Bug 312527
| Summary: | [Site Isolation] Route popup menu value-changed IPC to the originating frame | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | zak ridouh <zakr> |
| Component: | New Bugs | Assignee: | zak ridouh <zakr> |
| Status: | RESOLVED FIXED | ||
| Severity: | Normal | CC: | webkit-bug-importer |
| Priority: | P2 | Keywords: | InRadar |
| Version: | WebKit Nightly Build | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
zak ridouh
When a <select> popup menu is open, focus can move to a remote frame during
the popup's nested run loop. WebPageProxy::Internals::valueChangedForPopupMenu()
previously called focusedOrMainFrame() to find the destination process for the
DidChangeSelectedIndexForActivePopupMenu IPC.
With site isolation, that may resolve to a different process than the one that hosts the <select>, so the
selection change is delivered to the wrong process. The originating WebProcess
never receives the close signal, leaving its m_popupIsVisible state stuck and
making the <select> appear broken, the next click is interpreted as a dismiss
rather than an open, and the chosen option never reaches the DOM.
Capture the originating frame's identifier in m_activePopupMenuFrameID at
showPopupMenu() time and use it to route both DidChangeSelectedIndexForActivePopupMenu
and (on non-Cocoa platforms) SetTextForActivePopupMenu. Clear the identifier in
hidePopupMenu() and resetState().
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
zak ridouh
<rdar://174886701>
zak ridouh
Pull request: https://github.com/WebKit/WebKit/pull/62939
EWS
Committed 313449@main (0a6b5cd60b4f): <https://commits.webkit.org/313449@main>
Reviewed commits have been landed. Closing PR #62939 and removing active labels.