2011-03-15 Ryosuke Niwa <rniwa@webkit.org>
authorrniwa@webkit.org <rniwa@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 15 Mar 2011 22:37:47 +0000 (22:37 +0000)
committerrniwa@webkit.org <rniwa@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 15 Mar 2011 22:37:47 +0000 (22:37 +0000)
        Reviewed by Tony Chang.

        Crash in ReplaceSelectionCommand::doApply when inserting a node under a document node
        https://bugs.webkit.org/show_bug.cgi?id=56372

        The bug was caused by insertNodeAfter's calling parentElement on document's child.
        Fixed this by changing the node that AppendNodeCommand takes.

        There was also a bug that document node always returned false for isContentEditable
        and isContentRichlyEditable because they never overrode Node's default implementation.
        Fixed this by overriding them in Document.

        Test: editing/execCommand/append-node-under-document.html

        * dom/Document.cpp:
        (WebCore::Document::isContentEditable): Added.
        (WebCore::Document::isContentRichlyEditable): Added.
        * dom/Document.h:
        * editing/AppendNodeCommand.cpp:
        (WebCore::AppendNodeCommand::AppendNodeCommand): Takes ContainerNode instead of Element.
        * editing/AppendNodeCommand.h:
        (WebCore::AppendNodeCommand::create): Ditto.
        * editing/CompositeEditCommand.cpp:
        (WebCore::CompositeEditCommand::appendNode): Ditto.
        (WebCore::CompositeEditCommand::insertNodeAfter): Calls parentNode instead of parentElement.
        * editing/CompositeEditCommand.h:
2011-03-15  Ryosuke Niwa  <rniwa@webkit.org>

        Reviewed by Tony Chang.

        Crash in ReplaceSelectionCommand::doApply when inserting a node under a document node
        https://bugs.webkit.org/show_bug.cgi?id=56372

        Added a test to ensure WebKit does not crash when appending a node to a document
        that has only two nested iframes.

        * editing/execCommand/append-node-under-document-expected.txt: Added.
        * editing/execCommand/append-node-under-document.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@81185 268f45cc-cd09-0410-ab3c-d52691b4dbfc

LayoutTests/ChangeLog
LayoutTests/editing/execCommand/append-node-under-document-expected.txt [new file with mode: 0644]
LayoutTests/editing/execCommand/append-node-under-document.html [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/dom/Document.cpp
Source/WebCore/dom/Document.h
Source/WebCore/editing/AppendNodeCommand.cpp
Source/WebCore/editing/AppendNodeCommand.h
Source/WebCore/editing/CompositeEditCommand.cpp
Source/WebCore/editing/CompositeEditCommand.h

index 60100e2..551c414 100644 (file)
@@ -1,3 +1,16 @@
+2011-03-15  Ryosuke Niwa  <rniwa@webkit.org>
+
+        Reviewed by Tony Chang.
+
+        Crash in ReplaceSelectionCommand::doApply when inserting a node under a document node
+        https://bugs.webkit.org/show_bug.cgi?id=56372
+
+        Added a test to ensure WebKit does not crash when appending a node to a document
+        that has only two nested iframes.
+
+        * editing/execCommand/append-node-under-document-expected.txt: Added.
+        * editing/execCommand/append-node-under-document.html: Added.
+
 2011-03-15  David Levin  <levin@chromium.org>
 
         Compensate for r81168 (svg) and r81155 (fast/forms/input-autofilled.html) and r81049 (fast/table).
diff --git a/LayoutTests/editing/execCommand/append-node-under-document-expected.txt b/LayoutTests/editing/execCommand/append-node-under-document-expected.txt
new file mode 100644 (file)
index 0000000..f205c55
--- /dev/null
@@ -0,0 +1,2 @@
+This test ensures WebKit does not crash when replacing contents in a document whose the only content is a nested iframes.
+PASS.
diff --git a/LayoutTests/editing/execCommand/append-node-under-document.html b/LayoutTests/editing/execCommand/append-node-under-document.html
new file mode 100644 (file)
index 0000000..e1a35af
--- /dev/null
@@ -0,0 +1,23 @@
+<!DOCTYPE html>
+<html>
+<body onload="runTest()">
+<script>
+
+if (window.layoutTestController)
+    layoutTestController.dumpAsText();
+
+function runTest() {
+  document.designMode = "on";
+  document.open();
+  var parent = document.appendChild(document.createElement('iframe'));
+  parent.appendChild(document.createElement('iframe'));
+  parent.focus();
+  document.execCommand("InsertHorizontalRule");
+
+  document.open();
+  document.writeln('This test ensures WebKit does not crash when replacing contents in a document whose the only content is a nested iframes.<br>PASS.');
+}
+
+</script>
+</body>
+</html>
index c8132da..1a7890c 100644 (file)
@@ -1,3 +1,32 @@
+2011-03-15  Ryosuke Niwa  <rniwa@webkit.org>
+
+        Reviewed by Tony Chang.
+
+        Crash in ReplaceSelectionCommand::doApply when inserting a node under a document node
+        https://bugs.webkit.org/show_bug.cgi?id=56372
+
+        The bug was caused by insertNodeAfter's calling parentElement on document's child.
+        Fixed this by changing the node that AppendNodeCommand takes.
+
+        There was also a bug that document node always returned false for isContentEditable
+        and isContentRichlyEditable because they never overrode Node's default implementation.
+        Fixed this by overriding them in Document.
+
+        Test: editing/execCommand/append-node-under-document.html
+
+        * dom/Document.cpp:
+        (WebCore::Document::isContentEditable): Added.
+        (WebCore::Document::isContentRichlyEditable): Added.
+        * dom/Document.h:
+        * editing/AppendNodeCommand.cpp:
+        (WebCore::AppendNodeCommand::AppendNodeCommand): Takes ContainerNode instead of Element.
+        * editing/AppendNodeCommand.h:
+        (WebCore::AppendNodeCommand::create): Ditto.
+        * editing/CompositeEditCommand.cpp:
+        (WebCore::CompositeEditCommand::appendNode): Ditto.
+        (WebCore::CompositeEditCommand::insertNodeAfter): Calls parentNode instead of parentElement.
+        * editing/CompositeEditCommand.h:
+
 2011-03-15  David Grogan  <dgrogan@chromium.org>
 
         Reviewed by Jeremy Orlow.
index dbca97d..fee2af2 100644 (file)
@@ -4117,6 +4117,22 @@ bool Document::inDesignMode() const
     return false;
 }
 
+bool Document::isContentEditable() const
+{
+    if (inDesignMode())
+        return true;
+
+    return renderer() && (renderer()->style()->userModify() == READ_WRITE || renderer()->style()->userModify() == READ_WRITE_PLAINTEXT_ONLY);
+}
+
+bool Document::isContentRichlyEditable() const
+{
+    if (inDesignMode())
+        return true;
+
+    return renderer() && renderer()->style()->userModify() == READ_WRITE;
+}
+
 Document* Document::parentDocument() const
 {
     if (!m_frame)
index 3f75fdc..8e20097 100644 (file)
@@ -894,6 +894,8 @@ public:
     void setDesignMode(InheritedBool value);
     InheritedBool getDesignMode() const;
     bool inDesignMode() const;
+    virtual bool isContentEditable() const;
+    virtual bool isContentRichlyEditable() const;
 
     Document* parentDocument() const;
     Document* topDocument() const;
index 58f7fa6..c869ba0 100644 (file)
@@ -31,7 +31,7 @@
 
 namespace WebCore {
 
-AppendNodeCommand::AppendNodeCommand(PassRefPtr<Element> parent, PassRefPtr<Node> node)
+AppendNodeCommand::AppendNodeCommand(PassRefPtr<ContainerNode> parent, PassRefPtr<Node> node)
     : SimpleEditCommand(parent->document())
     , m_parent(parent)
     , m_node(node)
index 5ffb881..87a8cd2 100644 (file)
@@ -32,18 +32,18 @@ namespace WebCore {
 
 class AppendNodeCommand : public SimpleEditCommand {
 public:
-    static PassRefPtr<AppendNodeCommand> create(PassRefPtr<Element> parent, PassRefPtr<Node> node)
+    static PassRefPtr<AppendNodeCommand> create(PassRefPtr<ContainerNode> parent, PassRefPtr<Node> node)
     {
         return adoptRef(new AppendNodeCommand(parent, node));
     }
 
 private:
-    AppendNodeCommand(PassRefPtr<Element> parent, PassRefPtr<Node> node);
+    AppendNodeCommand(PassRefPtr<ContainerNode> parent, PassRefPtr<Node>);
 
     virtual void doApply();
     virtual void doUnapply();
 
-    RefPtr<Element> m_parent;
+    RefPtr<ContainerNode> m_parent;
     RefPtr<Node> m_node;
 };
 
index 60744ab..75bead0 100644 (file)
@@ -144,7 +144,7 @@ void CompositeEditCommand::insertNodeAfter(PassRefPtr<Node> insertChild, PassRef
     ASSERT(insertChild);
     ASSERT(refChild);
     ASSERT(!refChild->hasTagName(bodyTag));
-    Element* parent = refChild->parentElement();
+    ContainerNode* parent = refChild->parentNode();
     ASSERT(parent);
     if (parent->lastChild() == refChild)
         appendNode(insertChild, parent);
@@ -184,7 +184,7 @@ void CompositeEditCommand::insertNodeAt(PassRefPtr<Node> insertChild, const Posi
         insertNodeAfter(insertChild, refChild);
 }
 
-void CompositeEditCommand::appendNode(PassRefPtr<Node> node, PassRefPtr<Element> parent)
+void CompositeEditCommand::appendNode(PassRefPtr<Node> node, PassRefPtr<ContainerNode> parent)
 {
     ASSERT(canHaveChildrenForEditing(parent.get()));
     applyCommandToComposite(AppendNodeCommand::create(parent, node));
index a955b3a..4b96d8f 100644 (file)
@@ -49,7 +49,7 @@ protected:
     //
     // sugary-sweet convenience functions to help create and apply edit commands in composite commands
     //
-    void appendNode(PassRefPtr<Node>, PassRefPtr<Element> parent);
+    void appendNode(PassRefPtr<Node>, PassRefPtr<ContainerNode> parent);
     void applyCommandToComposite(PassRefPtr<EditCommand>);
     void applyStyle(const EditingStyle*, EditAction = EditActionChangeAttributes);
     void applyStyle(const EditingStyle*, const Position& start, const Position& end, EditAction = EditActionChangeAttributes);