Fix nested OOPIF scroll-bubbling when scroll-latching is enabled |
||||
Issue descriptionChrome Version: 63.0.3208.0 What steps will reproduce the problem? (1) Ensure scroll-latching is enabled (TouchpadAndWheelScrollLatching feature) and run chrome with --site-per-process (2) Visit http://csreis.github.io/tests/cross-site-iframe-nested.html (3) Click the "Go cross-site" button (4) In the iframe, click the "Go cross-site (complex page)" button (5) Ensure that both the iframe and the nested iframe are scrolled to the top (6) Scroll up from within the nested frame What is the expected result? The main frame will scroll up What happens instead? We hit the DCHECK in RenderWidgetHostInputEventRouter::SendGestureScrollEnd. Check failed: event.GetType() == blink::WebInputEvent::kGestureScrollUpdate || event.GetType() == blink::WebInputEvent::kGesturePinchEnd. Since it's being called with a GestureScrollBegin event here: https://cs.chromium.org/chromium/src/content/browser/renderer_host/render_widget_host_input_event_router.cc?rcl=2370431756c252da1dccc7c3e61cc88a83bca5ae&l=640 Without that DCHECK, the main frame scrolls, but only slightly. The user must start a new gesture to scroll further (again only slightly). Also note that the bubbling works as expected if "Go cross-site (simple page)" is used for the nested frame. It presumably has something to do with the nested frame not being scrollable in that case.
,
Sep 8 2017
I notice that the DCHECKs in SendGestureScrollBegin/End allow for GesturePinchBegin/End events but go on to access the scroll_update union member. We should be checking the event type to make sure we're using the right union member.
,
Sep 8 2017
Regarding the issue of the scroll stopping, it looks like we're hitting https://cs.chromium.org/chromium/src/content/browser/renderer_host/render_widget_host_input_event_router.cc?rcl=a337dcd89c49d249cb19ec1e39036b68e1522a01&l=658 right away, and then all of the subsequent events get dropped here https://cs.chromium.org/chromium/src/content/browser/renderer_host/render_widget_host_input_event_router.cc?rcl=a337dcd89c49d249cb19ec1e39036b68e1522a01&l=649 It looks like the router is seeing the GSE created when it called SendGestureScrollEnd and cancels the scroll bubbling.
,
Sep 8 2017
It looks like we just need to check |target_view == first_bubbling_scroll_target_.target| when we process the non-GSB events. In particular, when |target_view != first_bubbling_scroll_target_.target| then the GSEs are from SendGestureScrollEnd. The non-latching code drops those here: https://cs.chromium.org/chromium/src/content/browser/renderer_host/render_widget_host_input_event_router.cc?rcl=a337dcd89c49d249cb19ec1e39036b68e1522a01&l=679
,
Sep 19 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/40324fd4616a8ee0d3d6c291c90a89a1b0621bd7 commit 40324fd4616a8ee0d3d6c291c90a89a1b0621bd7 Author: Sahel Sharify <sahel@chromium.org> Date: Tue Sep 19 06:57:08 2017 SendGestureScrollEnd uses GSB data when wheel scroll latching is enabled. The added test will fail with wheel scroll latching enabled and without applying this cl. Bug: 763422 Test: SitePerProcessBrowserTest.ScrollBubblingFromOOPIFTest Change-Id: I67ad586211f9d740b4652ed40ec0d260bd2c4abe Reviewed-on: https://chromium-review.googlesource.com/658217 Reviewed-by: Avi Drissman <avi@chromium.org> Reviewed-by: Timothy Dresser <tdresser@chromium.org> Reviewed-by: Kevin McNee <mcnee@chromium.org> Commit-Queue: Sahel Sharifymoghaddam <sahel@chromium.org> Cr-Commit-Position: refs/heads/master@{#502793} [modify] https://crrev.com/40324fd4616a8ee0d3d6c291c90a89a1b0621bd7/content/browser/renderer_host/render_widget_host_input_event_router.cc [modify] https://crrev.com/40324fd4616a8ee0d3d6c291c90a89a1b0621bd7/content/browser/site_per_process_browsertest.cc
,
Sep 21 2017
,
Sep 21 2017
That CL fixes the DCHECK, but the RWHIER is still interrupting itself with its own GSE as described in #3 and #4.
,
Sep 22 2017
I am sorry, I missed your previous comments, this cl should fix the issue: https://chromium-review.googlesource.com/c/chromium/src/+/678536
,
Sep 27 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/c7a86bf619e8c1db94fbf722657a121a0d53a7b6 commit c7a86bf619e8c1db94fbf722657a121a0d53a7b6 Author: Sahel Sharify <sahel@chromium.org> Date: Wed Sep 27 19:24:15 2017 Generated GSE events don't reset the bubbling target. In case of nested OOPIFs the GSB event is bubbled one target at a time; when GSB is bubbling up from an intermediate target, a synthetic GSE is sent to the target to finish the scrolling sequence on it. Once GSB has found its final target, the rest of the scroll events are directly bubbled to that target rather than getting bubbled up one target at a time. https://chromium-review.googlesource.com/658217 cl has fixed the DCHECK hit while sending a synthetic GSE to an intermediate target. However, the generated GSE still stops scroll bubbling by resetting the bubbling target to null. This cl drops generated GSEs that are sent to intermediate bubbling targets and prevents them from stopping the scroll bubbling. Bug: 763422 Change-Id: I6a49d431b6f838b3f56e477ef6b0af7b8e6bf0c2 Reviewed-on: https://chromium-review.googlesource.com/678536 Reviewed-by: Kevin McNee <mcnee@chromium.org> Reviewed-by: Ken Buchanan <kenrb@chromium.org> Reviewed-by: Avi Drissman <avi@chromium.org> Commit-Queue: Sahel Sharifymoghaddam <sahel@chromium.org> Cr-Commit-Position: refs/heads/master@{#504749} [modify] https://crrev.com/c7a86bf619e8c1db94fbf722657a121a0d53a7b6/content/browser/renderer_host/render_widget_host_input_event_router.cc [modify] https://crrev.com/c7a86bf619e8c1db94fbf722657a121a0d53a7b6/content/browser/site_per_process_browsertest.cc
,
Sep 29 2017
|
||||
►
Sign in to add a comment |
||||
Comment 1 by sahel@chromium.org
, Sep 8 2017Status: Assigned (was: Available)