[webkit-changes] [219159] branches/safari-604.1.28-branch

Wed, 05 Jul 2017 15:08:27 -0700

Title: [219159] branches/safari-604.1.28-branch

Diff

Modified: branches/safari-604.1.28-branch/LayoutTests/ChangeLog (219158 => 219159)


--- branches/safari-604.1.28-branch/LayoutTests/ChangeLog	2017-07-05 21:52:19 UTC (rev 219158)
+++ branches/safari-604.1.28-branch/LayoutTests/ChangeLog	2017-07-05 22:08:05 UTC (rev 219159)
@@ -1,3 +1,20 @@
+2017-07-05  Matthew Hanson  <[email protected]>
+
+        Cherry-pick r219081. rdar://problem/33083972
+
+    2017-07-02  Ryosuke Niwa  <[email protected]>
+
+            REGRESSION(r218910): Crash inside textMarkerDataForFirstPositionInTextControl
+            https://bugs.webkit.org/show_bug.cgi?id=174077
+            <rdar://problem/33083972>
+
+            Reviewed by Chris Fleizach.
+
+            Added a regression test for changing the input element's type during editing.
+
+            * accessibility/mac/input-type-change-crash-expected.txt: Added.
+            * accessibility/mac/input-type-change-crash.html: Added.
+
 2017-06-29  Jason Marcell  <[email protected]>
 
         Cherry-pick r218957.

Added: branches/safari-604.1.28-branch/LayoutTests/accessibility/mac/input-type-change-crash-expected.txt (0 => 219159)


--- branches/safari-604.1.28-branch/LayoutTests/accessibility/mac/input-type-change-crash-expected.txt	                        (rev 0)
+++ branches/safari-604.1.28-branch/LayoutTests/accessibility/mac/input-type-change-crash-expected.txt	2017-07-05 22:08:05 UTC (rev 219159)
@@ -0,0 +1,10 @@
+This tests setting the value to a readonly or disabled text field which was previously editable
+
+AXTextStateChangeType=1 AXTextChangeValues=[{"AXTextChangeValue":"a","AXTextEditType":3}]
+AXTextStateChangeType=1 AXTextChangeValues=[{"AXTextChangeValue":"a","AXTextEditType":1},{"AXTextChangeValue":"hello","AXTextEditType":2}]
+AXTextStateChangeType=1 AXTextChangeValues=[{"AXTextChangeValue":"b","AXTextEditType":3}]
+AXTextStateChangeType=1 AXTextChangeValues=[{"AXTextChangeValue":"hellob","AXTextEditType":1},{"AXTextChangeValue":"world","AXTextEditType":2}]
+AXTextStateChangeType=1 AXTextChangeValues=[{"AXTextChangeValue":"c","AXTextEditType":3}]
+AXTextStateChangeType=1 AXTextChangeValues=[{"AXTextChangeValue":"worldc","AXTextEditType":1},{"AXTextChangeValue":"WebKit","AXTextEditType":2}]
+AXTextStateChangeType=1 AXTextChangeValues=[{"AXTextChangeValue":"d","AXTextEditType":3}]
+

Added: branches/safari-604.1.28-branch/LayoutTests/accessibility/mac/input-type-change-crash.html (0 => 219159)


--- branches/safari-604.1.28-branch/LayoutTests/accessibility/mac/input-type-change-crash.html	                        (rev 0)
+++ branches/safari-604.1.28-branch/LayoutTests/accessibility/mac/input-type-change-crash.html	2017-07-05 22:08:05 UTC (rev 219159)
@@ -0,0 +1,60 @@
+<!DOCTYPE html>
+<html>
+<body>
+<p>This tests setting the value to a readonly or disabled text field which was previously editable</p>
+<pre id="log"></pre>
+<input type="text">
+<script>
+
+if (!window.accessibilityController)
+    document.write('This test requires accessibilityController');
+else {
+    testRunner.dumpAsText();
+    testRunner.waitUntilDone();
+    accessibilityController.enableEnhancedAccessibility(true);
+
+    function sortByKey(unsortedObject) {
+        const sortedObject = {};
+        for (const key of Object.keys(unsortedObject).sort())
+            sortedObject[key] = unsortedObject[key];
+        return sortedObject;
+    }
+
+    const webArea = accessibilityController.rootElement.childAtIndex(0);
+    const notifications = [];
+    webArea.addNotificationListener((notification, userInfo) => {
+        if (notification == 'AXLoadComplete') {
+            webArea.removeNotificationListener();
+            testRunner.notifyDone();
+            return;
+        }
+        if (notification != 'AXValueChanged')
+            return;
+
+        document.getElementById('log').textContent
+            += `AXTextStateChangeType=${userInfo['AXTextStateChangeType']}`
+            + ` AXTextChangeValues=${JSON.stringify(userInfo['AXTextChangeValues'].map(object => sortByKey(object)))}\n`
+    });
+
+    const input = document.querySelector('input');
+    input.focus();
+    eventSender.keyDown('a');
+    input.value = 'hello';
+    eventSender.keyDown('b');
+    input.readOnly = true;
+    internals.updateLayoutIgnorePendingStylesheetsAndRunPostLayoutTasks();
+    input.value = 'world';
+    input.readOnly = false;
+    internals.updateLayoutIgnorePendingStylesheetsAndRunPostLayoutTasks();
+    eventSender.keyDown('c');
+    input.disabled = true;
+    internals.updateLayoutIgnorePendingStylesheetsAndRunPostLayoutTasks();
+    input.value = 'WebKit';
+    input.disabled = false;
+    internals.updateLayoutIgnorePendingStylesheetsAndRunPostLayoutTasks();
+    eventSender.keyDown('d');
+}
+
+</script>
+</body>
+</html>

Modified: branches/safari-604.1.28-branch/Source/WebCore/ChangeLog (219158 => 219159)


--- branches/safari-604.1.28-branch/Source/WebCore/ChangeLog	2017-07-05 21:52:19 UTC (rev 219158)
+++ branches/safari-604.1.28-branch/Source/WebCore/ChangeLog	2017-07-05 22:08:05 UTC (rev 219159)
@@ -1,3 +1,26 @@
+2017-07-05  Matthew Hanson  <[email protected]>
+
+        Cherry-pick r219081. rdar://problem/33083972
+
+    2017-07-02  Ryosuke Niwa  <[email protected]>
+
+            REGRESSION(r218910): Crash inside textMarkerDataForFirstPositionInTextControl
+            https://bugs.webkit.org/show_bug.cgi?id=174077
+            <rdar://problem/33083972>
+
+            Reviewed by Chris Fleizach.
+
+            The bug was caused by textMarkerDataForFirstPositionInTextControl assuming that
+            there is always a root editable element (a.k.a. editing host) in the text control.
+            When the text control is readonly or disabled, this is not the case.
+
+            Fixed the bug by adding an early exit when there is no editing host.
+
+            Test: accessibility/mac/input-type-change-crash.html
+
+            * accessibility/AXObjectCache.cpp:
+            (WebCore::AXObjectCache::textMarkerDataForFirstPositionInTextControl):
+
 2017-06-29  Jason Marcell  <[email protected]>
 
         Revert r218757. rdar://problem/32911535

Modified: branches/safari-604.1.28-branch/Source/WebCore/accessibility/AXObjectCache.cpp (219158 => 219159)


--- branches/safari-604.1.28-branch/Source/WebCore/accessibility/AXObjectCache.cpp	2017-07-05 21:52:19 UTC (rev 219158)
+++ branches/safari-604.1.28-branch/Source/WebCore/accessibility/AXObjectCache.cpp	2017-07-05 22:08:05 UTC (rev 219159)
@@ -2160,6 +2160,8 @@
     if (!firstChild)
         firstChild = innerTextElement;
     ContainerNode* editingHost = highestEditableRoot(firstPosition);
+    if (!editingHost) // textControl is no longer editable. e.g. readonly or disabled.
+        return std::nullopt;
 
     AXObjectCache* cache = textControl.document().axObjectCache();
     RefPtr<AccessibilityObject> obj = cache->getOrCreate(editingHost);

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to