Null dereference loading Blink layout test editing/apply-inline-style-to-element...
authorjiewen_tan@apple.com <jiewen_tan@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 12 Jan 2016 20:11:03 +0000 (20:11 +0000)
committerjiewen_tan@apple.com <jiewen_tan@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 12 Jan 2016 20:11:03 +0000 (20:11 +0000)
https://bugs.webkit.org/show_bug.cgi?id=149287
<rdar://problem/22746217>

Reviewed by Brent Fulgham.

* imported/blink/editing/apply-inline-style-to-element-with-no-renderer-crash-expected.txt: Added.
* imported/blink/editing/apply-inline-style-to-element-with-no-renderer-crash.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@194916 268f45cc-cd09-0410-ab3c-d52691b4dbfc

LayoutTests/ChangeLog
LayoutTests/imported/blink/editing/apply-inline-style-to-element-with-no-renderer-crash-expected.txt [new file with mode: 0644]
LayoutTests/imported/blink/editing/apply-inline-style-to-element-with-no-renderer-crash.html [new file with mode: 0644]

index 02cc0e2..2ce3bdb 100644 (file)
@@ -1,3 +1,14 @@
+2016-01-12  Jiewen Tan  <jiewen_tan@apple.com>
+
+        Null dereference loading Blink layout test editing/apply-inline-style-to-element-with-no-renderer-crash.html
+        https://bugs.webkit.org/show_bug.cgi?id=149287
+        <rdar://problem/22746217>
+
+        Reviewed by Brent Fulgham.
+
+        * imported/blink/editing/apply-inline-style-to-element-with-no-renderer-crash-expected.txt: Added.
+        * imported/blink/editing/apply-inline-style-to-element-with-no-renderer-crash.html: Added.
+
 2016-01-12  Brady Eidson  <beidson@apple.com>
 
         Modern IDB: storage/indexeddb/dont-wedge.html is flaky.
diff --git a/LayoutTests/imported/blink/editing/apply-inline-style-to-element-with-no-renderer-crash-expected.txt b/LayoutTests/imported/blink/editing/apply-inline-style-to-element-with-no-renderer-crash-expected.txt
new file mode 100644 (file)
index 0000000..2afa0bf
--- /dev/null
@@ -0,0 +1 @@
+PASS. WebKit didn't crash.
diff --git a/LayoutTests/imported/blink/editing/apply-inline-style-to-element-with-no-renderer-crash.html b/LayoutTests/imported/blink/editing/apply-inline-style-to-element-with-no-renderer-crash.html
new file mode 100644 (file)
index 0000000..835aeb3
--- /dev/null
@@ -0,0 +1,43 @@
+<script>
+if (window.testRunner)
+    testRunner.dumpAsText();
+
+// If we create an anchor element using execCommand('CreateLink') in an SVG namespace it won't get a renderer because the command will create
+// an HTML rather than an SVG anchor. Our subsequent attempt to apply an inline style on the should fail rather than result in a crash.
+onload = function() {
+    tspan = document.getElementById("tspan");
+    tspan2 = document.getElementById("tspan2");
+    textPath = document.getElementById("textPath");
+
+    colorprofile = document.createElementNS('http://www.w3.org/2000/svg', 'color_profile');
+    li = document.createElement('li');
+    colorprofile.appendChild(li);
+    document.implementation.createDocument('' ,'' ,null).adoptNode(colorprofile)
+
+    input=document.createElement('input');
+    textPath.parentNode.insertBefore(input, textPath);
+    window.getSelection().setBaseAndExtent(input, 4);
+
+    document.designMode='on';
+    document.execCommand('Transpose');
+    document.execCommand('selectall');
+    document.execCommand('CreateLink', 0, '#');
+    document.execCommand('CreateLink', 0, '#');
+    document.execCommand('Undo');
+    document.designMode='off'
+    document.execCommand('Undo');
+    document.execCommand('Undo');
+    document.designMode='on';
+    document.execCommand('italic');
+
+    document.write("PASS. WebKit didn't crash.");
+}
+</script>
+<svg>
+    <text>
+        <tspan id="tspan">
+            <tspan id="tspan2">%uef5f%u9776%u638a</tspan>
+            <textPath id="textPath"></textPath>
+        </tspan>
+    </text>
+</svg>