- Revision
- 254201
- Author
- grao...@webkit.org
- Date
- 2020-01-08 08:30:39 -0800 (Wed, 08 Jan 2020)
Log Message
[Web Animations] Stop creating CSS Animations for <noscript> elements
https://bugs.webkit.org/show_bug.cgi?id=205925
<rdar://problem/58158479>
Reviewed by Antti Koivisto.
Source/WebCore:
Test: webanimations/no-css-animation-on-noscript.html
It makes no sense to create CSS Animations for a <noscript> element and it has the side effect of potential crashes.
Indeed, AnimationTimeline::updateCSSAnimationsForElement() may be called without a currentStyle and so we never have
a list of previously-applied animations to compare to the list of animations in afterChangeStyle. So on each call we
end up creating a new CSSAnimation and the previous animation for the same name is never explicitly removed from the
effect stack and is eventually destroyed and the WeakPtr for it in the stack ends up being null, which would cause a
crash under KeyframeEffectStack::ensureEffectsAreSorted().
We now prevent elements such as <noscript> from being considered for CSS Animations in TreeResolver::resolveElement().
* dom/Element.cpp:
(WebCore::Element::rendererIsNeeded):
* dom/Element.h:
(WebCore::Element::rendererIsEverNeeded):
* html/HTMLElement.cpp:
(WebCore::HTMLElement::rendererIsEverNeeded):
(WebCore::HTMLElement::rendererIsNeeded): Deleted.
* html/HTMLElement.h:
* style/StyleTreeResolver.cpp:
(WebCore::Style::TreeResolver::resolveElement):
LayoutTests:
Add a new test that checks that setting the `animation` property on a <noscript> element does not yield the creation of a CSSAnimation object.
* webanimations/no-css-animation-on-noscript-expected.txt: Added.
* webanimations/no-css-animation-on-noscript.html: Added.
Modified Paths
Added Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (254200 => 254201)
--- trunk/LayoutTests/ChangeLog 2020-01-08 15:57:03 UTC (rev 254200)
+++ trunk/LayoutTests/ChangeLog 2020-01-08 16:30:39 UTC (rev 254201)
@@ -1,3 +1,16 @@
+2020-01-08 Antoine Quint <grao...@apple.com>
+
+ [Web Animations] Stop creating CSS Animations for <noscript> elements
+ https://bugs.webkit.org/show_bug.cgi?id=205925
+ <rdar://problem/58158479>
+
+ Reviewed by Antti Koivisto.
+
+ Add a new test that checks that setting the `animation` property on a <noscript> element does not yield the creation of a CSSAnimation object.
+
+ * webanimations/no-css-animation-on-noscript-expected.txt: Added.
+ * webanimations/no-css-animation-on-noscript.html: Added.
+
2020-01-08 youenn fablet <you...@apple.com>
Implement MediaRecorder backend in GPUProcess
Added: trunk/LayoutTests/webanimations/no-css-animation-on-noscript-expected.txt (0 => 254201)
--- trunk/LayoutTests/webanimations/no-css-animation-on-noscript-expected.txt (rev 0)
+++ trunk/LayoutTests/webanimations/no-css-animation-on-noscript-expected.txt 2020-01-08 16:30:39 UTC (rev 254201)
@@ -0,0 +1,3 @@
+
+PASS A CSS Animation cannot be created on a <noscript> element.
+
Added: trunk/LayoutTests/webanimations/no-css-animation-on-noscript.html (0 => 254201)
--- trunk/LayoutTests/webanimations/no-css-animation-on-noscript.html (rev 0)
+++ trunk/LayoutTests/webanimations/no-css-animation-on-noscript.html 2020-01-08 16:30:39 UTC (rev 254201)
@@ -0,0 +1,28 @@
+<!DOCTYPE html>
+<html>
+<head>
+<style>
+
+noscript {
+ animation: animation 1s infinite;
+}
+
+@keyframes animation {
+ to { margin-left: "100px" };
+}
+
+</style>
+</head>
+<body>
+<script src=""
+<script src=""
+<noscript>Hello World</noscript>
+<script>
+
+test(() => {
+ assert_equals(document.querySelector("noscript").getAnimations().length, 0);
+}, "A CSS Animation cannot be created on a <noscript> element.");
+
+</script>
+</body>
+</html>
Modified: trunk/Source/WebCore/ChangeLog (254200 => 254201)
--- trunk/Source/WebCore/ChangeLog 2020-01-08 15:57:03 UTC (rev 254200)
+++ trunk/Source/WebCore/ChangeLog 2020-01-08 16:30:39 UTC (rev 254201)
@@ -1,3 +1,33 @@
+2020-01-08 Antoine Quint <grao...@apple.com>
+
+ [Web Animations] Stop creating CSS Animations for <noscript> elements
+ https://bugs.webkit.org/show_bug.cgi?id=205925
+ <rdar://problem/58158479>
+
+ Reviewed by Antti Koivisto.
+
+ Test: webanimations/no-css-animation-on-noscript.html
+
+ It makes no sense to create CSS Animations for a <noscript> element and it has the side effect of potential crashes.
+ Indeed, AnimationTimeline::updateCSSAnimationsForElement() may be called without a currentStyle and so we never have
+ a list of previously-applied animations to compare to the list of animations in afterChangeStyle. So on each call we
+ end up creating a new CSSAnimation and the previous animation for the same name is never explicitly removed from the
+ effect stack and is eventually destroyed and the WeakPtr for it in the stack ends up being null, which would cause a
+ crash under KeyframeEffectStack::ensureEffectsAreSorted().
+
+ We now prevent elements such as <noscript> from being considered for CSS Animations in TreeResolver::resolveElement().
+
+ * dom/Element.cpp:
+ (WebCore::Element::rendererIsNeeded):
+ * dom/Element.h:
+ (WebCore::Element::rendererIsEverNeeded):
+ * html/HTMLElement.cpp:
+ (WebCore::HTMLElement::rendererIsEverNeeded):
+ (WebCore::HTMLElement::rendererIsNeeded): Deleted.
+ * html/HTMLElement.h:
+ * style/StyleTreeResolver.cpp:
+ (WebCore::Style::TreeResolver::resolveElement):
+
2020-01-08 Alicia Boya GarcĂa <ab...@igalia.com>
[WTF] Allow MediaTime static constants
Modified: trunk/Source/WebCore/dom/Element.cpp (254200 => 254201)
--- trunk/Source/WebCore/dom/Element.cpp 2020-01-08 15:57:03 UTC (rev 254200)
+++ trunk/Source/WebCore/dom/Element.cpp 2020-01-08 16:30:39 UTC (rev 254201)
@@ -2114,7 +2114,7 @@
bool Element::rendererIsNeeded(const RenderStyle& style)
{
- return style.display() != DisplayType::None && style.display() != DisplayType::Contents;
+ return rendererIsEverNeeded() && style.display() != DisplayType::None && style.display() != DisplayType::Contents;
}
RenderPtr<RenderElement> Element::createElementRenderer(RenderStyle&& style, const RenderTreePosition&)
Modified: trunk/Source/WebCore/dom/Element.h (254200 => 254201)
--- trunk/Source/WebCore/dom/Element.h 2020-01-08 15:57:03 UTC (rev 254200)
+++ trunk/Source/WebCore/dom/Element.h 2020-01-08 16:30:39 UTC (rev 254201)
@@ -285,6 +285,7 @@
virtual RenderPtr<RenderElement> createElementRenderer(RenderStyle&&, const RenderTreePosition&);
virtual bool rendererIsNeeded(const RenderStyle&);
+ virtual bool rendererIsEverNeeded() { return true; }
WEBCORE_EXPORT ShadowRoot* shadowRoot() const;
ShadowRoot* shadowRootForBindings(JSC::JSGlobalObject&) const;
Modified: trunk/Source/WebCore/html/HTMLElement.cpp (254200 => 254201)
--- trunk/Source/WebCore/html/HTMLElement.cpp 2020-01-08 15:57:03 UTC (rev 254200)
+++ trunk/Source/WebCore/html/HTMLElement.cpp 2020-01-08 16:30:39 UTC (rev 254201)
@@ -733,7 +733,7 @@
setAttributeWithoutSynchronization(translateAttr, enable ? "yes" : "no");
}
-bool HTMLElement::rendererIsNeeded(const RenderStyle& style)
+bool HTMLElement::rendererIsEverNeeded()
{
if (hasTagName(noscriptTag)) {
RefPtr<Frame> frame = document().frame();
@@ -744,7 +744,7 @@
if (frame && frame->loader().subframeLoader().allowPlugins())
return false;
}
- return StyledElement::rendererIsNeeded(style);
+ return StyledElement::rendererIsEverNeeded();
}
RenderPtr<RenderElement> HTMLElement::createElementRenderer(RenderStyle&& style, const RenderTreePosition&)
Modified: trunk/Source/WebCore/html/HTMLElement.h (254200 => 254201)
--- trunk/Source/WebCore/html/HTMLElement.h 2020-01-08 15:57:03 UTC (rev 254200)
+++ trunk/Source/WebCore/html/HTMLElement.h 2020-01-08 16:30:39 UTC (rev 254201)
@@ -70,8 +70,8 @@
void accessKeyAction(bool sendMouseEvents) override;
- bool rendererIsNeeded(const RenderStyle&) override;
RenderPtr<RenderElement> createElementRenderer(RenderStyle&&, const RenderTreePosition&) override;
+ bool rendererIsEverNeeded() final;
WEBCORE_EXPORT virtual HTMLFormElement* form() const;
Modified: trunk/Source/WebCore/style/StyleTreeResolver.cpp (254200 => 254201)
--- trunk/Source/WebCore/style/StyleTreeResolver.cpp 2020-01-08 15:57:03 UTC (rev 254200)
+++ trunk/Source/WebCore/style/StyleTreeResolver.cpp 2020-01-08 16:30:39 UTC (rev 254201)
@@ -198,6 +198,9 @@
return { };
}
+ if (!element.rendererIsEverNeeded())
+ return { };
+
auto newStyle = styleForElement(element, parent().style);
if (!affectsRenderedSubtree(element, *newStyle))
