Bug 178376

Summary: Assert that Node::insertedInto doesn't fire an event
Product: WebKit Reporter: Ryosuke Niwa <rniwa>
Component: DOMAssignee: Ryosuke Niwa <rniwa>
Status: RESOLVED FIXED    
Severity: Normal CC: buildbot, cdumez, dbates, esprehn+autocc, gyuyoung.kim, jiewen_tan, kangil.han, koivisto, webkit-bug-importer, zalan
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: All   
OS: All   
See Also: https://bugs.webkit.org/show_bug.cgi?id=149236
Attachments:
Description Flags
Fixes the bug dbates: review+

Ryosuke Niwa
Reported 2017-10-16 21:47:58 PDT
notifyNodeInsertedIntoTree currently asserts that it can dispatch an event. This is completely wrong. We need to assert that it CANNOT dispatch an event.
Attachments
Fixes the bug (5.10 KB, patch)
2017-10-16 21:56 PDT, Ryosuke Niwa 		dbates: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Ryosuke Niwa
Comment 1 2017-10-16 21:56:43 PDT
Created attachment 323995 [details] Fixes the bug
Radar WebKit Bug Importer
Comment 2 2017-10-16 22:15:03 PDT
<rdar://problem/35022857>
alan
Comment 3 2017-10-16 22:25:08 PDT
Comment on attachment 323995 [details] Fixes the bug View in context: https://bugs.webkit.org/attachment.cgi?id=323995&action=review > Source/WebCore/ChangeLog:11 > + No new tests since the existing tests cover the behavioral change. Is it possible to come up with a test case that would be asserting on trunk (broken behavior) while it passes with this patch?
Daniel Bates
Comment 4 2017-10-16 22:29:34 PDT
For completeness, the assert was originally added in <https://trac.webkit.org/changeset/189896/> (bug #149236). The condition of the assert was renamed and changed truthfulness over time.
Ryosuke Niwa
Comment 5 2017-10-16 22:33:12 PDT
Comment on attachment 323995 [details] Fixes the bug View in context: https://bugs.webkit.org/attachment.cgi?id=323995&action=review >> Source/WebCore/ChangeLog:11 >> + No new tests since the existing tests cover the behavioral change. > > Is it possible to come up with a test case that would be asserting on trunk (broken behavior) while it passes with this patch? A whole bunch of tests in LayoutTests/dom would assert if I didn't have the fix for HTMLBodyElement and ProcessingInstruction.
Daniel Bates
Comment 6 2017-10-16 22:40:40 PDT
Comment on attachment 323995 [details] Fixes the bug View in context: https://bugs.webkit.org/attachment.cgi?id=323995&action=review > Source/WebCore/ChangeLog:4 > + https://bugs.webkit.org/show_bug.cgi?id=178376 Reminder to add radar URL before landing. I know you imported this bug after you posted the patch. > Source/WebCore/ChangeLog:17 > + (WebCore::ProcessingInstruction::finishedInsertingSubtree): Extracted from insertedInto since Out of curiosity, what existing test do we have for this change? > Source/WebCore/ChangeLog:22 > + (WebCore::HTMLBodyElement::finishedInsertingSubtree): Extracted from insertedInto since Out of curiosity, what existing test do we have for this change?
Ryosuke Niwa
Comment 7 2017-10-16 22:43:41 PDT
(In reply to Daniel Bates from comment #4) > For completeness, the assert was originally added in > <https://trac.webkit.org/changeset/189896/> (bug #149236). The condition of > the assert was renamed and changed truthfulness over time. The assertion existed before that: https://trac.webkit.org/browser/webkit/trunk/Source/WebCore/dom/ContainerNodeAlgorithms.h?annotate=blame&rev=189895#L216 The RAII class was initially introduced in https://trac.webkit.org/changeset/130077 but the underlying assertion even predates the original refactoring to add insertInto in https://trac.webkit.org/changeset/114351 as you can see in https://trac.webkit.org/browser/webkit/trunk/Source/WebCore/dom/ContainerNode.cpp?annotate=blame&rev=114350#L1012 or https://trac.webkit.org/browser/webkit/trunk/WebCore/khtml/xml/dom_nodeimpl.cpp?annotate=blame&rev=11248#L500 In fact, this assertion was introduced 12 years ago in https://trac.webkit.org/changeset/10992.
Ryosuke Niwa
Comment 8 2017-10-16 22:46:01 PDT
(In reply to Daniel Bates from comment #6) > Comment on attachment 323995 [details] > Fixes the bug > > View in context: > https://bugs.webkit.org/attachment.cgi?id=323995&action=review > > > Source/WebCore/ChangeLog:17 > > + (WebCore::ProcessingInstruction::finishedInsertingSubtree): Extracted from insertedInto since > > Out of curiosity, what existing test do we have for this change? Replied in radar. > > Source/WebCore/ChangeLog:22 > > + (WebCore::HTMLBodyElement::finishedInsertingSubtree): Extracted from insertedInto since > > Out of curiosity, what existing test do we have for this change? Ditto.
Ryosuke Niwa
Comment 9 2017-10-16 22:52:33 PDT
Thanks for the review!
Ryosuke Niwa
Comment 10 2017-10-16 22:52:40 PDT
Committed r223458: <https://trac.webkit.org/changeset/223458>
Note You need to log in before you can comment on or make changes to this bug.