[webkit-changes] [212091] branches/safari-603-branch

Fri, 10 Feb 2017 00:16:05 -0800

Title: [212091] branches/safari-603-branch

Diff

Modified: branches/safari-603-branch/LayoutTests/ChangeLog (212090 => 212091)


--- branches/safari-603-branch/LayoutTests/ChangeLog	2017-02-10 08:16:05 UTC (rev 212090)
+++ branches/safari-603-branch/LayoutTests/ChangeLog	2017-02-10 08:16:09 UTC (rev 212091)
@@ -1,5 +1,20 @@
 2017-02-09  Matthew Hanson  <matthew_han...@apple.com>
 
+        Merge r212023. rdar://problem/30041640
+
+    2017-02-09  Brent Fulgham  <bfulg...@apple.com>
+
+            Handle synchronous layout when setting a selection range
+            https://bugs.webkit.org/show_bug.cgi?id=167092
+            <rdar://problem/30041640>
+
+            Reviewed by Antti Koivisto.
+
+            * fast/forms/input-type-change-during-selection-expected.txt: Added.
+            * fast/forms/input-type-change-during-selection.html: Added.
+
+2017-02-09  Matthew Hanson  <matthew_han...@apple.com>
+
         Merge r212020. rdar://problem/29939864
 
     2017-02-09  Keith Miller  <keith_mil...@apple.com>

Added: branches/safari-603-branch/LayoutTests/fast/forms/input-type-change-during-selection-expected.txt (0 => 212091)


--- branches/safari-603-branch/LayoutTests/fast/forms/input-type-change-during-selection-expected.txt	                        (rev 0)
+++ branches/safari-603-branch/LayoutTests/fast/forms/input-type-change-during-selection-expected.txt	2017-02-10 08:16:09 UTC (rev 212091)
@@ -0,0 +1,9 @@
+Check that manipulating input type while focusing is handled. Passes if we do not crash.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS successfullyParsed is true
+
+TEST COMPLETE
+

Added: branches/safari-603-branch/LayoutTests/fast/forms/input-type-change-during-selection.html (0 => 212091)


--- branches/safari-603-branch/LayoutTests/fast/forms/input-type-change-during-selection.html	                        (rev 0)
+++ branches/safari-603-branch/LayoutTests/fast/forms/input-type-change-during-selection.html	2017-02-10 08:16:09 UTC (rev 212091)
@@ -0,0 +1,29 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script src=""
+<script>
+description("Check that manipulating input type while focusing is handled. Passes if we do not crash.");
+
+window.jsTestIsAsync = true;
+
+function finishTest() {
+    testPassed('Input manipulation succeeded.');
+    finishJSTest();
+}
+
+function changeType() {
+    input.type = "foo";
+}
+
+function setSelection() {
+    input.selectionStart = 25;
+    finishJSTest();
+}
+</script>
+</head>
+<body>
+    <input id="input" _onfocus_="changeType()" autofocus="autofocus" type="tel">
+    <iframe _onload_="setSelection()"></iframe>
+</body>
+</html>
\ No newline at end of file

Modified: branches/safari-603-branch/Source/WebCore/ChangeLog (212090 => 212091)


--- branches/safari-603-branch/Source/WebCore/ChangeLog	2017-02-10 08:16:05 UTC (rev 212090)
+++ branches/safari-603-branch/Source/WebCore/ChangeLog	2017-02-10 08:16:09 UTC (rev 212091)
@@ -1,5 +1,27 @@
 2017-02-09  Matthew Hanson  <matthew_han...@apple.com>
 
+        Merge r212023. rdar://problem/30041640
+
+    2017-02-09  Brent Fulgham  <bfulg...@apple.com>
+
+            Handle synchronous layout when setting a selection range
+            https://bugs.webkit.org/show_bug.cgi?id=167092
+            <rdar://problem/30041640>
+
+            Reviewed by Antti Koivisto.
+
+            The 'innerTextElement' of a form control can change during layout due
+            to arbitrary _javascript_ executing. Handle the case where the inner text
+            element has changed so that current render box height is while setting
+            a selection range.
+
+            Test: fast/forms/input-type-change-during-selection.html
+
+            * html/HTMLTextFormControlElement.cpp:
+            (WebCore::HTMLTextFormControlElement::setSelectionRange):
+
+2017-02-09  Matthew Hanson  <matthew_han...@apple.com>
+
         Merge r211999. rdar://problem/29930443
 
     2017-02-09  Brent Fulgham  <bfulg...@apple.com>

Modified: branches/safari-603-branch/Source/WebCore/html/HTMLTextFormControlElement.cpp (212090 => 212091)


--- branches/safari-603-branch/Source/WebCore/html/HTMLTextFormControlElement.cpp	2017-02-10 08:16:05 UTC (rev 212090)
+++ branches/safari-603-branch/Source/WebCore/html/HTMLTextFormControlElement.cpp	2017-02-10 08:16:09 UTC (rev 212091)
@@ -297,7 +297,12 @@
     if (!hasFocus && innerText) {
         // FIXME: Removing this synchronous layout requires fixing <https://webkit.org/b/128797>
         document().updateLayoutIgnorePendingStylesheets();
-        if (RenderElement* rendererTextControl = renderer()) {
+
+        // Double-check the state of innerTextElement after the layout.
+        innerText = innerTextElement();
+        auto* rendererTextControl = renderer();
+
+        if (innerText && rendererTextControl) {
             if (rendererTextControl->style().visibility() == HIDDEN || !innerText->renderBox()->height()) {
                 cacheSelection(start, end, direction);
                 return;

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to