Bug 187990

Summary: Once <object> is hidden, its content won't be displayed again if its URL has fragment identifier ("#").
Product: WebKit Reporter: Takao Baba <baba>
Component: Layout and RenderingAssignee: Daniel Bates <dbates>
Status: RESOLVED FIXED    
Severity: Normal CC: ap, bfulgham, cdumez, dbates, ews-watchlist, japhet, simon.fraser, webkit-bug-importer, zalan
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
testcase
none
Patch and layout tests simon.fraser: review+

Description Takao Baba 2018-07-25 01:24:36 PDT 
Created attachment 345746 [details]
testcase

Steps to reproduce the problem:
1. Download and extract attached testcase.zip
2. Open index.html

What is the expected behavior?
At first there is a red circle. It will be hidden after 0.5 second, and it appears again.

What went wrong?
The red circle, the content of the <object> element, is not displayed again despite the <object> is shown.

This issue won't occur if the URL does not include "#".

Only Safari and Chrome have this issue. Firefox, Edge and IE work well.

chrome bug: https://bugs.chromium.org/p/chromium/issues/detail?id=865932
Comment 1 Daniel Bates 2018-08-09 15:27:14 PDT 
Confirmed that this issue occurs in Mac nightly r234734.
Comment 2 Daniel Bates 2018-08-09 15:48:12 PDT 
When "display: none" is set on an <object> that behaves as an iframe we detach the frame view of the page it is displaying. Subsequently setting "display: inline" asked the loader to load the page the <object> refers to. Loading a URL that contains a fragment goes through a specialized code path since the result of such a load is to scroll the frame to an anchor. Unlike a traditional page load, this code path assumes that the frame view it scrolls is associated with an owner frame element (e.g. <object>). But this is not always true as demonstrated by the test case.
Comment 3 Daniel Bates 2018-08-09 15:52:21 PDT 
This issue is not specific to hiding and showing and <object> that behaves as an iframe. In general, navigating an <object> to a fragment in the same document that it is displaying will cause the same visual result: an empty repaint.
Comment 4 Daniel Bates 2018-08-09 16:48:14 PDT 
Created attachment 346875 [details]
Patch and layout tests
Comment 5 Simon Fraser (smfr) 2018-08-09 16:56:10 PDT 
Comment on attachment 346875 [details]
Patch and layout tests

View in context: https://bugs.webkit.org/attachment.cgi?id=346875&action=review

> Source/WebCore/ChangeLog:8
> +        Fixes and issue where an HTML object element that behaves like an iframe and references a resource

an issue
Comment 6 Daniel Bates 2018-08-10 10:41:51 PDT 
Committed in <https://trac.webkit.org/changeset/234762>.
Comment 7 Radar WebKit Bug Importer 2018-08-10 10:42:35 PDT 
<rdar://problem/43147455>