https://bugs.webkit.org/show_bug.cgi?id=116479
Source/WebCore:
Reviewed by Andreas Kling.
Merge https://chromium.googlesource.com/chromium/blink/+/
5cb43002a44f67a60ecf5a7ed76de2d0bcf89eb2
DeleteSelection::makeStylingElementsDirectChildrenOfEditableRootToPreventStyleLoss() make style and link elements
to be the direct children of the editable root. However, these style and link elements are not necessary editable
and WebKit crashes when they are not.
Test: editing/deleting/delete-uneditable-style.html
* editing/DeleteSelectionCommand.cpp:
(WebCore::DeleteSelectionCommand::makeStylingElementsDirectChildrenOfEditableRootToPreventStyleLoss):
LayoutTests:
Reviewed by Andreas Kling.
Add a regression test.
* editing/deleting/delete-uneditable-style-expected.txt: Added.
* editing/deleting/delete-uneditable-style.html: Added.
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@150402
268f45cc-cd09-0410-ab3c-
d52691b4dbfc
+2013-05-20 Ryosuke Niwa <rniwa@webkit.org>
+
+ Null pointer deference in WebCore::AppendNodeCommand::create
+ https://bugs.webkit.org/show_bug.cgi?id=116479
+
+ Reviewed by Andreas Kling.
+
+ Add a regression test.
+
+ * editing/deleting/delete-uneditable-style-expected.txt: Added.
+ * editing/deleting/delete-uneditable-style.html: Added.
+
2013-05-20 Ryosuke Niwa <rniwa@webkit.org>
REGRESSION(r150386): [WK2] loader/go-back-cached-main-resource.html fails
--- /dev/null
+Test that having a non-editable style and link elements does not cause a crash
+| <span>
+| id="end"
+| "<#selection-caret>end"
+| "
+"
--- /dev/null
+<!DOCTYPE>
+<html>
+<body>
+<script src="../../resources/dump-as-markup.js"></script>
+<div contentEditable id="test">
+ <span id="start">start</span>
+ editable-1
+ <div contentEditable="false">
+ <style>#end { color: red; }</style>
+ <link type="foo" href="bar">
+ uneditable
+ </div>
+ editable-2
+<span id="end">end</span>
+</div>
+<script>
+Markup.description('Test that having a non-editable style and link elements does not cause a crash');
+
+function $(id) { return document.getElementById(id); }
+
+var range = document.createRange();
+range.setStart($('start'));
+range.setEnd($('end'), NaN);
+
+getSelection().addRange(range);
+
+document.execCommand('Delete', null, '');
+
+Markup.dump('test');
+
+</script>
+</body>
+</html>
+2013-05-20 Ryosuke Niwa <rniwa@webkit.org>
+
+ Null pointer deference in WebCore::AppendNodeCommand::create
+ https://bugs.webkit.org/show_bug.cgi?id=116479
+
+ Reviewed by Andreas Kling.
+
+ Merge https://chromium.googlesource.com/chromium/blink/+/5cb43002a44f67a60ecf5a7ed76de2d0bcf89eb2
+
+ DeleteSelection::makeStylingElementsDirectChildrenOfEditableRootToPreventStyleLoss() make style and link elements
+ to be the direct children of the editable root. However, these style and link elements are not necessary editable
+ and WebKit crashes when they are not.
+
+ Test: editing/deleting/delete-uneditable-style.html
+
+ * editing/DeleteSelectionCommand.cpp:
+ (WebCore::DeleteSelectionCommand::makeStylingElementsDirectChildrenOfEditableRootToPreventStyleLoss):
+
2013-05-20 Beth Dakin <bdakin@apple.com>
Scrollbars still show sometimes even when WKPageSetSuppressScrollbarAnimations()
if ((node->hasTagName(styleTag) && !(toElement(node.get())->hasAttribute(scopedAttr))) || node->hasTagName(linkTag)) {
nextNode = NodeTraversal::nextSkippingChildren(node.get());
RefPtr<ContainerNode> rootEditableElement = node->rootEditableElement();
- removeNode(node);
- appendNode(node, rootEditableElement);
+ if (rootEditableElement) {
+ removeNode(node);
+ appendNode(node, rootEditableElement);
+ }
}
node = nextNode;
}
git://git.webkit.org / WebKit-https.git / commitdiff