2010-11-05 Ryosuke Niwa <rniwa@webkit.org>
authorrniwa@webkit.org <rniwa@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 5 Nov 2010 17:43:38 +0000 (17:43 +0000)
committerrniwa@webkit.org <rniwa@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 5 Nov 2010 17:43:38 +0000 (17:43 +0000)
commit3121732cc756ebbf695e44a3954bbb1587f33233
tree4ac94b6616eed4e2b0c8949e35fab87e13f20df8
parentb96503fb364d3e4be8d1994cb77d77412efb9495
2010-11-05  Ryosuke Niwa  <rniwa@webkit.org>

        Reviewed by Darin Adler.

        Crash in ApplyStyleCommand::surroundNodeRangeWithElement
        https://bugs.webkit.org/show_bug.cgi?id=48581

        The crash was caused by a false assertion that we can always recover selection in
        ApplyStyleCommand::removeInlineStyle.  Fixed the crash by removing the assertion
        and adding an early exit to the call site.  Also converted raw pointers to RefPtr
        in surroundNodeRangeWithElement and addInlineStyleIfNeeded.

        Test (non-Mac platforms): editing/style/iframe-onload-crash.html

        * editing/ApplyStyleCommand.cpp:
        (WebCore::ApplyStyleCommand::applyInlineStyle):
        (WebCore::ApplyStyleCommand::removeInlineStyle):
        (WebCore::ApplyStyleCommand::surroundNodeRangeWithElement):
        (WebCore::ApplyStyleCommand::addInlineStyleIfNeeded):
        * editing/ApplyStyleCommand.h:
2010-11-04  Ryosuke Niwa  <rniwa@webkit.org>

        Reviewed by Darin Adler.

        Re-enabled editing/style/iframe-onload-crash.html on Chromium, Qt, and Windows platforms.

        * platform/chromium/test_expectations.txt:
        * platform/qt/Skipped:
        * platform/win/Skipped:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@71431 268f45cc-cd09-0410-ab3c-d52691b4dbfc
LayoutTests/ChangeLog
LayoutTests/platform/chromium/test_expectations.txt
LayoutTests/platform/qt/Skipped
LayoutTests/platform/win/Skipped
WebCore/ChangeLog
WebCore/editing/ApplyStyleCommand.cpp
WebCore/editing/ApplyStyleCommand.h