TextFieldInputType::handleBeforeTextInsertedEvent shouldn't use plainText
authorrniwa@webkit.org <rniwa@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 19 Feb 2014 00:04:07 +0000 (00:04 +0000)
committerrniwa@webkit.org <rniwa@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 19 Feb 2014 00:04:07 +0000 (00:04 +0000)
https://bugs.webkit.org/show_bug.cgi?id=128953

Reviewed by Alexey Proskuryakov.

Don't use FrameSelection's toNormalizedRange and plainText. Instead, use the cached selection start and selection
end to extract the selected text. The caches are updated inside FrameSelection::setSelection whenever selection
is inside a text form control via HTMLTextFormControlElement::selectionChanged.

* html/TextFieldInputType.cpp:
(WebCore::TextFieldInputType::handleBeforeTextInsertedEvent):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@164329 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebCore/ChangeLog
Source/WebCore/html/TextFieldInputType.cpp

index 234ad5c..282e940 100644 (file)
@@ -1,3 +1,17 @@
+2014-02-18  Ryosuke Niwa  <rniwa@webkit.org>
+
+        TextFieldInputType::handleBeforeTextInsertedEvent shouldn't use plainText
+        https://bugs.webkit.org/show_bug.cgi?id=128953
+
+        Reviewed by Alexey Proskuryakov.
+
+        Don't use FrameSelection's toNormalizedRange and plainText. Instead, use the cached selection start and selection
+        end to extract the selected text. The caches are updated inside FrameSelection::setSelection whenever selection
+        is inside a text form control via HTMLTextFormControlElement::selectionChanged.
+
+        * html/TextFieldInputType.cpp:
+        (WebCore::TextFieldInputType::handleBeforeTextInsertedEvent):
+
 2014-02-18  Viatcheslav Ostapenko  <sl.ostapenko@samsung.com>
 
         Bottom/right sticky positioning don't correctly handle scroll containers with padding
index 1c93036..4398bc2 100644 (file)
@@ -374,14 +374,19 @@ void TextFieldInputType::handleBeforeTextInsertedEvent(BeforeTextInsertedEvent*
     // We use RenderTextControlSingleLine::text() instead of InputElement::value()
     // because they can be mismatched by sanitizeValue() in
     // HTMLInputElement::subtreeHasChanged() in some cases.
-    unsigned oldLength = numGraphemeClusters(element().innerTextValue());
+    String innerText = element().innerTextValue();
+    unsigned oldLength = numGraphemeClusters(innerText);
 
     // selectionLength represents the selection length of this text field to be
     // removed by this insertion.
     // If the text field has no focus, we don't need to take account of the
     // selection length. The selection is the source of text drag-and-drop in
     // that case, and nothing in the text field will be removed.
-    unsigned selectionLength = element().focused() ? numGraphemeClusters(plainText(element().document().frame()->selection().selection().toNormalizedRange().get())) : 0;
+    unsigned selectionLength = 0;
+    if (element().focused()) {
+        ASSERT(enclosingTextFormControl(element().document().frame()->selection().selection().start()) == &element());
+        selectionLength = numGraphemeClusters(innerText.substring(element().selectionStart(), element().selectionEnd()));
+    }
     ASSERT(oldLength >= selectionLength);
 
     // Selected characters will be removed by the next text event.