https://bugs.webkit.org/show_bug.cgi?id=150209
<rdar://problem/
23137198>
Patch by Jiewen Tan <jiewen_tan@apple.com> on 2015-10-26
Reviewed by Chris Dumez.
Source/WebCore:
This is a merge from Blink r168006:
https://codereview.chromium.org/
181283002
Test: editing/execCommand/insert-ordered-list-crash.html
* editing/InsertListCommand.cpp:
(WebCore::InsertListCommand::doApply):
setEndingSelection() might change endingSelection(), we should check again.
LayoutTests:
* editing/execCommand/insert-ordered-list-crash-expected.txt: Added.
* editing/execCommand/insert-ordered-list-crash.html: Added.
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@191605
268f45cc-cd09-0410-ab3c-
d52691b4dbfc
2015-10-26 Jiewen Tan <jiewen_tan@apple.com>
+ Null dereference loading Blink layout test editing/execCommand/insert-ordered-list-crash.html
+ https://bugs.webkit.org/show_bug.cgi?id=150209
+ <rdar://problem/23137198>
+
+ Reviewed by Chris Dumez.
+
+ * editing/execCommand/insert-ordered-list-crash-expected.txt: Added.
+ * editing/execCommand/insert-ordered-list-crash.html: Added.
+
+2015-10-26 Jiewen Tan <jiewen_tan@apple.com>
+
Null dereference loading Blink layout test editing/execCommand/insert-html-to-document-element-crash.html
https://bugs.webkit.org/show_bug.cgi?id=149294
<rdar://problem/22746657>
--- /dev/null
+Pass if not crash.
--- /dev/null
+<!DOCTYPE html>
+<html>
+<body>
+ <script>
+ document.addEventListener("DOMContentLoaded", function () {
+ document.execCommand("SelectAll", false);
+ window.getSelection().deleteFromDocument();
+ }, true);
+
+ var count = 0;
+ document.addEventListener("DOMSubtreeModified", function () {
+ count++;
+ if (count < 3) {
+ var src = event.srcElement;
+ src.contentEditable = "true";
+ src.innerHTML = '<div></div>';
+ document.execCommand('InsertOrderedList', false, false);
+ }
+ else if (count == 6)
+ document.write('Pass if not crash.')
+ }, false);
+
+ if (window.testRunner)
+ testRunner.dumpAsText();
+ </script>
+ <h5>
+ aa
+ <textarea></textarea>
+ </h5>
+ <dl>
+ aa
+ </dl>
+</body>
+</html>
\ No newline at end of file
2015-10-26 Jiewen Tan <jiewen_tan@apple.com>
+ Null dereference loading Blink layout test editing/execCommand/insert-ordered-list-crash.html
+ https://bugs.webkit.org/show_bug.cgi?id=150209
+ <rdar://problem/23137198>
+
+ Reviewed by Chris Dumez.
+
+ This is a merge from Blink r168006:
+ https://codereview.chromium.org/181283002
+
+ Test: editing/execCommand/insert-ordered-list-crash.html
+
+ * editing/InsertListCommand.cpp:
+ (WebCore::InsertListCommand::doApply):
+ setEndingSelection() might change endingSelection(), we should check again.
+
+2015-10-26 Jiewen Tan <jiewen_tan@apple.com>
+
Null dereference loading Blink layout test editing/execCommand/insert-html-to-document-element-crash.html
https://bugs.webkit.org/show_bug.cgi?id=149294
<rdar://problem/22746657>
// FIXME: We paint the gap before some paragraphs that are indented with left
// margin/padding, but not others. We should make the gap painting more consistent and
// then use a left margin/padding rule here.
- if (visibleEnd != visibleStart && isStartOfParagraph(visibleEnd, CanSkipOverEditingBoundary))
+ if (visibleEnd != visibleStart && isStartOfParagraph(visibleEnd, CanSkipOverEditingBoundary)) {
setEndingSelection(VisibleSelection(visibleStart, visibleEnd.previous(CannotCrossEditingBoundary), endingSelection().isDirectional()));
+ if (!endingSelection().rootEditableElement())
+ return;
+ }
auto& listTag = (m_type == OrderedList) ? olTag : ulTag;
if (endingSelection().isRange()) {
git://git.webkit.org / WebKit-https.git / commitdiff