60782 – REGRESSION (WebKit2): QuickTime (and Flash?) can draw outside the bounds of its containing frame when the frame is scrolled

RESOLVED WONTFIX60782

REGRESSION (WebKit2): QuickTime (and Flash?) can draw outside the bounds of its containing frame when the frame is scrolled

https://bugs.webkit.org/show_bug.cgi?id=60782

Summary REGRESSION (WebKit2): QuickTime (and Flash?) can draw outside the bounds of i...

Adam Roben (:aroben)

Reported 2011-05-13 11:44:10 PDT

To reproduce: 1. Go to data:text/html,<iframe src="data:text/html,<embed src='http://trailers.apple.com/movies/fox/rio/rio-tlr1_r640s.mov' autoplay=true width=640 height=288>"></iframe> 2. When the movie starts playing, click in the righthand side of the horizontal scroll gutter You'll see a flash of the movie to the right of the iframe as the iframe scrolls. This bug does not occur in WebKit1.

Attachments
Add attachment proposed patch, testcase, etc.

Adam Roben (:aroben)

Comment 1 2011-05-13 11:46:25 PDT

When the iframe scrolls, two things happen: 1) We update the plugin's window region so that the part of the plugin that is supposed to be exposed after scrolling is the only part that can be drawn. 2) We move the plugin's window to match the new position after scrolling. The plugin is drawing between (1) and (2). At this point, the clip region has been updated to the part of the plugin that was formerly scrolled off the right edge of the iframe. The plugin is now drawing outside of the iframe's bounds. Then the plugin's window is moved into its new position, moving the clip region back inside the iframe's bounds.

Adam Roben (:aroben)

Comment 2 2011-05-13 11:48:00 PDT

WebKit1 works around this by setting plugins' window regions to an empty rect during scrolling, then restoring the correct window region afterward. That way the plugin will have no chance to draw when it's clipping region has been updated but its position hasn't.

Adam Roben (:aroben)

Comment 3 2011-05-13 11:49:21 PDT

The PluginQuirkDontClipToZeroRectWhenScrolling quirk in WebCore is related to the above-described WebKit1 fix. Apparently Java doesn't like this. See <http://trac.webkit.org/changeset/29974>. r29974 also implies that this will happen with Flash, too. We should test!

Adam Roben (:aroben)

Comment 4 2011-05-13 12:47:39 PDT

<rdar://problem/9435782>

Alexey Proskuryakov

Comment 5 2022-07-01 11:36:17 PDT

Mass closing plug-in bugs, as plug-in support has been removed from WebKit. Please comment and/or reopen if this still affects WebKit in some way.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution WONTFIX

Priority P2

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware PC

OS Windows 7

Product WebKit

Component Plug-ins

Assignee

Nobody

Reported

2011-05-13 11:44 PDT

Modified

2022-07-01 11:36 PDT History

CC List

3 users Show

URL

data:text/html,<iframe src="data:text/html,<embed src='http://trailers.apple.com/movies/fox/rio/rio-tlr1_r640s.mov' autoplay=true width=640 height=288>"></iframe>

Keywords InRadar, PlatformOnly, Regression

Depends on

Blocks