LibWeb/HTML: Only update the image data on fully loaded document

Documents created by DOMParser and fragment documents do not have an origin set on the document by the spec. These documents also happen to never become fully active. By properly implementing the steps for the <img> element to only update the image data for documents which are fully active, this fixes a crash for img elements in these types of documents. Unfortunately, this is not a full fix for the microtask queue case. This is because it seems possible for node document for an <img> element to be changed during the microtask queue for that document. It is not clear to me how this can be fixed in a nice way.
Author: https://github.com/shannonbooth Commit: 0bdcaf02d3 Pull-request: https://github.com/LadybirdBrowser/ladybird/pull/5153 Reviewed-by: https://github.com/gmta ✅
2025-07-18 15:01:54 +00:00 · 2025-06-21 15:31:29 +12:00 · 2025-06-21 15:31:29 +12:00 · 0bdcaf02d3 · 2025-06-24 07:57:31 +00:00
commit 0bdcaf02d3
parent bc85a9bace
7 changed files with 684 additions and 5 deletions
--- a/Libraries/LibWeb/HTML/HTMLImageElement.cpp
+++ b/Libraries/LibWeb/HTML/HTMLImageElement.cpp
@ -16,6 +16,7 @@
 #include <LibWeb/CSS/StyleValues/DisplayStyleValue.h>
 #include <LibWeb/CSS/StyleValues/LengthStyleValue.h>
 #include <LibWeb/DOM/Document.h>
+#include <LibWeb/DOM/DocumentObserver.h>
 #include <LibWeb/DOM/Event.h>
 #include <LibWeb/Fetch/Fetching/Fetching.h>
 #include <LibWeb/Fetch/Infrastructure/FetchController.h>
@ -74,6 +75,12 @@ void HTMLImageElement::adopted_from(DOM::Document& old_document)
 {
    old_document.unregister_viewport_client(*this);
    document().register_viewport_client(*this);
+
+    if (m_document_observer) {
+        m_document_observer->set_document(document());
+        if (!old_document.is_fully_active() && document().is_fully_active())
+            m_document_observer->document_became_active()->function()();
+    }
 }

 void HTMLImageElement::visit_edges(Cell::Visitor& visitor)
@ -81,6 +88,7 @@ void HTMLImageElement::visit_edges(Cell::Visitor& visitor)
    Base::visit_edges(visitor);
    visitor.visit(m_current_request);
    visitor.visit(m_pending_request);
+    visitor.visit(m_document_observer);
    visit_lazy_loading_element(visitor);
 }

@ -482,13 +490,42 @@ static BatchingDispatcher& batching_dispatcher()
 // https://html.spec.whatwg.org/multipage/images.html#update-the-image-data
 void HTMLImageElement::update_the_image_data(bool restart_animations, bool maybe_omit_events)
 {
+    auto& realm = this->realm();
+
    // 1. If the element's node document is not fully active, then:
    if (!document().is_fully_active()) {
-        // FIXME: 1. Continue running this algorithm in parallel.
-        // FIXME: 2. Wait until the element's node document is fully active.
-        // FIXME: 3. If another instance of this algorithm for this img element was started after this instance
-        //           (even if it aborted and is no longer running), then return.
-        // FIXME: 4. Queue a microtask to continue this algorithm.
+        // 1. Continue running this algorithm in parallel.
+        // 2. Wait until the element's node document is fully active.
+        // 3. If another instance of this algorithm for this img element was started after this instance
+        //    (even if it aborted and is no longer running), then return.
+        if (m_document_observer)
+            return;
+
+        m_document_observer = realm.create<DOM::DocumentObserver>(realm, document());
+        m_document_observer->set_document_became_active([this, restart_animations, maybe_omit_events]() {
+            // 4. Queue a microtask to continue this algorithm.
+            queue_a_microtask(&document(), GC::create_function(this->heap(), [this, restart_animations, maybe_omit_events]() {
+                update_the_image_data_impl(restart_animations, maybe_omit_events);
+            }));
+        });
+
+        return;
+    }
+
+    update_the_image_data_impl(restart_animations, maybe_omit_events);
+}
+
+// https://html.spec.whatwg.org/multipage/images.html#update-the-image-data
+void HTMLImageElement::update_the_image_data_impl(bool restart_animations, bool maybe_omit_events)
+{
+    // 1. If the element's node document is not fully active, then:
+    // FIXME: This step and it's substeps is implemented by the calling `update_the_image_data` function.
+    //        By the time that we reach here, the document should be fully active. However, it is possible
+    //        that the node document is swapped out again during the queue of the microtask to run this
+    //        algorithm.
+    if (!document().is_fully_active()) {
+        dbgln("FIXME: Node document is not fully active running 'update the image data'");
+        return;
    }

    // 2. FIXME: If the user agent cannot support images, or its support for images has been disabled,