[webkit-changes] [94832] trunk

Thu, 08 Sep 2011 21:02:28 -0700

Title: [94832] trunk
Revision
94832
Author
sulli...@chromium.org
Date
2011-09-08 21:03:21 -0700 (Thu, 08 Sep 2011)

Log Message

Crashes in WebCore::InsertNodeBeforeCommand constructor.
https://bugs.webkit.org/show_bug.cgi?id=67763

Reviewed by Ryosuke Niwa.

Source/WebCore:

Changes editableRootForPosition() to use the position's containerNode instead of deprecatedNode so that
positions which are before or after a given node cannot return that node as the editable root.

Test: editing/inserting/insert-paragraph-selection-outside-contenteditable.html

* editing/htmlediting.cpp:
(WebCore::editableRootForPosition): use containerNode instead of deprecatedNode.

LayoutTests:

Tests for crash when the selection is outside the contenteditable node.

* editing/inserting/insert-paragraph-selection-outside-contenteditable-expected.txt: Added.
* editing/inserting/insert-paragraph-selection-outside-contenteditable.html: Added.

Modified Paths

Added Paths

Diff

Modified: trunk/LayoutTests/ChangeLog (94831 => 94832)


--- trunk/LayoutTests/ChangeLog	2011-09-09 03:20:59 UTC (rev 94831)
+++ trunk/LayoutTests/ChangeLog	2011-09-09 04:03:21 UTC (rev 94832)
@@ -1,3 +1,15 @@
+2011-09-08  Annie Sullivan  <sulli...@chromium.org>
+
+        Crashes in WebCore::InsertNodeBeforeCommand constructor.
+        https://bugs.webkit.org/show_bug.cgi?id=67763
+
+        Reviewed by Ryosuke Niwa.
+
+        Tests for crash when the selection is outside the contenteditable node.
+
+        * editing/inserting/insert-paragraph-selection-outside-contenteditable-expected.txt: Added.
+        * editing/inserting/insert-paragraph-selection-outside-contenteditable.html: Added.
+
 2011-09-08  Daniel Bates  <dba...@webkit.org>
 
         XSS filter bypass via non-standard URL encoding

Added: trunk/LayoutTests/editing/inserting/insert-paragraph-selection-outside-contenteditable-expected.txt (0 => 94832)


--- trunk/LayoutTests/editing/inserting/insert-paragraph-selection-outside-contenteditable-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/editing/inserting/insert-paragraph-selection-outside-contenteditable-expected.txt	2011-09-09 04:03:21 UTC (rev 94832)
@@ -0,0 +1,3 @@
+This test ensures that WebKit does not crash or edit the content when the selection is outside of the contenteditable area.
+
+PASS

Added: trunk/LayoutTests/editing/inserting/insert-paragraph-selection-outside-contenteditable.html (0 => 94832)


--- trunk/LayoutTests/editing/inserting/insert-paragraph-selection-outside-contenteditable.html	                        (rev 0)
+++ trunk/LayoutTests/editing/inserting/insert-paragraph-selection-outside-contenteditable.html	2011-09-09 04:03:21 UTC (rev 94832)
@@ -0,0 +1,21 @@
+<!DOCTYPE html>
+<html>
+<body>
+    <meter id="root" contenteditable><span id="wrapper">xxx</span></meter>
+
+    <script>
+    if (window.layoutTestController)
+        layoutTestController.dumpAsText();
+
+    var originalContent = root.outerHTML;
+    var sel = window.getSelection();
+    sel.setPosition(document.getElementById("wrapper"), 1);
+    document.execCommand("InsertParagraph", false, null);
+    var editedContent = root.outerHTML;
+    root.style.display = 'none'; // Remove from output.
+
+    document.writeln('This test ensures that WebKit does not crash or edit the content when the selection is outside of the contenteditable area.<br><br>');
+    document.writeln(originalContent == editedContent ? 'PASS' : 'FAIL: expected ' +  originalContent + ' but was changed to ' + editedContent);
+  </script>
+</body>
+</html>

Modified: trunk/Source/WebCore/ChangeLog (94831 => 94832)


--- trunk/Source/WebCore/ChangeLog	2011-09-09 03:20:59 UTC (rev 94831)
+++ trunk/Source/WebCore/ChangeLog	2011-09-09 04:03:21 UTC (rev 94832)
@@ -1,3 +1,18 @@
+2011-09-08  Annie Sullivan  <sulli...@chromium.org>
+
+        Crashes in WebCore::InsertNodeBeforeCommand constructor.
+        https://bugs.webkit.org/show_bug.cgi?id=67763
+
+        Reviewed by Ryosuke Niwa.
+
+        Changes editableRootForPosition() to use the position's containerNode instead of deprecatedNode so that
+        positions which are before or after a given node cannot return that node as the editable root.
+
+        Test: editing/inserting/insert-paragraph-selection-outside-contenteditable.html
+
+        * editing/htmlediting.cpp:
+        (WebCore::editableRootForPosition): use containerNode instead of deprecatedNode.
+
 2011-09-08  James Weatherall  <w...@chromium.org>
 
         Release the reference to the HTMLPlugInElement's script object, when the element is removed from the document.  This breaks a cyclical reference that would otherwise cause the element to be retained until the document is torn down.

Modified: trunk/Source/WebCore/editing/htmlediting.cpp (94831 => 94832)


--- trunk/Source/WebCore/editing/htmlediting.cpp	2011-09-09 03:20:59 UTC (rev 94831)
+++ trunk/Source/WebCore/editing/htmlediting.cpp	2011-09-09 04:03:21 UTC (rev 94832)
@@ -176,7 +176,7 @@
 
 Element* editableRootForPosition(const Position& p)
 {
-    Node* node = p.deprecatedNode();
+    Node* node = p.containerNode();
     if (!node)
         return 0;
         

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes

Reply via email to