We currently update AX caches as a post layout task. This is problematic because it can lead to arbitrary script execution: e.g. 3 0x2836d4250 WebCore::EventDispatcher::dispatchEvent(WebCore::Node&, WebCore::Event&) 4 0x28376d6ac WebCore::Node::dispatchEvent(WebCore::Event&) 5 0x283699750 WebCore::Element::dispatchFocusEvent(WTF::RefPtr<WebCore::Element, WTF::RawPtrTraits<WebCore::Element>, WTF::DefaultRefDerefTraits<WebCore::Element>>&&, WebCore::FocusOptions const&) 6 0x2835c477c WebCore::Document::setFocusedElement(WebCore::Element*, WebCore::FocusOptions const&) 7 0x2843b3b48 WebCore::FocusController::setFocusedElement(WebCore::Element*, WebCore::LocalFrame&, WebCore::FocusOptions const&) 8 0x283698d64 WebCore::Element::focus(WebCore::FocusOptions const&) 9 0x282b8b80c WebCore::AccessibilityNodeObject::setFocused(bool) 10 0x282af3d4c WebCore::AXObjectCache::focusCurrentModal() 11 0x282afeda4 WebCore::AXObjectCache::performDeferredCacheUpdate() 12 0x28441f0c4 WebCore::LocalFrameView::performPostLayoutTasks() 13 0x28442a760 WebCore::LocalFrameViewLayoutContext::runAsynchronousTasks() 14 0x28442b7e8 WebCore::LocalFrameViewLayoutContext::runOrScheduleAsynchronousTasks() 15 0x28442b110 WebCore::LocalFrameViewLayoutContext::performLayout() 16 0x28440969c WebCore::LocalFrameViewLayoutContext::layout() 17 0x28441cbb0 WebCore::LocalFrameView::updateContentsSize() 18 0x2846a2f90 WebCore::ScrollView::updateScrollbars(WebCore::IntPoint const&) 19 0x2846a4858 WebCore::ScrollView::setContentsSize(WebCore::IntSize const&) 20 0x28440cafc WebCore::LocalFrameView::setContentsSize(WebCore::IntSize const&) 21 0x284406f7c WebCore::LocalFrameView::adjustViewSize() 22 0x28442afc0 WebCore::LocalFrameViewLayoutContext::performLayout() 23 0x28440969c WebCore::LocalFrameViewLayoutContext::layout() 24 0x2835adde8 WebCore::Document::updateLayout()