| commit | df7d1a1cec30382be84e2810d0eda66b44d16027 | |
| author | tyler_w@apple.com <tyler_w@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc> | |
| Fri, 18 Feb 2022 16:47:36 +0000 (18 16:47 +0000) | ||
| committer | tyler_w@apple.com <tyler_w@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc> | |
| Fri, 18 Feb 2022 16:47:36 +0000 (18 16:47 +0000) | ||
| tree | 456f536c2b4c42b0c07cc3535ef1e927b043f658 | treesnapshot (tar.gz zip) |
| parent | 5999f4ef7001a3bf3bc90d13b63ee016b1ef51cd | commitdiff |
AX: AccessibilityScrollView should be resilient to destruction of underlying scroll view
https://bugs.webkit.org/show_bug.cgi?id=236750
Reviewed by Andres Gonzalez.
Sometimes we can get into a state where we have a valid AccessibilityScrollView,
backed by an iframe, with a destroyed WeakPtr<ScrollView> m_scrollView. When this
happens, all of the content inside the iframe becomes inaccessible. We need to handle
the case where an iframe changes the frame and document it holds (e.g. respect the current frame in
HTMLFrameOwner::contentFrame, which can change).
This patch fixes this by caching a WeakPtr<HTMLFrameOwnerElement> when an AccessibilityScrollView
is created. A new method currentScrollView() has been added to prefer the original m_scrollView, and
fallback to the scrollview represented by the frame owner element if m_scrollView has been destroyed.
Thanks to Andres Gonzalez for helping to find and fix this issue.
* accessibility/AccessibilityScrollView.cpp:
(WebCore::AccessibilityScrollView::AccessibilityScrollView):
Cache the frame owner of the provided ScrollView* in new
m_frameOwnerElement field.
(WebCore::AccessibilityScrollView::detachRemoteParts):
Detach new m_frameOwnerElement field.
(WebCore::AccessibilityScrollView::currentScrollView const):
Added.
(WebCore::AccessibilityScrollView::isAttachment const):
(WebCore::AccessibilityScrollView::platformWidget const):
(WebCore::AccessibilityScrollView::updateScrollbars):
(WebCore::AccessibilityScrollView::computeAccessibilityIsIgnored const):
(WebCore::AccessibilityScrollView::addChildren):
(WebCore::AccessibilityScrollView::webAreaObject const):
(WebCore::AccessibilityScrollView::elementRect const):
(WebCore::AccessibilityScrollView::document const):
(WebCore::AccessibilityScrollView::documentFrameView const):
(WebCore::AccessibilityScrollView::parentObject const):
(WebCore::AccessibilityScrollView::scrollTo const):
Use new currentScrollView() method instead of directly using m_scrollView.
(WebCore::AccessibilityScrollView::widgetForAttachmentView const):
Inlined in header.
(WebCore::AccessibilityScrollView::parentObjectIfExists const):
Inlined in header as call to parentObject() since these methods were duplicated.
(WebCore::AccessibilityScrollView::getScrollableAreaIfScrollable const):
Inlined in header.
* accessibility/AccessibilityScrollView.h:
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@290130 268f45cc-cd09-0410-ab3c-d52691b4dbfc
https://bugs.webkit.org/show_bug.cgi?id=236750
Reviewed by Andres Gonzalez.
Sometimes we can get into a state where we have a valid AccessibilityScrollView,
backed by an iframe, with a destroyed WeakPtr<ScrollView> m_scrollView. When this
happens, all of the content inside the iframe becomes inaccessible. We need to handle
the case where an iframe changes the frame and document it holds (e.g. respect the current frame in
HTMLFrameOwner::contentFrame, which can change).
This patch fixes this by caching a WeakPtr<HTMLFrameOwnerElement> when an AccessibilityScrollView
is created. A new method currentScrollView() has been added to prefer the original m_scrollView, and
fallback to the scrollview represented by the frame owner element if m_scrollView has been destroyed.
Thanks to Andres Gonzalez for helping to find and fix this issue.
* accessibility/AccessibilityScrollView.cpp:
(WebCore::AccessibilityScrollView::AccessibilityScrollView):
Cache the frame owner of the provided ScrollView* in new
m_frameOwnerElement field.
(WebCore::AccessibilityScrollView::detachRemoteParts):
Detach new m_frameOwnerElement field.
(WebCore::AccessibilityScrollView::currentScrollView const):
Added.
(WebCore::AccessibilityScrollView::isAttachment const):
(WebCore::AccessibilityScrollView::platformWidget const):
(WebCore::AccessibilityScrollView::updateScrollbars):
(WebCore::AccessibilityScrollView::computeAccessibilityIsIgnored const):
(WebCore::AccessibilityScrollView::addChildren):
(WebCore::AccessibilityScrollView::webAreaObject const):
(WebCore::AccessibilityScrollView::elementRect const):
(WebCore::AccessibilityScrollView::document const):
(WebCore::AccessibilityScrollView::documentFrameView const):
(WebCore::AccessibilityScrollView::parentObject const):
(WebCore::AccessibilityScrollView::scrollTo const):
Use new currentScrollView() method instead of directly using m_scrollView.
(WebCore::AccessibilityScrollView::widgetForAttachmentView const):
Inlined in header.
(WebCore::AccessibilityScrollView::parentObjectIfExists const):
Inlined in header as call to parentObject() since these methods were duplicated.
(WebCore::AccessibilityScrollView::getScrollableAreaIfScrollable const):
Inlined in header.
* accessibility/AccessibilityScrollView.h:
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@290130 268f45cc-cd09-0410-ab3c-d52691b4dbfc
| Source/WebCore/ChangeLog | diffblobblamehistory | |
| Source/WebCore/accessibility/AccessibilityScrollView.cpp | diffblobblamehistory | |
| Source/WebCore/accessibility/AccessibilityScrollView.h | diffblobblamehistory |