diff options
Diffstat (limited to 'chromium/third_party/blink/renderer')
50 files changed, 412 insertions, 183 deletions
diff --git a/chromium/third_party/blink/renderer/core/dom/element.cc b/chromium/third_party/blink/renderer/core/dom/element.cc index 5a859613afe..b05407eccad 100644 --- a/chromium/third_party/blink/renderer/core/dom/element.cc +++ b/chromium/third_party/blink/renderer/core/dom/element.cc @@ -3049,7 +3049,7 @@ void Element::focus(const FocusParams& params) { ToHTMLFrameOwnerElement(this)->contentDocument()->UnloadStarted()) return; - GetDocument().UpdateStyleAndLayoutTreeForNode(this); + GetDocument().UpdateStyleAndLayoutTreeIgnorePendingStylesheets(); if (!IsFocusable()) return; diff --git a/chromium/third_party/blink/renderer/core/editing/finder/text_finder.cc b/chromium/third_party/blink/renderer/core/editing/finder/text_finder.cc index ac3287f5cf5..694df1d5d5a 100644 --- a/chromium/third_party/blink/renderer/core/editing/finder/text_finder.cc +++ b/chromium/third_party/blink/renderer/core/editing/finder/text_finder.cc @@ -664,16 +664,6 @@ void TextFinder::UpdateFindMatchRects() { find_matches_cache_.swap(filtered_matches); } - // Invalidate the rects in child frames. Will be updated later during - // traversal. - if (!find_match_rects_are_valid_) { - for (WebFrame* child = OwnerFrame().FirstChild(); child; - child = child->NextSibling()) { - ToWebLocalFrameImpl(child) - ->EnsureTextFinder() - .find_match_rects_are_valid_ = false; - } - } find_match_rects_are_valid_ = true; } diff --git a/chromium/third_party/blink/renderer/core/editing/finder/text_finder.h b/chromium/third_party/blink/renderer/core/editing/finder/text_finder.h index 1e5b0b387b1..94ffca35037 100644 --- a/chromium/third_party/blink/renderer/core/editing/finder/text_finder.h +++ b/chromium/third_party/blink/renderer/core/editing/finder/text_finder.h @@ -152,8 +152,7 @@ class CORE_EXPORT TextFinder final int SelectFindMatch(unsigned index, WebRect* selection_rect); // Compute and cache the rects for FindMatches if required. - // Rects are automatically invalidated in case of content size changes, - // propagating the invalidation to child frames. + // Rects are automatically invalidated in case of content size changes. void UpdateFindMatchRects(); // Sets the markers within a range as active or inactive. Returns true if at diff --git a/chromium/third_party/blink/renderer/core/exported/web_frame_serializer.cc b/chromium/third_party/blink/renderer/core/exported/web_frame_serializer.cc index d0bbb337136..e52697467e6 100644 --- a/chromium/third_party/blink/renderer/core/exported/web_frame_serializer.cc +++ b/chromium/third_party/blink/renderer/core/exported/web_frame_serializer.cc @@ -283,10 +283,15 @@ bool MHTMLFrameSerializerDelegate::RewriteLink(const Element& element, } if (IsHTMLObjectElement(&element)) { + // If the <object> doesn't contain an image or a html document, then + // it won't be serialized by FrameSerializer::SerializeFrame. If we can + // detect this case (possible only for local frames), then preserve the + // original URI of the <object>, rather than rewriting it to a Content-ID. Document* doc = frame_owner_element->contentDocument(); - bool is_handled_by_serializer = doc->IsHTMLDocument() || - doc->IsXHTMLDocument() || - doc->IsImageDocument(); + bool is_handled_by_serializer = + !doc || // Remote frame - can't tell if this is HTML or an image. + doc->IsHTMLDocument() || doc->IsXHTMLDocument() || + doc->IsImageDocument(); if (is_handled_by_serializer) { rewritten_link = cid_uri.GetString(); return true; diff --git a/chromium/third_party/blink/renderer/core/exported/web_view_impl.cc b/chromium/third_party/blink/renderer/core/exported/web_view_impl.cc index e46c83b1b6b..580b48c703e 100644 --- a/chromium/third_party/blink/renderer/core/exported/web_view_impl.cc +++ b/chromium/third_party/blink/renderer/core/exported/web_view_impl.cc @@ -3114,6 +3114,12 @@ WebHitTestResult WebViewImpl::HitTestResultAt(const WebPoint& point) { HitTestResult WebViewImpl::CoreHitTestResultAt( const WebPoint& point_in_viewport) { + // TODO(crbug.com/843128): When we do async hit-testing, we might try to do + // hit-testing when the local main frame is not valid anymore. Look into if we + // can avoid getting here earlier in the pipeline. + if (!MainFrameImpl() || !MainFrameImpl()->GetFrameView()) + return HitTestResult(); + DocumentLifecycle::AllowThrottlingScope throttling_scope( MainFrameImpl()->GetFrame()->GetDocument()->Lifecycle()); LocalFrameView* view = MainFrameImpl()->GetFrameView(); diff --git a/chromium/third_party/blink/renderer/core/fetch/readable_stream_bytes_consumer.cc b/chromium/third_party/blink/renderer/core/fetch/readable_stream_bytes_consumer.cc index abf67b31626..6b755eb52f9 100644 --- a/chromium/third_party/blink/renderer/core/fetch/readable_stream_bytes_consumer.cc +++ b/chromium/third_party/blink/renderer/core/fetch/readable_stream_bytes_consumer.cc @@ -33,10 +33,17 @@ class ReadableStreamBytesConsumer::OnFulfilled final : public ScriptFunction { ScriptValue Call(ScriptValue v) override { bool done; v8::Local<v8::Value> item = v.V8Value(); - DCHECK(item->IsObject()); - v8::Local<v8::Value> value = - V8UnpackIteratorResult(v.GetScriptState(), item.As<v8::Object>(), &done) - .ToLocalChecked(); + if (!item->IsObject()) { + consumer_->OnRejected(); + return ScriptValue(); + } + v8::Local<v8::Value> value; + if (!V8UnpackIteratorResult(v.GetScriptState(), item.As<v8::Object>(), + &done) + .ToLocal(&value)) { + consumer_->OnRejected(); + return ScriptValue(); + } if (done) { consumer_->OnReadDone(); return v; diff --git a/chromium/third_party/blink/renderer/core/frame/csp/content_security_policy.cc b/chromium/third_party/blink/renderer/core/frame/csp/content_security_policy.cc index 986c1e88229..ff48e96fb95 100644 --- a/chromium/third_party/blink/renderer/core/frame/csp/content_security_policy.cc +++ b/chromium/third_party/blink/renderer/core/frame/csp/content_security_policy.cc @@ -1840,6 +1840,10 @@ bool ContentSecurityPolicy::ShouldBypassContentSecurityPolicy( // static bool ContentSecurityPolicy::IsValidCSPAttr(const String& attr, const String& context_required_csp) { + // we don't allow any newline characters in the CSP attributes + if (attr.Contains('\n') || attr.Contains('\r')) + return false; + ContentSecurityPolicy* attr_policy = ContentSecurityPolicy::Create(); attr_policy->AddPolicyFromHeaderValue(attr, kContentSecurityPolicyHeaderTypeEnforce, diff --git a/chromium/third_party/blink/renderer/core/frame/csp/content_security_policy_test.cc b/chromium/third_party/blink/renderer/core/frame/csp/content_security_policy_test.cc index 6dcd9750bb4..89621075563 100644 --- a/chromium/third_party/blink/renderer/core/frame/csp/content_security_policy_test.cc +++ b/chromium/third_party/blink/renderer/core/frame/csp/content_security_policy_test.cc @@ -1347,6 +1347,34 @@ TEST_F(ContentSecurityPolicyTest, IsValidCSPAttrTest) { "report-to relative-path/reporting;" "base-uri http://example.com 'self'", "")); + + // CRLF should not be allowed + EXPECT_FALSE(ContentSecurityPolicy::IsValidCSPAttr( + "base-uri\nhttp://example.com", "")); + EXPECT_FALSE(ContentSecurityPolicy::IsValidCSPAttr( + "base-uri http://example.com\nhttp://example2.com", "")); + EXPECT_FALSE(ContentSecurityPolicy::IsValidCSPAttr( + "base\n-uri http://example.com", "")); + EXPECT_FALSE(ContentSecurityPolicy::IsValidCSPAttr( + "\nbase-uri http://example.com", "")); + + EXPECT_FALSE(ContentSecurityPolicy::IsValidCSPAttr( + "base-uri\r\nhttp://example.com", "")); + EXPECT_FALSE(ContentSecurityPolicy::IsValidCSPAttr( + "base-uri http://example.com\r\nhttp://example2.com", "")); + EXPECT_FALSE(ContentSecurityPolicy::IsValidCSPAttr( + "base\r\n-uri http://example.com", "")); + EXPECT_FALSE(ContentSecurityPolicy::IsValidCSPAttr( + "\r\nbase-uri http://example.com", "")); + + EXPECT_FALSE(ContentSecurityPolicy::IsValidCSPAttr( + "base-uri\rhttp://example.com", "")); + EXPECT_FALSE(ContentSecurityPolicy::IsValidCSPAttr( + "base-uri http://example.com\rhttp://example2.com", "")); + EXPECT_FALSE(ContentSecurityPolicy::IsValidCSPAttr( + "base\r-uri http://example.com", "")); + EXPECT_FALSE(ContentSecurityPolicy::IsValidCSPAttr( + "\rbase-uri http://example.com", "")); } } // namespace blink diff --git a/chromium/third_party/blink/renderer/core/frame/mhtml_archive_test.cc b/chromium/third_party/blink/renderer/core/frame/mhtml_archive_test.cc index 06a75fb529a..e0f0164aa73 100644 --- a/chromium/third_party/blink/renderer/core/frame/mhtml_archive_test.cc +++ b/chromium/third_party/blink/renderer/core/frame/mhtml_archive_test.cc @@ -372,6 +372,15 @@ TEST_F(MHTMLArchiveTest, MHTMLDate) { EXPECT_EQ(mhtml_date(), archive->Date()); } +TEST_F(MHTMLArchiveTest, EmptyArchive) { + char* buf = nullptr; + scoped_refptr<SharedBuffer> data = + SharedBuffer::Create(buf, static_cast<size_t>(0u)); + KURL http_url = ToKURL("http://www.example.com"); + MHTMLArchive* archive = MHTMLArchive::Create(http_url, data.get()); + EXPECT_EQ(nullptr, archive); +} + } // namespace test } // namespace blink diff --git a/chromium/third_party/blink/renderer/core/frame/remote_frame_view.cc b/chromium/third_party/blink/renderer/core/frame/remote_frame_view.cc index ff642e20916..c6f04e352eb 100644 --- a/chromium/third_party/blink/renderer/core/frame/remote_frame_view.cc +++ b/chromium/third_party/blink/renderer/core/frame/remote_frame_view.cc @@ -67,6 +67,8 @@ void RemoteFrameView::UpdateViewportIntersectionsForSubtree( DocumentLifecycle::LifecycleState target_state) { if (!remote_frame_->OwnerLayoutObject()) return; + if (target_state < DocumentLifecycle::kPaintClean) + return; LocalFrameView* local_root_view = ToLocalFrame(remote_frame_->Tree().Parent())->LocalFrameRoot().View(); diff --git a/chromium/third_party/blink/renderer/core/frame/web_frame_widget_impl.cc b/chromium/third_party/blink/renderer/core/frame/web_frame_widget_impl.cc index 1ea89451aef..37c0bc8b2da 100644 --- a/chromium/third_party/blink/renderer/core/frame/web_frame_widget_impl.cc +++ b/chromium/third_party/blink/renderer/core/frame/web_frame_widget_impl.cc @@ -213,7 +213,12 @@ void WebFrameWidgetImpl::Resize(const WebSize& new_size) { // FIXME: Investigate whether this is needed; comment from eseidel suggests // that this function is flawed. - SendResizeEventAndRepaint(); + // TODO(kenrb): It would probably make more sense to check whether lifecycle + // updates are throttled in the root's LocalFrameView, but for OOPIFs that + // doesn't happen. Need to investigate if OOPIFs can be throttled during + // load. + if (local_root_->GetFrame()->GetDocument()->IsLoadCompleted()) + SendResizeEventAndRepaint(); } void WebFrameWidgetImpl::SendResizeEventAndRepaint() { diff --git a/chromium/third_party/blink/renderer/core/layout/hit_test_result.h b/chromium/third_party/blink/renderer/core/layout/hit_test_result.h index 25bc15c2639..dd9f3b33e3d 100644 --- a/chromium/third_party/blink/renderer/core/layout/hit_test_result.h +++ b/chromium/third_party/blink/renderer/core/layout/hit_test_result.h @@ -115,6 +115,9 @@ class CORE_EXPORT HitTestResult { const LayoutPoint& PointInInnerNodeFrame() const { return point_in_inner_node_frame_; } + void SetPointInInnerNodeFrame(const LayoutPoint& point) { + point_in_inner_node_frame_ = point; + } IntPoint RoundedPointInInnerNodeFrame() const { return RoundedIntPoint(PointInInnerNodeFrame()); } diff --git a/chromium/third_party/blink/renderer/core/layout/layout_box.cc b/chromium/third_party/blink/renderer/core/layout/layout_box.cc index c3096753b6b..4f724b59448 100644 --- a/chromium/third_party/blink/renderer/core/layout/layout_box.cc +++ b/chromium/third_party/blink/renderer/core/layout/layout_box.cc @@ -2555,8 +2555,9 @@ bool LayoutBox::MapToVisualRectInAncestorSpaceInternal( if (container->IsLayoutView()) { bool use_fixed_position_adjustment = - !RuntimeEnabledFeatures::RootLayerScrollingEnabled() && - position == EPosition::kFixed; + position == EPosition::kFixed && + (!RuntimeEnabledFeatures::RootLayerScrollingEnabled() || + container == ancestor); return ToLayoutView(container)->MapToVisualRectInAncestorSpaceInternal( ancestor, transform_state, use_fixed_position_adjustment ? kIsFixed : 0, visual_rect_flags); diff --git a/chromium/third_party/blink/renderer/core/layout/layout_object.cc b/chromium/third_party/blink/renderer/core/layout/layout_object.cc index dd12052f439..a35feb73599 100644 --- a/chromium/third_party/blink/renderer/core/layout/layout_object.cc +++ b/chromium/third_party/blink/renderer/core/layout/layout_object.cc @@ -2600,14 +2600,6 @@ void LayoutObject::GetTransformFromContainer( if (layer && layer->Transform()) transform.Multiply(layer->CurrentTransform()); - GetTransformFromContainerInternal(container_object, offset_in_container, - transform); -} - -void LayoutObject::GetTransformFromContainerInternal( - const LayoutObject* container_object, - const LayoutSize& offset_in_container, - TransformationMatrix& transform) const { transform.PostTranslate(offset_in_container.Width().ToFloat(), offset_in_container.Height().ToFloat()); diff --git a/chromium/third_party/blink/renderer/core/layout/layout_object.h b/chromium/third_party/blink/renderer/core/layout/layout_object.h index 972fa10c583..d31d5a8515e 100644 --- a/chromium/third_party/blink/renderer/core/layout/layout_object.h +++ b/chromium/third_party/blink/renderer/core/layout/layout_object.h @@ -1625,11 +1625,10 @@ class CORE_EXPORT LayoutObject : public ImageResourceObserver, const LayoutBoxModelObject* ancestor_to_stop_at, LayoutGeometryMap&) const; - virtual bool ShouldUseTransformFromContainer( - const LayoutObject* container) const; - virtual void GetTransformFromContainer(const LayoutObject* container, - const LayoutSize& offset_in_container, - TransformationMatrix&) const; + bool ShouldUseTransformFromContainer(const LayoutObject* container) const; + void GetTransformFromContainer(const LayoutObject* container, + const LayoutSize& offset_in_container, + TransformationMatrix&) const; bool CreatesGroup() const { return IsTransparent() || HasMask() || HasClipPath() || @@ -2058,10 +2057,6 @@ class CORE_EXPORT LayoutObject : public ImageResourceObserver, // changes at all). virtual bool AnonymousHasStylePropagationOverride() { return false; } - void GetTransformFromContainerInternal(const LayoutObject* container, - const LayoutSize& offset_in_container, - TransformationMatrix&) const; - // A fast path for MapToVisualRectInAncestorSpace for when GeometryMapper // can be used. bool MapToVisualRectInAncestorSpaceInternalFastPath( diff --git a/chromium/third_party/blink/renderer/core/layout/layout_view.cc b/chromium/third_party/blink/renderer/core/layout/layout_view.cc index 643fedfe0f5..1ce91caf717 100644 --- a/chromium/third_party/blink/renderer/core/layout/layout_view.cc +++ b/chromium/third_party/blink/renderer/core/layout/layout_view.cc @@ -440,13 +440,6 @@ void LayoutView::MapAncestorToLocal(const LayoutBoxModelObject* ancestor, transform_state.Move(OffsetForFixedPosition()); } -bool LayoutView::ShouldClipOverflow() const { - bool is_main_frame = GetFrameView()->GetFrame().IsMainFrame(); - if (is_main_frame && !GetDocument().GetSettings()->GetMainFrameClipsContent()) - return false; - return LayoutBox::ShouldClipOverflow(); -} - void LayoutView::ComputeSelfHitTestRects(Vector<LayoutRect>& rects, const LayoutPoint&) const { // Record the entire size of the contents of the frame. Note that we don't diff --git a/chromium/third_party/blink/renderer/core/layout/layout_view.h b/chromium/third_party/blink/renderer/core/layout/layout_view.h index ebd4d7fae7f..e6bbcdc0460 100644 --- a/chromium/third_party/blink/renderer/core/layout/layout_view.h +++ b/chromium/third_party/blink/renderer/core/layout/layout_view.h @@ -263,7 +263,6 @@ class CORE_EXPORT LayoutView final : public LayoutBlockFlow { void MapAncestorToLocal(const LayoutBoxModelObject*, TransformState&, MapCoordinatesFlags) const override; - bool ShouldClipOverflow() const final; void ComputeSelfHitTestRects(Vector<LayoutRect>&, const LayoutPoint& layer_offset) const override; diff --git a/chromium/third_party/blink/renderer/core/layout/svg/layout_svg_container.cc b/chromium/third_party/blink/renderer/core/layout/svg/layout_svg_container.cc index 8b27cbe5ea5..fa11a5a8020 100644 --- a/chromium/third_party/blink/renderer/core/layout/svg/layout_svg_container.cc +++ b/chromium/third_party/blink/renderer/core/layout/svg/layout_svg_container.cc @@ -25,7 +25,6 @@ #include "third_party/blink/renderer/core/layout/hit_test_result.h" #include "third_party/blink/renderer/core/layout/layout_analyzer.h" -#include "third_party/blink/renderer/core/layout/layout_box_model_object.h" #include "third_party/blink/renderer/core/layout/svg/svg_layout_support.h" #include "third_party/blink/renderer/core/layout/svg/svg_resources.h" #include "third_party/blink/renderer/core/layout/svg/svg_resources_cache.h" @@ -192,9 +191,6 @@ bool LayoutSVGContainer::NodeAtFloatPoint(HitTestResult& result, for (LayoutObject* child = LastChild(); child; child = child->PreviousSibling()) { - if (child->IsBoxModelObject() && - ToLayoutBoxModelObject(child)->HasSelfPaintingLayer()) - continue; if (child->NodeAtFloatPoint(result, local_point, hit_test_action)) { const LayoutPoint& local_layout_point = LayoutPoint(local_point); UpdateHitTestResult(result, local_layout_point); diff --git a/chromium/third_party/blink/renderer/core/layout/svg/layout_svg_foreign_object.cc b/chromium/third_party/blink/renderer/core/layout/svg/layout_svg_foreign_object.cc index 6c83ce379a7..9f9a508adc1 100644 --- a/chromium/third_party/blink/renderer/core/layout/svg/layout_svg_foreign_object.cc +++ b/chromium/third_party/blink/renderer/core/layout/svg/layout_svg_foreign_object.cc @@ -24,6 +24,7 @@ #include "third_party/blink/renderer/core/layout/hit_test_result.h" #include "third_party/blink/renderer/core/layout/svg/svg_layout_support.h" #include "third_party/blink/renderer/core/layout/svg/svg_resources_cache.h" +#include "third_party/blink/renderer/core/paint/paint_layer.h" #include "third_party/blink/renderer/core/paint/svg_foreign_object_painter.h" #include "third_party/blink/renderer/core/svg/svg_foreign_object_element.h" @@ -127,15 +128,32 @@ void LayoutSVGForeignObject::UpdateLayout() { bool LayoutSVGForeignObject::NodeAtFloatPoint(HitTestResult& result, const FloatPoint& point_in_parent, HitTestAction hit_test_action) { - if (RuntimeEnabledFeatures::SlimmingPaintV175Enabled()) { - NOTREACHED(); - return false; - } AffineTransform local_transform = LocalSVGTransform(); if (!local_transform.IsInvertible()) return false; FloatPoint local_point = local_transform.Inverse().MapPoint(point_in_parent); + if (RuntimeEnabledFeatures::SlimmingPaintV175Enabled()) { + LayoutPoint point_in_foreign_object(local_point); + // |local_point| already includes the offset of the <foreignObject> element, + // but PaintLayer::HitTestLayer assumes it has not been. + point_in_foreign_object.MoveBy(-Layer()->LayoutBoxLocation()); + HitTestResult layer_result(result.GetHitTestRequest(), + point_in_foreign_object); + bool retval = Layer()->HitTest(layer_result); + + // Preserve the "point in inner node frame" from the original request, + // since |layer_result| is a hit test rooted at the <foreignObject> element, + // not the frame, due to the constructor above using + // |point_in_foreign_object| as its "point in inner node frame". + // TODO(chrishtr): refactor the PaintLayer and HitTestResults code around + // this, to better support hit tests that don't start at frame boundaries. + LayoutPoint original_point_in_inner_node_frame = + result.PointInInnerNodeFrame(); + result = layer_result; + result.SetPointInInnerNodeFrame(original_point_in_inner_node_frame); + return retval; + } // Early exit if local point is not contained in clipped viewport area if (SVGLayoutSupport::IsOverflowHidden(*this) && @@ -152,16 +170,6 @@ bool LayoutSVGForeignObject::NodeAtFloatPoint(HitTestResult& result, kHitTestChildBlockBackgrounds); } -void LayoutSVGForeignObject::GetTransformFromContainer( - const LayoutObject* container, - const LayoutSize& offset_in_container, - TransformationMatrix& matrix) const { - AffineTransform to_svg_root_transform; - SVGLayoutSupport::ComputeTransformToSVGRoot(*this, to_svg_root_transform); - matrix = to_svg_root_transform; - GetTransformFromContainerInternal(container, offset_in_container, matrix); -} - bool LayoutSVGForeignObject::NodeAtPoint( HitTestResult& result, const HitTestLocation& location_in_parent, diff --git a/chromium/third_party/blink/renderer/core/layout/svg/layout_svg_foreign_object.h b/chromium/third_party/blink/renderer/core/layout/svg/layout_svg_foreign_object.h index 78d8f07e3fb..4dffb3efd69 100644 --- a/chromium/third_party/blink/renderer/core/layout/svg/layout_svg_foreign_object.h +++ b/chromium/third_party/blink/renderer/core/layout/svg/layout_svg_foreign_object.h @@ -60,14 +60,6 @@ class LayoutSVGForeignObject final : public LayoutSVGBlock { return ObjectBoundingBox(); } - bool ShouldUseTransformFromContainer( - const LayoutObject* container) const override { - return true; - } - void GetTransformFromContainer(const LayoutObject* container, - const LayoutSize& offset_in_container, - TransformationMatrix&) const override; - bool NodeAtPoint(HitTestResult&, const HitTestLocation&, const LayoutPoint&, @@ -100,6 +92,8 @@ class LayoutSVGForeignObject final : public LayoutSVGBlock { bool needs_transform_update_; }; +DEFINE_LAYOUT_OBJECT_TYPE_CASTS(LayoutSVGForeignObject, IsSVGForeignObject()); + } // namespace blink #endif diff --git a/chromium/third_party/blink/renderer/core/layout/svg/layout_svg_foreign_object_test.cc b/chromium/third_party/blink/renderer/core/layout/svg/layout_svg_foreign_object_test.cc index 9b5770ef703..eb31ff5f2ae 100644 --- a/chromium/third_party/blink/renderer/core/layout/svg/layout_svg_foreign_object_test.cc +++ b/chromium/third_party/blink/renderer/core/layout/svg/layout_svg_foreign_object_test.cc @@ -3,6 +3,7 @@ // found in the LICENSE file. #include "third_party/blink/renderer/core/layout/layout_geometry_map.h" +#include "third_party/blink/renderer/core/paint/paint_layer.h" #include "third_party/blink/renderer/core/testing/core_unit_test_helper.h" namespace blink { @@ -265,4 +266,70 @@ TEST_F(LayoutSVGForeignObjectTest, HitTestUnderClipPath) { EXPECT_EQ(svg, GetDocument().ElementFromPoint(400, 400)); } +TEST_F(LayoutSVGForeignObjectTest, + HitTestUnderClippedPositionedForeignObjectDescendant) { + SetBodyInnerHTML(R"HTML( + <style> + * { + margin: 0 + } + </style> + <svg id="svg" style="width: 600px; height: 600px"> + <foreignObject id="foreignObject" x="200" y="200" width="100" + height="100"> + <div id="target" style="overflow: hidden; position: relative; + width: 100px; height: 50px; left: 5px"></div> + </foreignObject> + </svg> + )HTML"); + + const auto& svg = *GetDocument().getElementById("svg"); + const auto& target = *GetDocument().getElementById("target"); + const auto& foreignObject = *GetDocument().getElementById("foreignObject"); + + EXPECT_EQ(svg, GetDocument().ElementFromPoint(1, 1)); + EXPECT_EQ(foreignObject, GetDocument().ElementFromPoint(201, 201)); + EXPECT_EQ(target, GetDocument().ElementFromPoint(206, 206)); + EXPECT_EQ(foreignObject, GetDocument().ElementFromPoint(205, 255)); + + HitTestRequest request(HitTestRequest::kReadOnly | HitTestRequest::kActive); + HitTestResult result(request, LayoutPoint(206, 206)); + GetDocument().GetLayoutView()->Layer()->HitTest(result); + EXPECT_EQ(target, result.InnerNode()); + EXPECT_EQ(LayoutPoint(206, 206), result.PointInInnerNodeFrame()); +} + +TEST_F(LayoutSVGForeignObjectTest, + HitTestUnderTransformedForeignObjectDescendant) { + SetBodyInnerHTML(R"HTML( + <style> + * { + margin: 0 + } + </style> + <svg id="svg" style="width: 600px; height: 600px"> + <foreignObject id="foreignObject" x="200" y="200" width="100" + height="100" transform="translate(30)"> + <div id="target" style="overflow: hidden; position: relative; + width: 100px; height: 50px; left: 5px"></div> + </foreignObject> + </svg> + )HTML"); + + const auto& svg = *GetDocument().getElementById("svg"); + const auto& target = *GetDocument().getElementById("target"); + const auto& foreignObject = *GetDocument().getElementById("foreignObject"); + + EXPECT_EQ(svg, GetDocument().ElementFromPoint(1, 1)); + EXPECT_EQ(foreignObject, GetDocument().ElementFromPoint(231, 201)); + EXPECT_EQ(target, GetDocument().ElementFromPoint(236, 206)); + EXPECT_EQ(foreignObject, GetDocument().ElementFromPoint(235, 255)); + + HitTestRequest request(HitTestRequest::kReadOnly | HitTestRequest::kActive); + HitTestResult result(request, LayoutPoint(236, 206)); + GetDocument().GetLayoutView()->Layer()->HitTest(result); + EXPECT_EQ(target, result.InnerNode()); + EXPECT_EQ(LayoutPoint(236, 206), result.PointInInnerNodeFrame()); +} + } // namespace blink diff --git a/chromium/third_party/blink/renderer/core/layout/svg/layout_svg_root.cc b/chromium/third_party/blink/renderer/core/layout/svg/layout_svg_root.cc index 057c364d35f..f35b4a16e36 100644 --- a/chromium/third_party/blink/renderer/core/layout/svg/layout_svg_root.cc +++ b/chromium/third_party/blink/renderer/core/layout/svg/layout_svg_root.cc @@ -513,9 +513,6 @@ bool LayoutSVGRoot::NodeAtPoint(HitTestResult& result, for (LayoutObject* child = LastChild(); child; child = child->PreviousSibling()) { - if (child->IsBoxModelObject() && - ToLayoutBoxModelObject(child)->HasSelfPaintingLayer()) - continue; // FIXME: nodeAtFloatPoint() doesn't handle rect-based hit tests yet. if (child->NodeAtFloatPoint(result, local_point, hit_test_action)) { UpdateHitTestResult(result, point_in_border_box); diff --git a/chromium/third_party/blink/renderer/core/layout/svg/svg_layout_support.cc b/chromium/third_party/blink/renderer/core/layout/svg/svg_layout_support.cc index b37d9a1e270..10e7e46daad 100644 --- a/chromium/third_party/blink/renderer/core/layout/svg/svg_layout_support.cc +++ b/chromium/third_party/blink/renderer/core/layout/svg/svg_layout_support.cc @@ -94,7 +94,7 @@ LayoutRect SVGLayoutSupport::TransformVisualRect( return LayoutRect(EnclosingIntRect(adjusted_rect)); } -const LayoutSVGRoot& SVGLayoutSupport::ComputeTransformToSVGRoot( +static const LayoutSVGRoot& ComputeTransformToSVGRoot( const LayoutObject& object, AffineTransform& root_border_box_transform) { DCHECK(object.IsSVGChild()); diff --git a/chromium/third_party/blink/renderer/core/layout/svg/svg_layout_support.h b/chromium/third_party/blink/renderer/core/layout/svg/svg_layout_support.h index b055793af1f..dbc43c74fee 100644 --- a/chromium/third_party/blink/renderer/core/layout/svg/svg_layout_support.h +++ b/chromium/third_party/blink/renderer/core/layout/svg/svg_layout_support.h @@ -153,10 +153,6 @@ class CORE_EXPORT SVGLayoutSupport { static LayoutObject* FindClosestLayoutSVGText(const LayoutObject*, const FloatPoint&); - static const LayoutSVGRoot& ComputeTransformToSVGRoot( - const LayoutObject& object, - AffineTransform& root_border_box_transform); - private: static void UpdateObjectBoundingBox(FloatRect& object_bounding_box, bool& object_bounding_box_valid, diff --git a/chromium/third_party/blink/renderer/core/layout/visual_rect_mapping_test.cc b/chromium/third_party/blink/renderer/core/layout/visual_rect_mapping_test.cc index 144cdecb03c..eb8578dc98e 100644 --- a/chromium/third_party/blink/renderer/core/layout/visual_rect_mapping_test.cc +++ b/chromium/third_party/blink/renderer/core/layout/visual_rect_mapping_test.cc @@ -1012,11 +1012,6 @@ TEST_P(VisualRectMappingTest, FixedContentsWithScrollOffset) { GetDocument().View()->LayoutViewportScrollableArea()->SetScrollOffset( ScrollOffset(0, 50), kProgrammaticScroll); GetDocument().View()->UpdateAllLifecyclePhases(); - - // The fixed element does not scroll but the ancestor does which changes the - // visual rect. - CheckMapToVisualRectInAncestorSpace( - LayoutRect(0, 0, 400, 300), LayoutRect(0, 40, 400, 300), fixed, ancestor); } } // namespace blink diff --git a/chromium/third_party/blink/renderer/core/loader/frame_fetch_context.cc b/chromium/third_party/blink/renderer/core/loader/frame_fetch_context.cc index b9f29902c57..b1025b2413b 100644 --- a/chromium/third_party/blink/renderer/core/loader/frame_fetch_context.cc +++ b/chromium/third_party/blink/renderer/core/loader/frame_fetch_context.cc @@ -32,6 +32,8 @@ #include <algorithm> #include <memory> + +#include "base/feature_list.h" #include "services/network/public/mojom/request_context_frame_type.mojom-blink.h" #include "third_party/blink/public/common/client_hints/client_hints.h" #include "third_party/blink/public/common/device_memory/approximated_device_memory.h" @@ -100,6 +102,12 @@ namespace blink { namespace { +// If kAllowClientHintsToThirdParty is enabled, then device-memory, +// resource-width and viewport-width client hints can be sent to third-party +// origins if the first-party has opted in to receiving client hints. +const base::Feature kAllowClientHintsToThirdParty{ + "AllowClientHintsToThirdParty", base::FEATURE_DISABLED_BY_DEFAULT}; + enum class RequestMethod { kIsPost, kIsNotPost }; enum class RequestType { kIsConditional, kIsNotConditional }; enum class ResourceType { kIsMainResource, kIsNotMainResource }; @@ -881,6 +889,9 @@ void FrameFetchContext::AddClientHintsIfNecessary( const FetchParameters::ResourceWidth& resource_width, ResourceRequest& request) { WebEnabledClientHints enabled_hints; + + bool is_1p_origin = false; + if (blink::RuntimeEnabledFeatures::ClientHintsPersistentEnabled()) { // If the feature is enabled, then client hints are allowed only on secure // URLs. @@ -896,17 +907,22 @@ void FrameFetchContext::AddClientHintsIfNecessary( if (IsDetached()) return; - if (!GetFrame() - ->Tree() - .Top() - .GetSecurityContext() - ->GetSecurityOrigin() - ->IsSameSchemeHostPort( - SecurityOrigin::Create(request.Url()).get())) { + is_1p_origin = + GetFrame() + ->Tree() + .Top() + .GetSecurityContext() + ->GetSecurityOrigin() + ->IsSameSchemeHostPort(SecurityOrigin::Create(request.Url()).get()); + + if (!base::FeatureList::IsEnabled(kAllowClientHintsToThirdParty) && + !is_1p_origin) { // No client hints for 3p origins. return; } - if (GetContentSettingsClient()) { + // Persisted client hints preferences should be read for only the first + // party origins. + if (is_1p_origin && GetContentSettingsClient()) { GetContentSettingsClient()->GetAllowedClientHintsFromSource( request.Url(), &enabled_hints); } @@ -943,6 +959,12 @@ void FrameFetchContext::AddClientHintsIfNecessary( AtomicString(String::Number(GetFrame()->View()->ViewportWidth()))); } + if (!is_1p_origin) { + // No network quality client hints for 3p origins. Only DPR, resource width + // and viewport width client hints are allowed for 1p origins. + return; + } + if (ShouldSendClientHint(mojom::WebClientHintsType::kRtt, hints_preferences, enabled_hints)) { unsigned long rtt = GetNetworkStateNotifier().RoundRtt( diff --git a/chromium/third_party/blink/renderer/core/loader/threadable_loader.cc b/chromium/third_party/blink/renderer/core/loader/threadable_loader.cc index 44b688f05be..6e269ec2080 100644 --- a/chromium/third_party/blink/renderer/core/loader/threadable_loader.cc +++ b/chromium/third_party/blink/renderer/core/loader/threadable_loader.cc @@ -33,6 +33,7 @@ #include "third_party/blink/renderer/core/execution_context/execution_context.h" #include "third_party/blink/renderer/core/loader/document_threadable_loader.h" #include "third_party/blink/renderer/core/loader/threadable_loading_context.h" +#include "third_party/blink/renderer/core/loader/worker_threadable_loader.h" #include "third_party/blink/renderer/core/workers/worker_global_scope.h" namespace blink { @@ -56,6 +57,12 @@ void ThreadableLoader::LoadResourceSynchronously( ThreadableLoaderClient& client, const ThreadableLoaderOptions& options, const ResourceLoaderOptions& resource_loader_options) { + if (context.IsWorkerGlobalScope()) { + WorkerThreadableLoader::LoadResourceSynchronously( + ToWorkerGlobalScope(context), request, client, options, + resource_loader_options); + return; + } DocumentThreadableLoader::LoadResourceSynchronously( *ThreadableLoadingContext::Create(context), request, client, options, resource_loader_options); diff --git a/chromium/third_party/blink/renderer/core/paint/README.md b/chromium/third_party/blink/renderer/core/paint/README.md index 641f09eb8ec..0a3e2ed55b7 100644 --- a/chromium/third_party/blink/renderer/core/paint/README.md +++ b/chromium/third_party/blink/renderer/core/paint/README.md @@ -26,6 +26,13 @@ are treated in different ways during painting: * Stacking contexts: elements with non-auto z-indices or other properties that affect stacking e.g. transform, opacity, blend-mode. + * Replaced normal-flow stacking elements: [replaced elements](https://html.spec.whatwg.org/multipage/rendering.html#replaced-elements) + that do not have non-auto z-index but are stacking contexts for + elements below them. Right now the only example is SVG <foreignObject>. + The difference between these elements and regular stacking contexts is + that they paint in the foreground phase of the painting algorithm + (as opposed to the positioned descendants phase). + * Elements that are not real stacking contexts but are treated as stacking contexts but don't manage other stacked elements. Their z-ordering are managed by real stacking contexts. They are positioned elements with diff --git a/chromium/third_party/blink/renderer/core/paint/box_painter.cc b/chromium/third_party/blink/renderer/core/paint/box_painter.cc index 77ba7b05a8e..79cfaa28616 100644 --- a/chromium/third_party/blink/renderer/core/paint/box_painter.cc +++ b/chromium/third_party/blink/renderer/core/paint/box_painter.cc @@ -9,6 +9,7 @@ #include "third_party/blink/renderer/core/layout/layout_object.h" #include "third_party/blink/renderer/core/layout/layout_table.h" #include "third_party/blink/renderer/core/layout/layout_theme.h" +#include "third_party/blink/renderer/core/layout/svg/layout_svg_foreign_object.h" #include "third_party/blink/renderer/core/paint/adjust_paint_offset_scope.h" #include "third_party/blink/renderer/core/paint/background_image_geometry.h" #include "third_party/blink/renderer/core/paint/box_decoration_data.h" @@ -19,6 +20,7 @@ #include "third_party/blink/renderer/core/paint/object_painter.h" #include "third_party/blink/renderer/core/paint/paint_info.h" #include "third_party/blink/renderer/core/paint/scroll_recorder.h" +#include "third_party/blink/renderer/core/paint/svg_foreign_object_painter.h" #include "third_party/blink/renderer/core/paint/theme_painter.h" #include "third_party/blink/renderer/platform/geometry/layout_point.h" #include "third_party/blink/renderer/platform/graphics/graphics_context_state_saver.h" @@ -42,9 +44,13 @@ void BoxPainter::PaintChildren(const PaintInfo& paint_info, PaintInfo child_info(paint_info); for (LayoutObject* child = layout_box_.SlowFirstChild(); child; child = child->NextSibling()) { - if (!child->IsBoxModelObject() || - !ToLayoutBoxModelObject(child)->HasSelfPaintingLayer()) + if (RuntimeEnabledFeatures::SlimmingPaintV175Enabled() && + child->IsSVGForeignObject()) { + SVGForeignObjectPainter(ToLayoutSVGForeignObject(*child)) + .PaintLayer(paint_info); + } else { child->Paint(child_info, paint_offset); + } } } diff --git a/chromium/third_party/blink/renderer/core/paint/compositing/composited_layer_mapping.cc b/chromium/third_party/blink/renderer/core/paint/compositing/composited_layer_mapping.cc index c3cc47a03f4..217062ed40f 100644 --- a/chromium/third_party/blink/renderer/core/paint/compositing/composited_layer_mapping.cc +++ b/chromium/third_party/blink/renderer/core/paint/compositing/composited_layer_mapping.cc @@ -3368,19 +3368,27 @@ IntRect CompositedLayerMapping::RecomputeInterestRect( LayoutRect graphics_layer_bounds_in_root_view_space( graphics_layer_bounds_in_object_space); - // MapToVisualRectInAncestorSpace is exclusive of the scroll and clip on the - // ancestor, so we map to nullptr instead of |root_view| to include these. anchor_layout_object->MapToVisualRectInAncestorSpace( - nullptr, graphics_layer_bounds_in_root_view_space); + root_view, graphics_layer_bounds_in_root_view_space); + + // In RLS, the root_view is scrolled. However, MapToVisualRectInAncestorSpace + // doesn't account for this scroll, since it earlies out as soon as we reach + // this ancestor. That is, it only maps to the space of the root_view, not + // accounting for the fact that the root_view itself can be scrolled. If the + // root_view is our anchor_layout_object, then this extra offset is counted in + // offset_from_anchor_layout_object. In other cases, we need to account for it + // here. Otherwise, the paint clip below might clip the whole (visible) rect + // out. + if (RuntimeEnabledFeatures::RootLayerScrollingEnabled() && + root_view != anchor_layout_object) { + if (auto* scrollable_area = root_view->GetScrollableArea()) { + graphics_layer_bounds_in_root_view_space.MoveBy( + -scrollable_area->VisibleContentRect().Location()); + } + } - // MapToVisualRectInAncestorSpace will not clip if the anchor is the root - // view, because the rect is assumed to already be in the clipped space of - // the root view. We need to manually apply the root view's clip in this case. FloatRect visible_content_rect(graphics_layer_bounds_in_root_view_space); - if (anchor_layout_object == root_view || - !RuntimeEnabledFeatures::RootLayerScrollingEnabled()) { - root_view->GetFrameView()->ClipPaintRect(&visible_content_rect); - } + root_view->GetFrameView()->ClipPaintRect(&visible_content_rect); FloatRect enclosing_graphics_layer_bounds( EnclosingIntRect(graphics_layer_bounds)); diff --git a/chromium/third_party/blink/renderer/core/paint/compositing/paint_layer_compositor.cc b/chromium/third_party/blink/renderer/core/paint/compositing/paint_layer_compositor.cc index 95b7ed761bf..e17ae8d3414 100644 --- a/chromium/third_party/blink/renderer/core/paint/compositing/paint_layer_compositor.cc +++ b/chromium/third_party/blink/renderer/core/paint/compositing/paint_layer_compositor.cc @@ -967,7 +967,10 @@ bool PaintLayerCompositor::CanBeComposited(const PaintLayer* layer) const { return has_accelerated_compositing_ && (has_compositor_animation || !layer->SubtreeIsInvisible()) && layer->IsSelfPaintingLayer() && - !layer->GetLayoutObject().IsLayoutFlowThread(); + !layer->GetLayoutObject().IsLayoutFlowThread() && + // Don't composite <foreignObject> for the moment, to reduce + // instances of the "fundamental compositing bug" breaking content. + !layer->GetLayoutObject().IsSVGForeignObject(); } // Return true if the given layer is a stacking context and has compositing diff --git a/chromium/third_party/blink/renderer/core/paint/paint_layer.cc b/chromium/third_party/blink/renderer/core/paint/paint_layer.cc index 79c2117f843..6c4a1ad30e0 100644 --- a/chromium/third_party/blink/renderer/core/paint/paint_layer.cc +++ b/chromium/third_party/blink/renderer/core/paint/paint_layer.cc @@ -1856,16 +1856,6 @@ scoped_refptr<HitTestingTransformState> PaintLayer::CreateLocalTransformState( ConvertToLayerCoords(root_layer, offset); } offset.MoveBy(translation_offset); - // The location of a foreignObject element is added *after* transform, not - // before (all SVG child elements have this behavior). Therefore, remove - // the offset here to avoid applying it before the transform. It will be - // added later. - // TODO(chrishtr): this ugliness can be removed if we change the code to - // to be based on PaintOffset rather than PaintLayer offsets, like the - // paint code does. This is a larger effort though, that involves using - // property trees to drive hit testing coordinate spaces. - if (GetLayoutObject().IsSVGForeignObject()) - offset.MoveBy(-LayoutBoxLocation()); LayoutObject* container_layout_object = container_layer ? &container_layer->GetLayoutObject() : nullptr; @@ -1943,11 +1933,11 @@ PaintLayer* PaintLayer::HitTestLayer( if (result.GetHitTestRequest().IgnoreClipping()) clip_behavior = kIgnoreOverflowClip; - // Always send foreignObject PaintLayers through the "transform" code path, - // even if they have no transform. This is in order to collect any ancestor - // SVG transforms, including the SVG root to border box transform, which - // are represented outside of the PaintLayer tree. - bool use_transform = Transform() || GetLayoutObject().IsSVGForeignObject(); + // We can only reach an SVG foreign object's PaintLayer from + // LayoutSVGForeignObject::NodeAtFloatPoint (because + // IsReplacedNormalFlowStacking() true for LayoutSVGForeignObject), + // where the hit_test_rect has already been transformed to local coordinates. + bool use_transform = Transform() && !GetLayoutObject().IsSVGForeignObject(); // Apply a transform if we have one. if (use_transform && !applied_transform) { @@ -1979,17 +1969,6 @@ PaintLayer* PaintLayer::HitTestLayer( if (HitTestClippedOutByClipPath(root_layer, hit_test_location)) return nullptr; - // TODO(chrishtr): this can have incorrect results for rects that are not - // unit-sized due to use of Center(). - if (GetLayoutObject().IsSVGForeignObject() && - !GeometryMapper::PointVisibleInAncestorSpace( - GetLayoutObject().FirstFragment().LocalBorderBoxProperties(), - container_layer->GetLayoutObject() - .FirstFragment() - .LocalBorderBoxProperties(), - FloatPoint(hit_test_location.BoundingBox().Center()))) - return nullptr; - // The natural thing would be to keep HitTestingTransformState on the stack, // but it's big, so we heap-allocate. scoped_refptr<HitTestingTransformState> local_transform_state; @@ -2098,10 +2077,6 @@ PaintLayer* PaintLayer::HitTestLayer( } LayoutPoint offset = -LayoutBoxLocation(); - // See comment in CreateLocalTransformState. The code here is - // where we re-add the location. - if (root_layer->GetLayoutObject().IsSVGForeignObject()) - offset.MoveBy(root_layer->LayoutBoxLocation()); // Next we want to see if the mouse pos is inside the child LayoutObjects of // the layer. Check every fragment in reverse order. @@ -2315,6 +2290,14 @@ bool PaintLayer::HitTestContents(HitTestResult& result, return true; } +bool PaintLayer::IsReplacedNormalFlowStacking() { + if (!GetLayoutObject().IsSVGForeignObject()) + return false; + if (!GetLayoutObject().StyleRef().HasAutoZIndex()) + return false; + return true; +} + PaintLayer* PaintLayer::HitTestChildren( ChildrenIteration childrento_visit, PaintLayer* root_layer, @@ -2334,6 +2317,10 @@ PaintLayer* PaintLayer::HitTestChildren( childrento_visit); while (PaintLayerStackingNode* child = iterator.Next()) { PaintLayer* child_layer = child->Layer(); + + if (child_layer->IsReplacedNormalFlowStacking()) + continue; + PaintLayer* hit_layer = nullptr; HitTestResult temp_result(result.GetHitTestRequest(), result.GetHitTestLocation()); diff --git a/chromium/third_party/blink/renderer/core/paint/paint_layer.h b/chromium/third_party/blink/renderer/core/paint/paint_layer.h index 24a1578f33f..4bd4db980ac 100644 --- a/chromium/third_party/blink/renderer/core/paint/paint_layer.h +++ b/chromium/third_party/blink/renderer/core/paint/paint_layer.h @@ -1030,6 +1030,11 @@ class CORE_EXPORT PaintLayer : public DisplayItemClient { bool ShouldFragmentCompositedBounds( const PaintLayer* compositing_layer = nullptr) const; + // See + // https://chromium.googlesource.com/chromium/src.git/+/master/third_party/blink/renderer/core/paint/README.md + // for the definition of a replaced normal-flow stacking element. + bool IsReplacedNormalFlowStacking(); + private: void SetNeedsCompositingInputsUpdateInternal(); diff --git a/chromium/third_party/blink/renderer/core/paint/paint_layer_painter.cc b/chromium/third_party/blink/renderer/core/paint/paint_layer_painter.cc index 5eb8f0c3223..5e50057e5e4 100644 --- a/chromium/third_party/blink/renderer/core/paint/paint_layer_painter.cc +++ b/chromium/third_party/blink/renderer/core/paint/paint_layer_painter.cc @@ -983,6 +983,9 @@ PaintResult PaintLayerPainter::PaintChildren( painting_info.GetGlobalPaintFlags())) continue; + if (child->Layer()->IsReplacedNormalFlowStacking()) + continue; + PaintLayerPaintingInfo child_painting_info = painting_info; child_painting_info.scroll_offset_accumulation = scroll_offset_accumulation_for_children; diff --git a/chromium/third_party/blink/renderer/core/paint/svg_container_painter.cc b/chromium/third_party/blink/renderer/core/paint/svg_container_painter.cc index aad110b234a..529a5525b10 100644 --- a/chromium/third_party/blink/renderer/core/paint/svg_container_painter.cc +++ b/chromium/third_party/blink/renderer/core/paint/svg_container_painter.cc @@ -6,11 +6,13 @@ #include "third_party/blink/renderer/core/layout/layout_box_model_object.h" #include "third_party/blink/renderer/core/layout/svg/layout_svg_container.h" +#include "third_party/blink/renderer/core/layout/svg/layout_svg_foreign_object.h" #include "third_party/blink/renderer/core/layout/svg/layout_svg_viewport_container.h" #include "third_party/blink/renderer/core/layout/svg/svg_layout_support.h" #include "third_party/blink/renderer/core/paint/float_clip_recorder.h" #include "third_party/blink/renderer/core/paint/object_painter.h" #include "third_party/blink/renderer/core/paint/paint_info.h" +#include "third_party/blink/renderer/core/paint/svg_foreign_object_painter.h" #include "third_party/blink/renderer/core/paint/svg_paint_context.h" #include "third_party/blink/renderer/core/svg/svg_svg_element.h" #include "third_party/blink/renderer/platform/wtf/optional.h" @@ -83,8 +85,11 @@ void SVGContainerPainter::Paint(const PaintInfo& paint_info) { if (continue_rendering) { for (LayoutObject* child = layout_svg_container_.FirstChild(); child; child = child->NextSibling()) { - if (!child->IsBoxModelObject() || - !ToLayoutBoxModelObject(child)->HasSelfPaintingLayer()) { + if (RuntimeEnabledFeatures::SlimmingPaintV175Enabled() && + child->IsSVGForeignObject()) { + SVGForeignObjectPainter(ToLayoutSVGForeignObject(*child)) + .PaintLayer(paint_context.GetPaintInfo()); + } else { child->Paint(paint_context.GetPaintInfo(), IntPoint()); } } diff --git a/chromium/third_party/blink/renderer/core/paint/svg_foreign_object_painter.cc b/chromium/third_party/blink/renderer/core/paint/svg_foreign_object_painter.cc index 3e8cc8eb07b..d78a5fa6162 100644 --- a/chromium/third_party/blink/renderer/core/paint/svg_foreign_object_painter.cc +++ b/chromium/third_party/blink/renderer/core/paint/svg_foreign_object_painter.cc @@ -11,6 +11,7 @@ #include "third_party/blink/renderer/core/paint/object_painter.h" #include "third_party/blink/renderer/core/paint/paint_info.h" #include "third_party/blink/renderer/core/paint/paint_layer.h" +#include "third_party/blink/renderer/core/paint/paint_layer_painter.h" #include "third_party/blink/renderer/core/paint/svg_paint_context.h" #include "third_party/blink/renderer/platform/wtf/optional.h" @@ -34,6 +35,34 @@ class BlockPainterDelegate : public LayoutBlock { } // namespace +void SVGForeignObjectPainter::PaintLayer(const PaintInfo& paint_info) { + if (!RuntimeEnabledFeatures::SlimmingPaintV175Enabled()) + return; + if (paint_info.phase != PaintPhase::kForeground && + paint_info.phase != PaintPhase::kSelection) + return; + + // Early out in the case of trying to paint an image filter before + // pre-paint has finished. + if (!layout_svg_foreign_object_.FirstFragment().HasLocalBorderBoxProperties()) + return; + + // <foreignObject> is a replaced normal-flow stacking element. + // See IsReplacedNormalFlowStacking in paint_layer_painter.cc. + PaintLayerPaintingInfo layer_painting_info( + layout_svg_foreign_object_.Layer(), + // Reset to an infinite cull rect, for simplicity. Otherwise + // an adjustment would be needed for ancestor scrolling, and any + // SVG transforms would have to be taken into account. Further, + // cull rects under transform are intentionally reset to infinity, + // to improve cache invalidation performance in the pre-paint tree + // walk (see https://http://crrev.com/482854). + LayoutRect(LayoutRect::InfiniteIntRect()), + paint_info.GetGlobalPaintFlags(), LayoutSize()); + PaintLayerPainter(*layout_svg_foreign_object_.Layer()) + .Paint(paint_info.context, layer_painting_info, paint_info.PaintFlags()); +} + void SVGForeignObjectPainter::Paint(const PaintInfo& paint_info) { if (!RuntimeEnabledFeatures::SlimmingPaintV175Enabled()) { if (paint_info.phase != PaintPhase::kForeground && diff --git a/chromium/third_party/blink/renderer/core/paint/svg_foreign_object_painter.h b/chromium/third_party/blink/renderer/core/paint/svg_foreign_object_painter.h index c60e19da08d..095518a2849 100644 --- a/chromium/third_party/blink/renderer/core/paint/svg_foreign_object_painter.h +++ b/chromium/third_party/blink/renderer/core/paint/svg_foreign_object_painter.h @@ -21,6 +21,8 @@ class SVGForeignObjectPainter { : layout_svg_foreign_object_(layout_svg_foreign_object) {} void Paint(const PaintInfo&); + void PaintLayer(const PaintInfo& paint_info); + private: const LayoutSVGForeignObject& layout_svg_foreign_object_; }; diff --git a/chromium/third_party/blink/renderer/devtools/front_end/sdk/NetworkManager.js b/chromium/third_party/blink/renderer/devtools/front_end/sdk/NetworkManager.js index 27a5d0c9ad0..78542b58ff5 100644 --- a/chromium/third_party/blink/renderer/devtools/front_end/sdk/NetworkManager.js +++ b/chromium/third_party/blink/renderer/devtools/front_end/sdk/NetworkManager.js @@ -807,8 +807,9 @@ SDK.NetworkDispatcher = class { if (blockedCrossSiteDocument) { const message = Common.UIString( - `Blocked current origin from receiving cross-site document at %s with MIME type %s.`, networkRequest.url(), - networkRequest.mimeType); + `Cross-Origin Read Blocking (CORB) blocked cross-origin response %s with MIME type %s. ` + + `See https://www.chromestatus.com/feature/5629709824032768 for more details.`, + networkRequest.url(), networkRequest.mimeType); this._manager.dispatchEventToListeners( SDK.NetworkManager.Events.MessageGenerated, {message: message, requestId: networkRequest.requestId(), warning: true}); diff --git a/chromium/third_party/blink/renderer/modules/media_controls/elements/media_control_button_panel_element.cc b/chromium/third_party/blink/renderer/modules/media_controls/elements/media_control_button_panel_element.cc index a79e51741ff..7c21b9a4003 100644 --- a/chromium/third_party/blink/renderer/modules/media_controls/elements/media_control_button_panel_element.cc +++ b/chromium/third_party/blink/renderer/modules/media_controls/elements/media_control_button_panel_element.cc @@ -4,6 +4,7 @@ #include "third_party/blink/renderer/modules/media_controls/elements/media_control_button_panel_element.h" +#include "third_party/blink/renderer/modules/media_controls/elements/media_control_elements_helper.h" #include "third_party/blink/renderer/modules/media_controls/media_controls_impl.h" namespace blink { @@ -14,4 +15,8 @@ MediaControlButtonPanelElement::MediaControlButtonPanelElement( SetShadowPseudoId(AtomicString("-internal-media-controls-button-panel")); } +bool MediaControlButtonPanelElement::KeepEventInNode(Event* event) { + return MediaControlElementsHelper::IsUserInteractionEvent(event); +} + } // namespace blink diff --git a/chromium/third_party/blink/renderer/modules/media_controls/elements/media_control_button_panel_element.h b/chromium/third_party/blink/renderer/modules/media_controls/elements/media_control_button_panel_element.h index 460207cd939..d8bb310ffbe 100644 --- a/chromium/third_party/blink/renderer/modules/media_controls/elements/media_control_button_panel_element.h +++ b/chromium/third_party/blink/renderer/modules/media_controls/elements/media_control_button_panel_element.h @@ -18,6 +18,9 @@ class MediaControlsImpl; class MediaControlButtonPanelElement final : public MediaControlDivElement { public: explicit MediaControlButtonPanelElement(MediaControlsImpl&); + + private: + bool KeepEventInNode(Event*) override; }; } // namespace blink diff --git a/chromium/third_party/blink/renderer/modules/media_controls/elements/media_control_overlay_play_button_element.cc b/chromium/third_party/blink/renderer/modules/media_controls/elements/media_control_overlay_play_button_element.cc index e345cb06019..82d819a4482 100644 --- a/chromium/third_party/blink/renderer/modules/media_controls/elements/media_control_overlay_play_button_element.cc +++ b/chromium/third_party/blink/renderer/modules/media_controls/elements/media_control_overlay_play_button_element.cc @@ -215,31 +215,17 @@ void MediaControlOverlayPlayButtonElement::MaybeJump(int seconds) { } void MediaControlOverlayPlayButtonElement::DefaultEventHandler(Event* event) { - if (event->type() == EventTypeNames::click) { + if (ShouldCausePlayPause(event)) { + event->SetDefaultHandled(); + MaybePlayPause(); + } else if (event->type() == EventTypeNames::click) { event->SetDefaultHandled(); - // Double tap to navigate should only be available on modern controls. - if (!MediaControlsImpl::IsModern() || !event->IsMouseEvent()) { - MaybePlayPause(); - return; - } - - // If the event doesn't have position data we should just default to - // play/pause. - // TODO(beccahughes): Move to PointerEvent. + DCHECK(event->IsMouseEvent()); MouseEvent* mouse_event = ToMouseEvent(event); - if (!mouse_event->HasPosition()) { - MaybePlayPause(); - return; - } + DCHECK(mouse_event->HasPosition()); - // If the click happened on the internal button or a margin around it then - // we should play/pause. - if (IsPointInRect(*internal_button_->getBoundingClientRect(), - kInnerButtonTouchPaddingSize, mouse_event->clientX(), - mouse_event->clientY())) { - MaybePlayPause(); - } else if (!tap_timer_.IsActive()) { + if (!tap_timer_.IsActive()) { // If there was not a previous touch and this was outside of the button // then we should toggle visibility with a small unnoticeable delay in // case their is a second tap. @@ -274,14 +260,37 @@ void MediaControlOverlayPlayButtonElement::DefaultEventHandler(Event* event) { } tap_was_touch_event_.reset(); - event->SetDefaultHandled(); } } MediaControlInputElement::DefaultEventHandler(event); } bool MediaControlOverlayPlayButtonElement::KeepEventInNode(Event* event) { - return MediaControlElementsHelper::IsUserInteractionEvent(event); + return ShouldCausePlayPause(event); +} + +bool MediaControlOverlayPlayButtonElement::ShouldCausePlayPause( + Event* event) const { + // Only click events cause a play/pause. + if (event->type() != EventTypeNames::click) + return false; + + // Double tap to navigate should only be available on modern controls. + if (!MediaControlsImpl::IsModern() || !event->IsMouseEvent()) + return true; + + // If the event doesn't have position data we should just default to + // play/pause. + // TODO(beccahughes): Move to PointerEvent. + MouseEvent* mouse_event = ToMouseEvent(event); + if (!mouse_event->HasPosition()) + return true; + + // If the click happened on the internal button or a margin around it then + // we should play/pause. + return IsPointInRect(*internal_button_->getBoundingClientRect(), + kInnerButtonTouchPaddingSize, mouse_event->clientX(), + mouse_event->clientY()); } WebSize MediaControlOverlayPlayButtonElement::GetSizeOrDefault() const { diff --git a/chromium/third_party/blink/renderer/modules/media_controls/elements/media_control_overlay_play_button_element.h b/chromium/third_party/blink/renderer/modules/media_controls/elements/media_control_overlay_play_button_element.h index c37986b8c94..17d81918cb2 100644 --- a/chromium/third_party/blink/renderer/modules/media_controls/elements/media_control_overlay_play_button_element.h +++ b/chromium/third_party/blink/renderer/modules/media_controls/elements/media_control_overlay_play_button_element.h @@ -81,6 +81,7 @@ class MODULES_EXPORT MediaControlOverlayPlayButtonElement final void DefaultEventHandler(Event*) override; bool KeepEventInNode(Event*) override; + bool ShouldCausePlayPause(Event*) const; void MaybePlayPause(); void MaybeJump(int); diff --git a/chromium/third_party/blink/renderer/modules/media_controls/elements/media_control_panel_element.cc b/chromium/third_party/blink/renderer/modules/media_controls/elements/media_control_panel_element.cc index 91e142fa70c..8010bae15c4 100644 --- a/chromium/third_party/blink/renderer/modules/media_controls/elements/media_control_panel_element.cc +++ b/chromium/third_party/blink/renderer/modules/media_controls/elements/media_control_panel_element.cc @@ -134,7 +134,8 @@ void MediaControlPanelElement::DefaultEventHandler(Event* event) { } bool MediaControlPanelElement::KeepEventInNode(Event* event) { - return MediaControlElementsHelper::IsUserInteractionEvent(event); + return !MediaControlsImpl::IsModern() && + MediaControlElementsHelper::IsUserInteractionEvent(event); } void MediaControlPanelElement::DidBecomeVisible() { diff --git a/chromium/third_party/blink/renderer/modules/media_controls/media_controls_impl.cc b/chromium/third_party/blink/renderer/modules/media_controls/media_controls_impl.cc index 772ddeaa7d0..89c356e3e28 100644 --- a/chromium/third_party/blink/renderer/modules/media_controls/media_controls_impl.cc +++ b/chromium/third_party/blink/renderer/modules/media_controls/media_controls_impl.cc @@ -871,6 +871,7 @@ void MediaControlsImpl::MaybeShow() { timeline_->OnControlsShown(); UpdateCSSClassFromState(); + UpdateActingAsAudioControls(); } void MediaControlsImpl::Hide() { @@ -896,6 +897,7 @@ void MediaControlsImpl::Hide() { timeline_->OnControlsHidden(); UpdateCSSClassFromState(); + UpdateActingAsAudioControls(); } bool MediaControlsImpl::IsVisible() const { @@ -1603,13 +1605,7 @@ void MediaControlsImpl::OnLoadedMetadata() { // to be changed. Reset(); UpdateCSSClassFromState(); - - if (ShouldActAsAudioControls() != is_acting_as_audio_controls_) { - if (is_acting_as_audio_controls_) - StopActingAsAudioControls(); - else - StartActingAsAudioControls(); - } + UpdateActingAsAudioControls(); } void MediaControlsImpl::OnEnteredFullscreen() { @@ -1828,8 +1824,9 @@ MediaControlsImpl::ToggleClosedCaptions() { bool MediaControlsImpl::ShouldActAsAudioControls() const { // A video element should act like an audio element when it has an audio track // but no video track. - return IsModern() && MediaElement().IsHTMLVideoElement() && - MediaElement().HasAudio() && !MediaElement().HasVideo(); + return IsModern() && MediaElement().ShouldShowControls() && + MediaElement().IsHTMLVideoElement() && MediaElement().HasAudio() && + !MediaElement().HasVideo(); } void MediaControlsImpl::StartActingAsAudioControls() { @@ -1850,6 +1847,15 @@ void MediaControlsImpl::StopActingAsAudioControls() { Reset(); } +void MediaControlsImpl::UpdateActingAsAudioControls() { + if (ShouldActAsAudioControls() != is_acting_as_audio_controls_) { + if (is_acting_as_audio_controls_) + StopActingAsAudioControls(); + else + StartActingAsAudioControls(); + } +} + bool MediaControlsImpl::ShouldShowAudioControls() const { return IsModern() && (MediaElement().IsHTMLAudioElement() || is_acting_as_audio_controls_); diff --git a/chromium/third_party/blink/renderer/modules/media_controls/media_controls_impl.h b/chromium/third_party/blink/renderer/modules/media_controls/media_controls_impl.h index 555d6a1ffa3..6d801ad45e3 100644 --- a/chromium/third_party/blink/renderer/modules/media_controls/media_controls_impl.h +++ b/chromium/third_party/blink/renderer/modules/media_controls/media_controls_impl.h @@ -280,6 +280,7 @@ class MODULES_EXPORT MediaControlsImpl final : public HTMLDivElement, bool ShouldActAsAudioControls() const; void StartActingAsAudioControls(); void StopActingAsAudioControls(); + void UpdateActingAsAudioControls(); // Returns true/false based on which set of controls to display. bool ShouldShowAudioControls() const; diff --git a/chromium/third_party/blink/renderer/platform/graphics/paint/cull_rect.h b/chromium/third_party/blink/renderer/platform/graphics/paint/cull_rect.h index 28967a81b74..324659b3d2b 100644 --- a/chromium/third_party/blink/renderer/platform/graphics/paint/cull_rect.h +++ b/chromium/third_party/blink/renderer/platform/graphics/paint/cull_rect.h @@ -53,6 +53,7 @@ class PLATFORM_EXPORT CullRect { // TODO(chrishtr): temporary while we implement CullRect everywhere. friend class FramePainter; friend class GridPainter; + friend class SVGForeignObjectPainter; friend class SVGInlineTextBoxPainter; friend class SVGPaintContext; friend class SVGRootInlineBoxPainter; diff --git a/chromium/third_party/blink/renderer/platform/graphics/paint/geometry_mapper.cc b/chromium/third_party/blink/renderer/platform/graphics/paint/geometry_mapper.cc index bccae25dbef..efbba23f75f 100644 --- a/chromium/third_party/blink/renderer/platform/graphics/paint/geometry_mapper.cc +++ b/chromium/third_party/blink/renderer/platform/graphics/paint/geometry_mapper.cc @@ -279,12 +279,15 @@ FloatClipRect GeometryMapper::LocalToAncestorClipRect( return result; } -static const FloatRoundedRect& GetClipRect( - const ClipPaintPropertyNode* clip_node, - OverlayScrollbarClipBehavior clip_behavior) { - return UNLIKELY(clip_behavior == kExcludeOverlayScrollbarSizeForHitTesting) - ? clip_node->ClipRectExcludingOverlayScrollbars() - : clip_node->ClipRect(); +static FloatClipRect GetClipRect(const ClipPaintPropertyNode* clip_node, + OverlayScrollbarClipBehavior clip_behavior) { + FloatClipRect clip_rect( + UNLIKELY(clip_behavior == kExcludeOverlayScrollbarSizeForHitTesting) + ? clip_node->ClipRectExcludingOverlayScrollbars() + : clip_node->ClipRect()); + if (clip_node->ClipPath()) + clip_rect.ClearIsTight(); + return clip_rect; } FloatClipRect GeometryMapper::LocalToAncestorClipRectInternal( @@ -301,7 +304,7 @@ FloatClipRect GeometryMapper::LocalToAncestorClipRectInternal( if (descendant->Parent() == ancestor_clip && descendant->LocalTransformSpace() == ancestor_transform) { success = true; - return FloatClipRect(GetClipRect(descendant, clip_behavior)); + return GetClipRect(descendant, clip_behavior); } FloatClipRect clip; diff --git a/chromium/third_party/blink/renderer/platform/graphics/paint/geometry_mapper_test.cc b/chromium/third_party/blink/renderer/platform/graphics/paint/geometry_mapper_test.cc index dc38a49cb36..42f1e3d3bb5 100644 --- a/chromium/third_party/blink/renderer/platform/graphics/paint/geometry_mapper_test.cc +++ b/chromium/third_party/blink/renderer/platform/graphics/paint/geometry_mapper_test.cc @@ -361,6 +361,23 @@ TEST_P(GeometryMapperTest, RoundedClip) { CHECK_MAPPINGS(); } +TEST_P(GeometryMapperTest, ClipPath) { + FloatRoundedRect rect(FloatRect(10, 10, 50, 50), + FloatRoundedRect::Radii(FloatSize(1, 1), FloatSize(), + FloatSize(), FloatSize())); + auto clip = CreateClipPathClip(ClipPaintPropertyNode::Root(), + TransformPaintPropertyNode::Root(), + FloatRoundedRect(10, 10, 50, 50)); + local_state.SetClip(clip.get()); + + input_rect = FloatRect(0, 0, 100, 100); + expected_transformed_rect = input_rect; + expected_clip = FloatClipRect(FloatRect(10, 10, 50, 50)); + expected_clip.ClearIsTight(); + expected_visual_rect = expected_clip; + CHECK_MAPPINGS(); +} + TEST_P(GeometryMapperTest, TwoClips) { FloatRoundedRect clip_rect1( FloatRect(10, 10, 30, 40), diff --git a/chromium/third_party/blink/renderer/platform/loader/fetch/fetch_parameters.cc b/chromium/third_party/blink/renderer/platform/loader/fetch/fetch_parameters.cc index 88a956d43af..7dd29cbbd58 100644 --- a/chromium/third_party/blink/renderer/platform/loader/fetch/fetch_parameters.cc +++ b/chromium/third_party/blink/renderer/platform/loader/fetch/fetch_parameters.cc @@ -123,7 +123,9 @@ void FetchParameters::MakeSynchronous() { // renderer. resource_request_.SetPriority(ResourceLoadPriority::kHighest); if (resource_request_.TimeoutInterval() == INT_MAX) { - resource_request_.SetTimeoutInterval(10); + // This 1 day timeout is a temporary value to avoid the 100% CPU usage bug + // in stable (crbug/848210) and mitigate the timeout bug (crbug/844268). + resource_request_.SetTimeoutInterval(60 * 60 * 24); } // Skip ServiceWorker for synchronous loads from the main thread to avoid // deadlocks. diff --git a/chromium/third_party/blink/renderer/platform/mhtml/mhtml_archive.cc b/chromium/third_party/blink/renderer/platform/mhtml/mhtml_archive.cc index 9319926f6c7..5d3cc087814 100644 --- a/chromium/third_party/blink/renderer/platform/mhtml/mhtml_archive.cc +++ b/chromium/third_party/blink/renderer/platform/mhtml/mhtml_archive.cc @@ -149,6 +149,10 @@ MHTMLArchive::MHTMLArchive() = default; MHTMLArchive* MHTMLArchive::Create(const KURL& url, scoped_refptr<const SharedBuffer> data) { + // |data| may be null if archive file is empty. + if (!data) + return nullptr; + // MHTML pages can only be loaded from local URLs, http/https URLs, and // content URLs(Android specific). The latter is now allowed due to full // sandboxing enforcement on MHTML pages. |