Bug 111091
| Summary: | REGRESSION(r142015): Facebook photo uploads don't complete | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Julien Chaffraix <jchaffraix> |
| Component: | Layout and Rendering | Assignee: | Nobody <webkit-unassigned> |
| Status: | RESOLVED FIXED | ||
| Severity: | Normal | CC: | kbr, pravind, simon.fraser, tony, zalan |
| Priority: | P1 | Keywords: | InRadar, NeedsReduction |
| Version: | 528+ (Nightly build) | ||
| Hardware: | All | ||
| OS: | All | ||
Julien Chaffraix
How to reproduce:
1. On your main Facebook page, click "Photos"
2. Click "Albums"
3. Click on an album
4. Click "+Add Photos"
5. Select a photo on disk and click "OK"
This is a serious regression but I don't know if it's because we are now correct (and Facebook relied on our bug) or that we missed a case in r142015.
Chromium bug: https://code.google.com/p/chromium/issues/detail?id=178167
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Alexey Proskuryakov
<rdar://problem/13321648>
Simon Fraser (smfr)
I'm confused by how http://trac.webkit.org/changeset/142015 could affect photo uploading.
Julien Chaffraix
(In reply to comment #2)
> I'm confused by how http://trac.webkit.org/changeset/142015 could affect photo uploading.
It surprised me too but Tony investigated and singled out this specific change in the Chromium bug.
Julien Chaffraix
Incriminating change was rolled out in http://trac.webkit.org/changeset/145296.
zalan
as for the question of how this affects uploading, here is the answer (in case someone tries to redo the original patch)
1, http://trac.webkit.org/changeset/142015 introduces reattaching nodes when style changes from position static to absolute/fixed (or floating)
2, after clicking on 'add photos' and selecting the photo, facebook changes the position property on a direct child of the body element
3, this position change makes almost the entire page to be reattached and wipes out the render subtree (over 800 render objects)
4, one of the descendants is an Object element (the 'add photos' flash plugin)
5, by detaching/attaching this particular Object node, the associated RenderWidget gets destroyed/reconstructed
6, destroying the RenderWidget wipes out netscape plugin object
Supposedly the Flash plugin has some context, which gets lost when the object is destroyed (the plugin in question initiates a few loads when the 'Add photo' is clicked) Reconstructing the WebKit::Plugin object does not restore this context -> upload fails to start.
When the WebKit::Plugin object is preserved (by hacking it in WebKit::PluginView -> m_plugin) (instead of destroy->construct), the thumbnail+real progressbar shows up and the load finishes fine.
Upload also works fine when the non-flash version of the photo upload is used.