This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Web Inspector: Getting style data via WebCore::InspectorCSSAgent::get…
…MatchedStylesForNode for a detached node crashes https://bugs.webkit.org/show_bug.cgi?id=240608 rdar://93473674 Reviewed by Devin Rousso. Added test case to inspector/css/node-styles-refreshed.html Previously it was possible under at least two different circumstances that `WebCore::InspectorCSSAgent::getMatchedStylesForNode` could be called with the NodeId of a detached node, which means that `computedStyle` for that Node will be `nullptr`, and calls to `Style::Scope::forNode` will fail. The first failure state is timing based. If the Inspector frontend makes a request for updated styles for a node, the node may already have been detached by some other means (webpage JS, for example). In this case by the time `getMatchedStylesForNode` is invoked the `computedStyle` is no longer available. The second failure state is easier to get into. In a DOM tree with elements A, B, and C, each a child of the previous such that A is the parent of B and B is the parent of C, imagine C is the selected DOM node. Now if we right click and delete A from the DOM tree, we will have removed all three elements from the tree (both the frontend representation as well as the actual tree in the backend). Previously C remained the selected node in the tree, which means that we continue to show the Styles sidebar panel, where the user could then attempt to edit the style of the node. These style changes trigger the need to refresh the frontend's style information, at which point we will call `getMatchedStylesForNode` with a detached node id. The fix to the underlying problem is to check in the backend that a node is actually attached before determining its style information. Additionally, we should always update the selection of a TreeOutline when the current selection is part of the subtree being removed from the tree. This prevents the user being able to easily get into the state in the first place as well as prevents folks from getting confused about what the open sidebars are showing information for, since visually no node _appears_ selected. * Source/WebCore/inspector/agents/InspectorCSSAgent.cpp: (WebCore::InspectorCSSAgent::getMatchedStylesForNode): (WebCore::InspectorCSSAgent::getComputedStyleForNode): - Guard the functions that will eventually use `computedStyle` or `Style::Scope::forNode`, both of which only work for "connected" (in Web Inspector parlance "attached") nodes. Note there are a few other uses in our code where `computedStyle` is used without this check, but we do explicitly check the result of computed styles in those cases, which also works since `computedStyle` returns early if the node is not connected. (WebCore::InspectorCSSAgent::buildObjectForRule): - Add an assertion that we never call buildObjectForRule with a disconnected Element. * Source/WebInspectorUI/UserInterface/Views/TreeOutline.js: (WI.TreeOutline.prototype.removeChildAtIndex): - Fix selection updating to account for the fact the selected node may be part of the descendants tree of the removed item, in which case we would still want to update the selection to something else. * LayoutTests/inspector/css/node-styles-refreshed-expected.txt: * LayoutTests/inspector/css/node-styles-refreshed.html: - Add test case to try getting styles of a detached node, and update other test cases with a new helper function instead of relying on a "global" `nodeStyles`. Canonical link: https://commits.webkit.org/250769@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@294512 268f45cc-cd09-0410-ab3c-d52691b4dbfc
- Loading branch information
Showing 4 changed files with 73 additions and 19 deletions.