<rdar://problem/60742229>
Created attachment 395274 [details] Fixes the crash
Created attachment 395276 [details] Add description to test case
Comment on attachment 395276 [details] Add description to test case View in context: https://bugs.webkit.org/attachment.cgi?id=395276&action=review > Source/WebCore/html/HTMLInputElement.cpp:1558 > +#if ENABLE(DATALIST_ELEMENT) > + if (isConnected() && m_hasNonEmptyList) > + dataListMayHaveChanged(); > +#endif By this time, author scripts may have ran so it's possible that some code that would have accessed things like computed style and bounding rect that rely on the updated style. I guess that's okay because this only affects painting?
Comment on attachment 395276 [details] Add description to test case View in context: https://bugs.webkit.org/attachment.cgi?id=395276&action=review >> Source/WebCore/html/HTMLInputElement.cpp:1558 >> +#endif > > By this time, author scripts may have ran so it's possible that some code that > would have accessed things like computed style and bounding rect that rely on the updated style. > I guess that's okay because this only affects painting? Yes — I /believe/ this is okay, since only content inside the input’s UA shadow root will be affected (which isn’t visible to author script at all), so this should only have an impact on painting.
(In reply to Wenson Hsieh from comment #4) > Comment on attachment 395276 [details] > Add description to test case > > View in context: > https://bugs.webkit.org/attachment.cgi?id=395276&action=review > > >> Source/WebCore/html/HTMLInputElement.cpp:1558 > >> +#endif > > > > By this time, author scripts may have ran so it's possible that some code that > > would have accessed things like computed style and bounding rect that rely on the updated style. > > I guess that's okay because this only affects painting? > > Yes — I /believe/ this is okay, since only content inside the input’s UA > shadow root will be affected (which isn’t visible to author script at all), > so this should only have an impact on painting. Sounds good.
Committed r259402: <https://trac.webkit.org/changeset/259402> All reviewed patches have been landed. Closing bug and clearing flags on attachment 395276 [details].