispatched. So if combined with <iframe>, focusing that frame in "unload" event can trigger stale focused element reference from the old document tree. This CL tries to fix that by checking if the element is the owner of the frame that is being unloaded. BUG=677690 Review-Url: https://codereview.chromium.org/2692423006 Cr-Commit-Position: refs/heads/master@{#451271} Committed: https://chromium.googlesource.com/chromium/src/+/b16ecc7508fb9da7626dad7708d04b1f745c54e1

Patch Set 1 #

Total comments: 1

Patch Set 2 : Check nullptr. #

Unified diffs Side-by-side diffs Delta from patch set Stats (+35 lines, -0 lines) Patch
A third_party/WebKit/LayoutTests/fast/loader/crash-focus-in-unload.html View 1 chunk +30 lines, -0 lines 0 comments Download
M third_party/WebKit/Source/core/dom/Element.cpp View 1 1 chunk +5 lines, -0 lines 0 comments Download

Messages

Total messages: 22 (13 generated)
kochi
tkent-san, could you review?
3 years, 10 months ago (2017-02-17 06:42:49 UTC) #5
tkent
lgtm
3 years, 10 months ago (2017-02-17 06:48:37 UTC) #6
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2692423006/1
3 years, 10 months ago (2017-02-17 07:20:53 UTC) #9
commit-bot: I haz the power
Try jobs failed on following builders: linux_chromium_chromeos_rel_ng on master.tryserver.chromium.linux (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_chromeos_rel_ng/builds/366959)
3 years, 10 months ago (2017-02-17 07:30:27 UTC) #11
tkent
https://codereview.chromium.org/2692423006/diff/1/third_party/WebKit/Source/core/dom/Element.cpp File third_party/WebKit/Source/core/dom/Element.cpp (right): https://codereview.chromium.org/2692423006/diff/1/third_party/WebKit/Source/core/dom/Element.cpp#newcode2648 third_party/WebKit/Source/core/dom/Element.cpp:2648: toHTMLFrameOwnerElement(this)->contentDocument()->unloadStarted()) contnetDocument() might return nullptr.
3 years, 10 months ago (2017-02-17 07:34:01 UTC) #12
kochi
On 2017/02/17 07:34:01, tkent wrote: > https://codereview.chromium.org/2692423006/diff/1/third_party/WebKit/Source/core/dom/Element.cpp > File third_party/WebKit/Source/core/dom/Element.cpp (right): > > https://codereview.chromium.org/2692423006/diff/1/third_party/WebKit/Source/core/dom/Element.cpp#newcode2648 > ...
3 years, 10 months ago (2017-02-17 08:08:58 UTC) #15
tkent
lgtm
3 years, 10 months ago (2017-02-17 08:51:14 UTC) #16
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2692423006/20001
3 years, 10 months ago (2017-02-17 08:51:57 UTC) #19
commit-bot: I haz the power
3 years, 10 months ago (2017-02-17 09:11:24 UTC) #22
Message was sent while issue was closed. 
Committed patchset #2 (id:20001) as
https://chromium.googlesource.com/chromium/src/+/b16ecc7508fb9da7626dad7708d0...

Powered by Google App Engine
This is Rietveld 408576698