On baidu at least, I can see that their <textarea> changes from `overflow:hidden` to `overflow-x: hidden; overflow-y: auto;` when you focus it. Google also gains `overflow-y: auto` when you focus their textarea. Presumably those style changes (when the field is focused/unfocused) are causing the frame to get reconstructed, and that's what triggers a similar sort of teardown-and-rebuild flow that the fuzzer testcases are doing.
Bug 1889803 Comment 23 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
On baidu at least, I can see that their <textarea> changes from `overflow:hidden` to have `overflow-y: auto;` (with `overflow-x: hidden`) when you focus it. Google also gains `overflow-y: auto` when you focus their textarea. Presumably those style changes (when the field gains or loses focus) are causing the frame to get reconstructed, and that's what triggers a similar sort of teardown-and-rebuild flow that the fuzzer testcases are doing. (And I imagine that the aforementioned IME tools might be simultaneously changing the text content and focus state, which might make the relevant edge cases here easier to trigger.)