Bug 126046

Summary: Fix the insert/remove lifecycle of PseudoElement
Product: WebKit Reporter: Ryosuke Niwa <rniwa>
Component: DOMAssignee: Nobody <webkit-unassigned>
Status: RESOLVED WONTFIX    
Severity: Normal CC: ahmad.saleem792, ap, bfulgham, dino, hyatt, kling, koivisto, simon.fraser
Priority: P2 Keywords: BlinkMergeCandidate
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   

Description Ryosuke Niwa 2013-12-19 20:54:26 PST
Consider merging https://chromium.googlesource.com/chromium/blink/+/605cd8f104b9c5ba1270efa9519553fa18136c09%5E%21/#F0

PseudoElement was not correctly managing it's lifecycle inside the Document
leaving inDocument() not correctly set and not getting insertedInto() and
removedFrom() called at the right times. This led to manual management of
things like top layer in <dialog> (for the ::backdrop pseudo element). The
manual management resulted in a bug where we'd detach() the PseudoElement in
ElementRareData::releasePseudoElement and then the call to removeFromTopLayer()
would reattach it again.

This bug was the result of r160790 where I removed the
confusingAndOftenMisusedAttached() call from inside lazyReattach when I merged
it with lazyReattachIfNeeded and replaced it with an inActiveDocument() check.
Then since the PseudoElement never cleared the inDocument but when we called
into removeFromTopLayer after the detach we'd just go and lazyReattach it all
over again.

This patch simplifies the system and fixes the bug by making PseudoElement go
through the normal insertedInto() and removedFrom() calls. This also lets
add the ASSERT to ContainerNode::removeDetachedChildren and remove a super old
FIXME.
Comment 3 Ryosuke Niwa 2022-08-20 15:55:31 PDT
This is won't fix at this point.