Bug 155159

Summary: Stop clamping HTMLElement.tabIndex to the range of a short
Product: WebKit Reporter: Chris Dumez <cdumez>
Component: DOMAssignee: Chris Dumez <cdumez>
Status: RESOLVED FIXED    
Severity: Normal CC: commit-queue, darin, rniwa, sam
Priority: P2 Keywords: WebExposed
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=155215
Attachments:
Description Flags
Patch none

Chris Dumez
Reported 2016-03-07 21:32:47 PST
Stop clamping HTMLElement.tabIndex to the range of a short. We apparently did this to match Firefox. However, this no longer matches Firefox's behavior nor the HTML specification: - https://html.spec.whatwg.org/multipage/interaction.html#dom-tabindex
Attachments
Patch (246.30 KB, patch)
2016-03-07 21:37 PST, Chris Dumez 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Chris Dumez
Comment 1 2016-03-07 21:37:27 PST
Created attachment 273267 [details] Patch
WebKit Commit Bot
Comment 2 2016-03-07 22:38:00 PST
Comment on attachment 273267 [details] Patch Clearing flags on attachment: 273267 Committed r197726: <http://trac.webkit.org/changeset/197726>
WebKit Commit Bot
Comment 3 2016-03-07 22:38:04 PST
All reviewed patches have been landed. Closing bug.
Darin Adler
Comment 4 2016-03-08 08:47:57 PST
Comment on attachment 273267 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=273267&action=review > Source/WebCore/page/FocusController.cpp:493 > - int winningTabIndex = std::numeric_limits<short>::max() + 1; > + int winningTabIndex = std::numeric_limits<int>::max(); The behavior for an item with a tab index of 2^32-1 is not the same as the old behavior for an item with a tab index of 2^16-1. We will skip such an item instead of returning it as the next element. I suggest constructing a test case that shows this and fixing the bug if it’s a bug.
Chris Dumez
Comment 5 2016-03-08 20:42:23 PST
(In reply to comment #4) > Comment on attachment 273267 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=273267&action=review > > > Source/WebCore/page/FocusController.cpp:493 > > - int winningTabIndex = std::numeric_limits<short>::max() + 1; > > + int winningTabIndex = std::numeric_limits<int>::max(); > > The behavior for an item with a tab index of 2^32-1 is not the same as the > old behavior for an item with a tab index of 2^16-1. We will skip such an > item instead of returning it as the next element. I suggest constructing a > test case that shows this and fixing the bug if it’s a bug. Thanks for catching this, I will fix in https://bugs.webkit.org/show_bug.cgi?id=155215.
Note You need to log in before you can comment on or make changes to this bug.