New issue
Advanced search Search tips

Issue 682243 link

Starred by 1 user

Issue metadata

Status: Fixed
Owner: ----
Closed: Dec 12
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 3
Type: Bug



Sign in to add a comment

`window.getComputedStyle` is wrong for `display: none` elements that use customStyleForLayoutObject

Project Member Reported by engedy@chromium.org, Jan 18 2017

Issue description

If the customized ComputedStyle returned from Element::customStyleForLayoutObject has the `display` attribute set to `none` -- either because the attribute originally had that value or it was set to that value during customization -- this customized ComputedStyle is destroyed as soon as Element::attachLayoutTree() returns, because there will be no layout object to retain it.

Later, if `window.getComputedStyle` is called, Element::ensureComputedStyle will try to on-demand recalculate the style, but it is not prepared to deal with elements that tweak their ComputedStyle in customStyleForLayoutObject, and will return the non-customized style calculated by StyleResolver::styleForElement.
 

Comment 1 by nainar@chromium.org, Jan 18 2017

Labels: Needs-Feedback
Can you please provide a test case to show the behaviour? 

Comment 2 by engedy@chromium.org, Jan 25 2017

A somewhat contrived example. The offsetWidth should be 20px, as the padding should be taken into account for an inline box.
img-display.html
249 bytes View Download

Comment 3 by e...@chromium.org, Feb 2 2017

Components: -Blink>Layout
Project Member

Comment 4 by bugdroid1@chromium.org, Feb 15 2017

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/d77ba4c9ecb5315db4dc26ac3f42ff767e94ae63

commit d77ba4c9ecb5315db4dc26ac3f42ff767e94ae63
Author: engedy <engedy@chromium.org>
Date: Wed Feb 15 14:51:30 2017

Make `getComputedStyle` return the correct style for collapsed <img> elements.

HTMLImageElements can be in the `collapsed` state, meaning they are not
included in the layout. Previously, this was implemented by overriding
layoutObjectIsNeeded() to return false so that no LayoutObject would be
created.

A disadvantage of this solution was that the style returned through the
`window.getComputedStyle` method was not consistent with the element's
effective style, for example, the `display` property was still set to `inline`.

As a matter of fact, the ComputedStyle calculated during layout was not even
persisted, and the style returned through the DOM API was calculated on-demand
in Element::ensureComputedStyle. This code path is also oblivious of style
customizations that would otherwise be applied during style recalculation by
Element::customStyleForLayoutObject for some element types.

Therefore this CL instead implements the `collapsed` state by explicitly
setting the `display` property from StyleAdjuster::adjustComputedStyle, which
is consulted directly by StyleResolver::styleForElement, and is therefore
applied in both Element::ensureComputedStyle and Element::styleForLayoutObject.

As a side effect, SharedStyleFinder now has to perform HTLMImageElement-specific
checks to prevent sharing styles between `collapsed` and `non-collapsed` images.
Marking the ComputedStyle for `collapsed` images as unique is not sufficient,
because it does not prevent reusing the ComputedStyle from a `non-collapsed`
image element on a `collapsed` one.

BUG=609747, 682243 

Review-Url: https://codereview.chromium.org/2627953003
Cr-Commit-Position: refs/heads/master@{#450694}

[modify] https://crrev.com/d77ba4c9ecb5315db4dc26ac3f42ff767e94ae63/third_party/WebKit/LayoutTests/http/tests/subresource_filter/image-allow-disallow-transitions.html
[modify] https://crrev.com/d77ba4c9ecb5315db4dc26ac3f42ff767e94ae63/third_party/WebKit/LayoutTests/http/tests/subresource_filter/image-disallowed-after-redirect.html
[modify] https://crrev.com/d77ba4c9ecb5315db4dc26ac3f42ff767e94ae63/third_party/WebKit/LayoutTests/http/tests/subresource_filter/image-disallowed.html
[modify] https://crrev.com/d77ba4c9ecb5315db4dc26ac3f42ff767e94ae63/third_party/WebKit/LayoutTests/http/tests/subresource_filter/picture-disallowed.html
[modify] https://crrev.com/d77ba4c9ecb5315db4dc26ac3f42ff767e94ae63/third_party/WebKit/Source/core/css/resolver/SharedStyleFinder.cpp
[modify] https://crrev.com/d77ba4c9ecb5315db4dc26ac3f42ff767e94ae63/third_party/WebKit/Source/core/css/resolver/StyleAdjuster.cpp
[modify] https://crrev.com/d77ba4c9ecb5315db4dc26ac3f42ff767e94ae63/third_party/WebKit/Source/core/html/HTMLImageElement.cpp
[modify] https://crrev.com/d77ba4c9ecb5315db4dc26ac3f42ff767e94ae63/third_party/WebKit/Source/core/html/HTMLImageElement.h

Comment 5 by r...@opera.com, Apr 27 2017

engedy@: did your CL fix this issue?

Comment 6 by engedy@chromium.org, Apr 27 2017

Labels: -Needs-Feedback
Status: Available (was: Untriaged)
Actually, my CL in #4 fixed the other edge case, and the one reproed in #2 still needs to be fixed. I will try to get to it in the not too distant future.

Comment 7 by nainar@chromium.org, Apr 28 2017

Labels: Hotlist-CodeHealth

Comment 8 by nainar@chromium.org, Apr 28 2017

Labels: Update-Quarterly

Comment 9 by nainar@chromium.org, Jun 30 2017

Labels: Hotlist-Squash-A-Bug
Labels: -Update-Quarterly
Project Member

Comment 11 by sheriffbot@chromium.org, Dec 6

Labels: Hotlist-Recharge-Cold
Status: Untriaged (was: Available)
This issue has been Available for over a year. If it's no longer important or seems unlikely to be fixed, please consider closing it out. If it is important, please re-triage the issue.

Sorry for the inconvenience if the bug really should have been left as Available.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Status: Fixed (was: Untriaged)
Supplied test case now passes.

Sign in to add a comment