WebCore:
authorojan@chromium.org <ojan@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 6 Jul 2009 20:37:16 +0000 (20:37 +0000)
committerojan@chromium.org <ojan@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 6 Jul 2009 20:37:16 +0000 (20:37 +0000)
2009-07-06  Ojan Vafai  <ojan@chromium.org>

        Reviewed by Eric Seidel.

        Fix crash when indenting in an empty table cell.
        https://bugs.webkit.org/show_bug.cgi?id=26872

        The crash is that we would call splitTreeToNode where the node
        and the nodeToSplitTo were the same node.

        Test: editing/execCommand/indent-empty-table-cell.html

        * editing/CompositeEditCommand.cpp:
        (WebCore::CompositeEditCommand::splitTreeToNode):
        Added an assert in that node and nodeToSplitTo
        are different nodes to make this assumption explicit.

        * editing/IndentOutdentCommand.cpp:
        (WebCore::IndentOutdentCommand::isAtUnsplittableElement):
        (WebCore::IndentOutdentCommand::indentRegion):
        * editing/IndentOutdentCommand.h:

LayoutTests:

2009-07-06  Ojan Vafai  <ojan@chromium.org>

        Reviewed by Eric Seidel.

        Fix crash when indenting in an empty table cell.
        https://bugs.webkit.org/show_bug.cgi?id=26872

        The crash is that we would call splitTreeToNode where the node
        and the nodeToSplitTo were the same node.

        * editing/execCommand/indent-empty-table-cell-expected.txt: Added.
        * editing/execCommand/indent-empty-table-cell.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@45561 268f45cc-cd09-0410-ab3c-d52691b4dbfc

LayoutTests/ChangeLog
LayoutTests/editing/execCommand/indent-empty-table-cell-expected.txt [new file with mode: 0644]
LayoutTests/editing/execCommand/indent-empty-table-cell.html [new file with mode: 0644]
WebCore/ChangeLog
WebCore/editing/CompositeEditCommand.cpp
WebCore/editing/IndentOutdentCommand.cpp
WebCore/editing/IndentOutdentCommand.h

index 64f6332..37dcb17 100644 (file)
@@ -1,3 +1,16 @@
+2009-07-06  Ojan Vafai  <ojan@chromium.org>
+
+        Reviewed by Eric Seidel.
+
+        Fix crash when indenting in an empty table cell.
+        https://bugs.webkit.org/show_bug.cgi?id=26872
+
+        The crash is that we would call splitTreeToNode where the node
+        and the nodeToSplitTo were the same node.
+
+        * editing/execCommand/indent-empty-table-cell-expected.txt: Added.
+        * editing/execCommand/indent-empty-table-cell.html: Added.
+
 2009-07-05  Chris Marrin  <cmarrin@apple.com>
 
         Reviewed by Simon Fraser.
diff --git a/LayoutTests/editing/execCommand/indent-empty-table-cell-expected.txt b/LayoutTests/editing/execCommand/indent-empty-table-cell-expected.txt
new file mode 100644 (file)
index 0000000..e6607ca
--- /dev/null
@@ -0,0 +1,4 @@
+This tests for a crash when indenting an empty TD.
+
+
+
diff --git a/LayoutTests/editing/execCommand/indent-empty-table-cell.html b/LayoutTests/editing/execCommand/indent-empty-table-cell.html
new file mode 100644 (file)
index 0000000..f37cb14
--- /dev/null
@@ -0,0 +1,17 @@
+<p>This tests for a crash when indenting an empty TD.</p>
+<div contenteditable="true">
+<table>
+  <tbody>
+    <tr>
+      <td id ="indent"></td>
+    </tr>
+  </tbody>
+</table>
+</div>
+<script>
+if (window.layoutTestController)
+    window.layoutTestController.dumpAsText();
+indent = document.getElementById("indent");
+window.getSelection().setPosition(indent, 0);
+document.execCommand("indent");
+</script>
index 382ae48..b06c504 100644 (file)
@@ -1,3 +1,25 @@
+2009-07-06  Ojan Vafai  <ojan@chromium.org>
+
+        Reviewed by Eric Seidel.
+
+        Fix crash when indenting in an empty table cell.
+        https://bugs.webkit.org/show_bug.cgi?id=26872
+
+        The crash is that we would call splitTreeToNode where the node
+        and the nodeToSplitTo were the same node.
+
+        Test: editing/execCommand/indent-empty-table-cell.html
+
+        * editing/CompositeEditCommand.cpp:
+        (WebCore::CompositeEditCommand::splitTreeToNode):
+        Added an assert in that node and nodeToSplitTo
+        are different nodes to make this assumption explicit.
+
+        * editing/IndentOutdentCommand.cpp:
+        (WebCore::IndentOutdentCommand::isAtUnsplittableElement):
+        (WebCore::IndentOutdentCommand::indentRegion):
+        * editing/IndentOutdentCommand.h:
+
 2009-07-06  Nate Chapin  <japhet@chromium.org>
 
         Reviewed by David Levin.
index 8e4f950..9737e92 100644 (file)
@@ -1041,6 +1041,8 @@ Position CompositeEditCommand::positionAvoidingSpecialElementBoundary(const Posi
 // to determine if the split is necessary. Returns the last split node.
 PassRefPtr<Node> CompositeEditCommand::splitTreeToNode(Node* start, Node* end, bool splitAncestor)
 {
+    ASSERT(start != end);
+
     RefPtr<Node> node;
     for (node = start; node && node->parent() != end; node = node->parent()) {
         VisiblePosition positionInParent(Position(node->parent(), 0), DOWNSTREAM);
index 3922367..890cff2 100644 (file)
@@ -163,6 +163,12 @@ void IndentOutdentCommand::indentIntoBlockquote(const VisiblePosition& endOfCurr
     moveParagraph(startOfParagraph(endOfCurrentParagraph), endOfCurrentParagraph, VisiblePosition(Position(insertionPoint, 0)), true);
 }
 
+bool IndentOutdentCommand::isAtUnsplittableElement(const Position& pos) const
+{
+    Node* node = pos.node();
+    return node == editableRootForPosition(pos) || node == enclosingNodeOfType(pos, &isTableCell);
+}
+
 void IndentOutdentCommand::indentRegion()
 {
     VisibleSelection selection = selectionForParagraphIteration(endingSelection());
@@ -174,10 +180,10 @@ void IndentOutdentCommand::indentRegion()
     ASSERT(!startOfSelection.isNull());
     ASSERT(!endOfSelection.isNull());
 
-    // Special case empty root editable elements because there's nothing to split
+    // Special case empty unsplittable elements because there's nothing to split
     // and there's nothing to move.
     Position start = startOfSelection.deepEquivalent().downstream();
-    if (start.node() == editableRootForPosition(start)) {
+    if (isAtUnsplittableElement(start)) {
         RefPtr<Element> blockquote = createIndentBlockquoteElement(document());
         insertNodeAt(blockquote, start);
         RefPtr<Element> placeholder = createBreakElement(document());
index 419f832..a10b89d 100644 (file)
@@ -46,6 +46,9 @@ private:
     virtual void doApply();
     virtual EditAction editingAction() const { return m_typeOfAction == Indent ? EditActionIndent : EditActionOutdent; }
 
+    // FIXME: Does this belong in htmlediting.cpp?
+    bool isAtUnsplittableElement(const Position&) const;
+
     void indentRegion();
     void outdentRegion();
     void outdentParagraph();