Bug 59343

Summary: ContainerNode::insertedIntoDocument and ::willRemove don't handle self modifying trees
Product: WebKit Reporter: Michael Saboff <msaboff>
Component: WebCore JavaScriptAssignee: Michael Saboff <msaboff>
Status: ASSIGNED ---    
Severity: Normal CC: ap, rniwa
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: All   
OS: All   

Description Michael Saboff 2011-04-25 14:15:36 PDT 
If during an insert or delete node operation, the modification of one node causes a change in one or more other nodes.  Typically this can happen due to script execution as part of the insertion / deletion node notification.

The current implementation, checked in with <http://trac.webkit.org/changeset/84701>, will stop processing at the first child sibling node that was modified and subsequent siblings will not be notified of the insertion or deletion.  The immediately prior code traversed the node tree in question and created a vector of nodes and then notified the collected nodes of the insertion or deletion.  This ended up notifying secondarily modified nodes of the insertion.  while the current code "under" notifies, the prior code "over" notifies.

The proposal is to travers the node tree and queue up all modifying operations and then process those modifying operations for all nodes still at the same location in the node tree.