[webkit-changes] [WebKit/WebKit] c22363: AXObjectCache::characterOffsetFromVisiblePosition ...

Wed, 10 Jul 2024 22:19:06 -0700 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: c223637aad47dceef3291a95636ceb9fc10ee1ab
      
https://github.com/WebKit/WebKit/commit/c223637aad47dceef3291a95636ceb9fc10ee1ab
  Author: Tyler Wilcock <tyle...@apple.com>
  Date:   2024-07-10 (Wed, 10 Jul 2024)

  Changed paths:
    A LayoutTests/accessibility/mac/role-img-selection-hang-expected.txt
    A LayoutTests/accessibility/mac/role-img-selection-hang.html
    M Source/WebCore/accessibility/AXObjectCache.cpp

  Log Message:
  -----------
  AXObjectCache::characterOffsetFromVisiblePosition can iterate infinitely when 
moving through role="img" container
https://bugs.webkit.org/show_bug.cgi?id=276464
rdar://problem/131502510

Reviewed by Ryosuke Niwa.

Given this markup:

<div role="img">
    <span style="position:absolute">X</span>
    <span>Y</span>
</div>

When we create a VisiblePosition from this Position:

(Position
  (anchor node: #text 0x159003ec0 length=1 "Y")
  (offset: 0)
  (anchor type: offset in anchor))

We get its `canonicalPosition` in the VisiblePosition constructor, which 
computes:

(Position
  (anchor node: DIV 0x159003c40)
  (offset: 0)
  (anchor type: before anchor))

This starts iteration for `nextVisuallyDistinctCandidate` back at the beginning 
of the div, repeating until we get back
to the "Y" position, in turn computing the before-anchor-div position, 
repeating forever.

This happens because the div is role="img", which was special cased to be 
`Element::canContainRangeEndPoint()` in:

https://bugs.webkit.org/attachment.cgi?id=229259&action=prettypatch (Find on 
Page can get stuck in a loop when the search string occurs in an input in a 
fieldset).

Making it `canContainRangeEndPoint` also makes it `editingIgnoresContent == 
true`, in turn making it `Position::isCandidate() == true`.

I tried to solve the core editing bug in 
https://github.com/WebKit/WebKit/pull/30614, but my approach (removing this
special role="img" logic in Element::canContainRangeEndPoint()) caused other 
undesirable effects (more details in
https://github.com/WebKit/WebKit/pull/30614#issuecomment-2221064954), so some 
other fix is needed (tracked by
https://bugs.webkit.org/show_bug.cgi?id=276460).

For now, this commit works around this foundational bug by changing 
`AXObjectCache::characterOffsetFromVisiblePosition`
to detect we've moved back to the start position, and breaking to prevent an 
infinite loop.

* LayoutTests/accessibility/mac/role-img-selection-hang-expected.txt: Added.
* LayoutTests/accessibility/mac/role-img-selection-hang.html: Added.
* Source/WebCore/accessibility/AXObjectCache.cpp:
(WebCore::AXObjectCache::characterOffsetFromVisiblePosition):

Canonical link: https://commits.webkit.org/280847@main



To unsubscribe from these emails, change your notification settings at 
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to