[A11y] Speculative fix for placeholder elements trying to add children

The crash reports are all logging placeholder elements as trying to add children but having a return value of false for CanHaveChildren(). A possible explanation is that CanHaveChildren() returned true earlier because the placeholder element.ShadowPseudoId() value was not set for the initial call. This hopefully fixes the issue by using a more robust API to check for the placeholder element. Even if it does not fix the crash, it seems cleaner and less brittle. Bug: 1407397 Change-Id: I59a10338525076e756e5a60cd475bdb26e75af9c Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4590613 Reviewed-by: Chris Harrelson <chrishtr@chromium.org> Commit-Queue: Chris Harrelson <chrishtr@chromium.org> Reviewed-by: Mason Freed <masonf@chromium.org> Auto-Submit: Aaron Leventhal <aleventhal@chromium.org> Cr-Commit-Position: refs/heads/main@{#1154087}
chromium · Jun 6, 2023 · 926950c · 926950c
1 parent 21a2293
commit 926950c
Showing 1 changed file with 7 additions and 3 deletions.
diff --git a/third_party/blink/renderer/modules/accessibility/ax_object.cc b/third_party/blink/renderer/modules/accessibility/ax_object.cc
@@ -1011,9 +1011,13 @@ bool AXObject::CanHaveChildren(Element& element) {
   // so there's no need to add its text children. Placeholder text is a separate
   // node that gets removed when it disappears, so this will only be present if
   // the placeholder is visible.
-  if (element.ShadowPseudoId() ==
-      shadow_element_names::kPseudoInputPlaceholder) {
-    return false;
+  if (Element* host = element.OwnerShadowHost()) {
+    if (auto* ancestor_input = DynamicTo<TextControlElement>(host)) {
+      if (ancestor_input->PlaceholderElement() == &element) {
+        // |element| is a placeholder.
+        return false;
+      }
+    }
   }
 
   if (IsA<HTMLBRElement>(element)) {