Bug 126046

Summary:	Fix the insert/remove lifecycle of PseudoElement
Product:	WebKit	Reporter:	Ryosuke Niwa <rniwa>
Component:	DOM	Assignee:	Nobody <webkit-unassigned>
Status:	RESOLVED WONTFIX
Severity:	Normal	CC:	ahmad.saleem792, ap, bfulgham, dino, hyatt, kling, koivisto, simon.fraser
Priority:	P2	Keywords:	BlinkMergeCandidate
Version:	528+ (Nightly build)
Hardware:	Unspecified
OS:	Unspecified

Description Ryosuke Niwa 2013-12-19 20:54:26 PST

Consider merging https://chromium.googlesource.com/chromium/blink/+/605cd8f104b9c5ba1270efa9519553fa18136c09%5E%21/#F0

PseudoElement was not correctly managing it's lifecycle inside the Document
leaving inDocument() not correctly set and not getting insertedInto() and
removedFrom() called at the right times. This led to manual management of
things like top layer in <dialog> (for the ::backdrop pseudo element). The
manual management resulted in a bug where we'd detach() the PseudoElement in
ElementRareData::releasePseudoElement and then the call to removeFromTopLayer()
would reattach it again.

This bug was the result of r160790 where I removed the
confusingAndOftenMisusedAttached() call from inside lazyReattach when I merged
it with lazyReattachIfNeeded and replaced it with an inActiveDocument() check.
Then since the PseudoElement never cleared the inDocument but when we called
into removeFromTopLayer after the detach we'd just go and lazyReattach it all
over again.

This patch simplifies the system and fixes the bug by making PseudoElement go
through the normal insertedInto() and removedFrom() calls. This also lets
add the ASSERT to ContainerNode::removeDetachedChildren and remove a super old
FIXME.

Comment 1 Ryosuke Niwa 2013-12-19 21:49:51 PST

Also see https://chromium.googlesource.com/chromium/blink/+/0e0807dd9a3bf2fbac745450aa06238cac29424c

Comment 2 Ahmad Saleem 2022-08-17 15:29:42 PDT

This FIXME is still present:

https://github.com/WebKit/WebKit/blob/801dcc1c9e7aabec321390689bc45e35752f371b/Source/WebCore/dom/ContainerNode.cpp#L311

Element.cpp is quite different:

https://github.com/WebKit/WebKit/blob/c51d445d35e1f4407bd8fe107ebe158363e7ae8f/Source/WebCore/dom/Element.cpp#L2444

ElementRareData.h - 

https://github.com/WebKit/WebKit/blob/c51d445d35e1f4407bd8fe107ebe158363e7ae8f/Source/WebCore/dom/ElementRareData.h#L189

Again different:

https://github.com/WebKit/WebKit/blob/c51d445d35e1f4407bd8fe107ebe158363e7ae8f/Source/WebCore/dom/ElementRareData.h#L204

Has bit similar but missing some bits as well:

https://github.com/WebKit/WebKit/blob/c51d445d35e1f4407bd8fe107ebe158363e7ae8f/Source/WebCore/dom/PseudoElement.cpp#L75

_________

Even for second commit - it is not quite same:

https://github.com/WebKit/WebKit/blob/c51d445d35e1f4407bd8fe107ebe158363e7ae8f/Source/WebCore/dom/Element.cpp#L3866

__________

rniwa@webkit.org - Is this needed anymore? Thanks!

Comment 3 Ryosuke Niwa 2022-08-20 15:55:31 PDT

This is won't fix at this point.