LayoutTests:
authorjusting <justing@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 27 Jul 2006 20:01:56 +0000 (20:01 +0000)
committerjusting <justing@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 27 Jul 2006 20:01:56 +0000 (20:01 +0000)
        Reviewed by levi

        <rdar://problem/4628409>
        Safari crashes in CompositeEditCommand::removeBlockPlaceholder entering text in a web page form

        * fast/forms/4628409-expected.txt: Added.
        * fast/forms/4628409.html: Added.

WebCore:

        Reviewed by levi

        <rdar://problem/4628409>
        Safari crashes in CompositeEditCommand::removeBlockPlaceholder entering text in a web page form

        * editing/CompositeEditCommand.cpp:
        (WebCore::CompositeEditCommand::removeBlockPlaceholder):
        A script on the page shrinks the textarea down to zero rows just
        before insertion.  That gives the shadow div a zero height, removing
        [div, 0] as a candidate for a VisiblePosition.  Then
        InsertTextCommand::input() tries to create a VisiblePosition from
        [div, 0] and fails.  A nil check is a quick fix.  Another might
        be to make positions where there is a caret selection candidates.
        Another might be to make any [div, 0] where div is a shadow div inside
        a form element a candidate.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@15652 268f45cc-cd09-0410-ab3c-d52691b4dbfc

LayoutTests/ChangeLog
LayoutTests/fast/forms/4628409-expected.txt [new file with mode: 0644]
LayoutTests/fast/forms/4628409.html [new file with mode: 0644]
WebCore/ChangeLog
WebCore/editing/CompositeEditCommand.cpp

index 739c15c..0fe45e8 100644 (file)
@@ -1,3 +1,13 @@
+2006-07-27  Justin Garcia  <justin.garcia@apple.com>
+
+        Reviewed by levi
+        
+        <rdar://problem/4628409>
+        Safari crashes in CompositeEditCommand::removeBlockPlaceholder entering text in a web page form
+
+        * fast/forms/4628409-expected.txt: Added.
+        * fast/forms/4628409.html: Added.
+
 2006-07-27  Graham Dennis  <graham.dennis@gmail.com>
 
         Reviewed by Darin.
 2006-07-27  Graham Dennis  <graham.dennis@gmail.com>
 
         Reviewed by Darin.
diff --git a/LayoutTests/fast/forms/4628409-expected.txt b/LayoutTests/fast/forms/4628409-expected.txt
new file mode 100644 (file)
index 0000000..dda2e66
--- /dev/null
@@ -0,0 +1,7 @@
+EDITING DELEGATE: webViewDidChangeSelection:WebViewDidChangeSelectionNotification
+EDITING DELEGATE: shouldChangeSelectedDOMRange:range from 0 of DIV to 0 of DIV toDOMRange:range from 1 of #text > DIV to 1 of #text > DIV affinity:NSSelectionAffinityDownstream stillSelecting:FALSE
+EDITING DELEGATE: webViewDidChangeSelection:WebViewDidChangeSelectionNotification
+EDITING DELEGATE: webViewDidChange:WebViewDidChangeNotification
+This tests for a crash when inserting text into a textarea that has been shrunk to zero rows just before the insertion.
+
+
diff --git a/LayoutTests/fast/forms/4628409.html b/LayoutTests/fast/forms/4628409.html
new file mode 100644 (file)
index 0000000..c06864c
--- /dev/null
@@ -0,0 +1,10 @@
+<p>This tests for a crash when inserting text into a textarea that has been shrunk to zero rows just before the insertion.</p>
+<textarea id="textarea" rows="1"></textarea>
+<script>
+if (window.layoutTestController)
+    window.layoutTestController.dumpAsText();
+var e = document.getElementById("textarea");
+e.setSelectionRange(0, 0);
+e.rows = 0;
+document.execCommand("InsertText", false, "x");
+</script>
\ No newline at end of file
index 9a0c902..e323955 100644 (file)
@@ -1,3 +1,21 @@
+2006-07-27  Justin Garcia  <justin.garcia@apple.com>
+
+        Reviewed by levi
+        
+        <rdar://problem/4628409>
+        Safari crashes in CompositeEditCommand::removeBlockPlaceholder entering text in a web page form
+
+        * editing/CompositeEditCommand.cpp:
+        (WebCore::CompositeEditCommand::removeBlockPlaceholder): 
+        A script on the page shrinks the textarea down to zero rows just
+        before insertion.  That gives the shadow div a zero height, removing
+        [div, 0] as a candidate for a VisiblePosition.  Then 
+        InsertTextCommand::input() tries to create a VisiblePosition from 
+        [div, 0] and fails.  A nil check is a quick fix.  Another might
+        be to make positions where there is a caret selection candidates.
+        Another might be to make any [div, 0] where div is a shadow div inside
+        a form element a candidate.
+
 2006-07-27  Graham Dennis  <graham.dennis@gmail.com>
 
         Reviewed by Darin.
 2006-07-27  Graham Dennis  <graham.dennis@gmail.com>
 
         Reviewed by Darin.
index a357cdf..55d4463 100644 (file)
@@ -537,6 +537,9 @@ Node *CompositeEditCommand::addBlockPlaceholderIfNeeded(Node *node)
 
 void CompositeEditCommand::removeBlockPlaceholder(const VisiblePosition& visiblePosition)
 {
 
 void CompositeEditCommand::removeBlockPlaceholder(const VisiblePosition& visiblePosition)
 {
+    if (visiblePosition.isNull())
+        return;
+        
     Position p = visiblePosition.deepEquivalent().downstream();
     if (p.node()->hasTagName(brTag) && p.offset() == 0 && isEndOfBlock(visiblePosition) && isStartOfBlock(visiblePosition))
         removeNode(p.node());
     Position p = visiblePosition.deepEquivalent().downstream();
     if (p.node()->hasTagName(brTag) && p.offset() == 0 && isEndOfBlock(visiblePosition) && isStartOfBlock(visiblePosition))
         removeNode(p.node());