Remove retargeting of elementFromPoint that allows child iframe content

Internal elementFromPoint call might allow HitTest to get child frame content, in which case retarget is not needed. In this case, we don't call retarget for the hit test result. Bug: 812138 Change-Id: I17047f5e4b407cbe2ce58ffd0e191f73413ac3bc Reviewed-on: https://chromium-review.googlesource.com/923247 Commit-Queue: Rakina Zata Amni <rakina@chromium.org> Reviewed-by: Hayato Ito <hayato@chromium.org> Cr-Commit-Position: refs/heads/master@{#537609}

Remove retargeting of elementFromPoint that allows child iframe content
Internal elementFromPoint call might allow HitTest to get child frame content, in which case retarget is not needed. In this case, we don't call retarget for the hit test result. Bug: 812138 Change-Id: I17047f5e4b407cbe2ce58ffd0e191f73413ac3bc Reviewed-on: https://chromium-review.googlesource.com/923247 Commit-Queue: Rakina Zata Amni <rakina@chromium.org> Reviewed-by: Hayato Ito <hayato@chromium.org> Cr-Commit-Position: refs/heads/master@{#537609}
d077e7d9 · Rakina Zata Amni · Commit Bot · 276bc84c · d077e7d9 · d077e7d9
Commit d077e7d9 authored Feb 19, 2018 by Rakina Zata Amni Committed by Commit Bot Feb 19, 2018
Showing with 18 additions and 5 deletions

third_party/WebKit/Source/core/dom/TreeScope.cpp third_party/WebKit/Source/core/dom/TreeScope.cpp +12 -4

third_party/WebKit/Source/core/dom/TreeScope.h third_party/WebKit/Source/core/dom/TreeScope.h +6 -1

No files found.
--- a/third_party/WebKit/Source/core/dom/TreeScope.cpp
+++ b/third_party/WebKit/Source/core/dom/TreeScope.cpp
@@ -242,10 +242,16 @@ Element* TreeScope::HitTestPoint(double x,
                                 const HitTestRequest& request) const {
  HitTestResult result =
      HitTestInDocument(&RootNode().GetDocument(), x, y, request);
-  return HitTestPointInternal(result.InnerNode());
+  if (request.AllowsChildFrameContent()) {
+    return HitTestPointInternal(result.InnerNode(),
+                                HitTestPointType::kInternal);
+  }
+  return HitTestPointInternal(result.InnerNode(),
+                              HitTestPointType::kWebExposed);
 }

-Element* TreeScope::HitTestPointInternal(Node* node) const {
+Element* TreeScope::HitTestPointInternal(Node* node,
+                                         HitTestPointType type) const {
  if (!node || node->IsDocumentNode())
    return nullptr;
  Element* element;
@@ -255,7 +261,9 @@ Element* TreeScope::HitTestPointInternal(Node* node) const {
    element = ToElement(node);
  if (!element)
    return nullptr;
-  return Retarget(*element);
+  if (type == HitTestPointType::kWebExposed)
+    return Retarget(*element);
+  return element;
 }

 HeapVector<Member<Element>> TreeScope::ElementsFromHitTestResult(
@@ -269,7 +277,7 @@ HeapVector<Member<Element>> TreeScope::ElementsFromHitTestResult(
    // get it through its child and can't skip it.
    if (!node->IsElementNode() && !IsHTMLSlotElement(node->parentNode()))
      continue;
-    node = HitTestPointInternal(node);
+    node = HitTestPointInternal(node, HitTestPointType::kWebExposed);
    // Prune duplicate entries. A pseduo ::before content above its parent
    // node should only result in a single entry.
    if (node == last_node)

--- a/third_party/WebKit/Source/core/dom/TreeScope.h
+++ b/third_party/WebKit/Source/core/dom/TreeScope.h
@@ -52,6 +52,11 @@ class Node;
 // NodeList cache manipulation in the destructor.
 class CORE_EXPORT TreeScope : public GarbageCollectedMixin {
 public:
+  enum HitTestPointType {
+    kInternal = 1 << 1,
+    kWebExposed = 1 << 2,
+  };
+
  TreeScope* ParentTreeScope() const { return parent_tree_scope_; }

  bool IsInclusiveOlderSiblingShadowRootOrAncestorTreeScopeOf(
@@ -142,7 +147,7 @@ class CORE_EXPORT TreeScope : public GarbageCollectedMixin {
  void SetNeedsStyleRecalcForViewportUnits();

 private:
-  Element* HitTestPointInternal(Node*) const;
+  Element* HitTestPointInternal(Node*, HitTestPointType) const;

  Member<ContainerNode> root_node_;
  Member<Document> document_;