Reviewed by Adele Peterson.
<rdar://problem/
5497643> Crash at Node::isDescendantOf when switching out of Edit HTML Source mode
A textarea that contained the selection was removed but the selection wasn't cleared,
and we'd crash in code that assumed a valid, in-document selection.
* editing/SelectionController.cpp:
(WebCore::removingNodeRemovesPosition): Clear the selection if the node being removed is the
shadowAncestorNode of the node that contains the position, not just if the node being removed
contains that shadowAncestorNode.
LayoutTests:
Reviewed by Adele Peterson.
<rdar://problem/
5497643> Crash at Node::isDescendantOf when switching out of Edit HTML Source mode
* editing/selection/
5497643-expected.txt: Added.
* editing/selection/
5497643.html: Added.
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@27818
268f45cc-cd09-0410-ab3c-
d52691b4dbfc
+2007-11-15 Justin Garcia <justin.garcia@apple.com>
+
+ Reviewed by Adele Peterson.
+
+ <rdar://problem/5497643> Crash at Node::isDescendantOf when switching out of Edit HTML Source mode
+
+ * editing/selection/5497643-expected.txt: Added.
+ * editing/selection/5497643.html: Added.
+
2007-11-14 Anders Carlsson <andersca@apple.com>
Reviewed by Brady.
--- /dev/null
+ALERT: SUCCESS: The selection was cleared.
+This tests to make sure that a selection inside a textarea is cleared when the textarea is removed from the document. Not clearing it led to crashes.
+
+
--- /dev/null
+<p>This tests to make sure that a selection inside a textarea is cleared when the textarea is removed from the document. Not clearing it led to crashes.</p>
+<textarea id="textarea"></textarea>
+<script>
+if (window.layoutTestController)
+ window.layoutTestController.dumpAsText();
+textarea = document.getElementById("textarea");
+textarea.setSelectionRange(0, 0);
+textarea.parentNode.removeChild(textarea);
+if (window.getSelection().type != "None")
+ alert("FAILURE: There shouldn't be a selection.")
+else
+ alert("SUCCESS: The selection was cleared.")
+</script>
+2007-11-15 Justin Garcia <justin.garcia@apple.com>
+
+ Reviewed by Adele Peterson.
+
+ <rdar://problem/5497643> Crash at Node::isDescendantOf when switching out of Edit HTML Source mode
+
+ A textarea that contained the selection was removed but the selection wasn't cleared,
+ and we'd crash in code that assumed a valid, in-document selection.
+
+ * editing/SelectionController.cpp:
+ (WebCore::removingNodeRemovesPosition): Clear the selection if the node being removed is the
+ shadowAncestorNode of the node that contains the position, not just if the node being removed
+ contains that shadowAncestorNode.
+
2007-11-15 Nikolas Zimmermann <zimmermann@kde.org>
Reviewed by Maciej.
if (!position.node())
return false;
- if (position.node() == node || position.node()->isDescendantOf(node))
+ if (position.node() == node)
return true;
- Node* shadowAncestorNode = position.node()->shadowAncestorNode();
- return shadowAncestorNode && shadowAncestorNode->isDescendantOf(node);
+ if (!node->isElementNode())
+ return false;
+
+ Element* element = static_cast<Element*>(node);
+ return element->contains(position.node()) || element->contains(position.node()->shadowAncestorNode());
}
void SelectionController::nodeWillBeRemoved(Node *node)
git://git.webkit.org / WebKit-https.git / commitdiff