Title: [222241] branches/safari-604-branch
- Revision
- 222241
- Author
- [email protected]
- Date
- 2017-09-19 18:21:38 -0700 (Tue, 19 Sep 2017)
Log Message
Cherry-pick r222220. rdar://problem/34534766
Modified Paths
Added Paths
Diff
Modified: branches/safari-604-branch/LayoutTests/ChangeLog (222240 => 222241)
--- branches/safari-604-branch/LayoutTests/ChangeLog 2017-09-20 01:21:33 UTC (rev 222240)
+++ branches/safari-604-branch/LayoutTests/ChangeLog 2017-09-20 01:21:38 UTC (rev 222241)
@@ -1,5 +1,22 @@
2017-09-19 Jason Marcell <[email protected]>
+ Cherry-pick r222220. rdar://problem/34534766
+
+ 2017-09-15 Wenson Hsieh <[email protected]>
+
+ createMarkupInternal should protect its pointer to the Range's common ancestor
+ https://bugs.webkit.org/show_bug.cgi?id=177033
+ <rdar://problem/34265390>
+
+ Reviewed by Tim Horton.
+
+ Adds a test that removes the common ancestor node of a range in the middle of executing an outdent.
+
+ * editing/execCommand/outdent-with-media-query-listener-in-iframe-expected.txt: Added.
+ * editing/execCommand/outdent-with-media-query-listener-in-iframe.html: Added.
+
+2017-09-19 Jason Marcell <[email protected]>
+
Cherry-pick r222214. rdar://problem/34534751
2017-09-19 Zalan Bujtas <[email protected]>
Added: branches/safari-604-branch/LayoutTests/editing/execCommand/outdent-with-media-query-listener-in-iframe-expected.txt (0 => 222241)
--- branches/safari-604-branch/LayoutTests/editing/execCommand/outdent-with-media-query-listener-in-iframe-expected.txt (rev 0)
+++ branches/safari-604-branch/LayoutTests/editing/execCommand/outdent-with-media-query-listener-in-iframe-expected.txt 2017-09-20 01:21:38 UTC (rev 222241)
@@ -0,0 +1 @@
+PASS
Added: branches/safari-604-branch/LayoutTests/editing/execCommand/outdent-with-media-query-listener-in-iframe.html (0 => 222241)
--- branches/safari-604-branch/LayoutTests/editing/execCommand/outdent-with-media-query-listener-in-iframe.html (rev 0)
+++ branches/safari-604-branch/LayoutTests/editing/execCommand/outdent-with-media-query-listener-in-iframe.html 2017-09-20 01:21:38 UTC (rev 222241)
@@ -0,0 +1,49 @@
+<!DOCTYPE html>
+<html>
+<body>
+<blockquote>
+ <div>
+ <span id="span">
+ <i id="i1">a</i>
+ <i id="i2">b</i>
+ </span>
+ </div>
+ <div>1</div>
+</blockquote>
+</body>
+
+<script>
+let layoutCount = 0;
+
+function forceGarbageCollection() {
+ for (let i = 0; i < 100; i++)
+ new ArrayBuffer(0x100000);
+}
+
+function listener() {
+ if (layoutCount === 53)
+ document.body.insertAdjacentHTML("beforeend", "<input autofocus>");
+
+ if (layoutCount === 54) {
+ span.remove();
+ forceGarbageCollection();
+ return;
+ }
+
+ frame.contentWindow.matchMedia(`(max-width: ${layoutCount + 1}px)`).addListener(listener);
+ frame.width = layoutCount++;
+}
+
+if (window.testRunner)
+ testRunner.dumpAsText();
+
+document.designMode = "on";
+document.execCommand("SelectAll");
+
+let frame = document.body.appendChild(document.createElement("iframe"));
+frame.contentWindow.matchMedia("(max-width: 100px)").addListener(listener);
+
+document.execCommand("Outdent");
+document.body.innerHTML = "<code style='color: green'>PASS</code>";
+</script>
+</html>
Modified: branches/safari-604-branch/Source/WebCore/ChangeLog (222240 => 222241)
--- branches/safari-604-branch/Source/WebCore/ChangeLog 2017-09-20 01:21:33 UTC (rev 222240)
+++ branches/safari-604-branch/Source/WebCore/ChangeLog 2017-09-20 01:21:38 UTC (rev 222241)
@@ -1,5 +1,31 @@
2017-09-19 Jason Marcell <[email protected]>
+ Cherry-pick r222220. rdar://problem/34534766
+
+ 2017-09-15 Wenson Hsieh <[email protected]>
+
+ createMarkupInternal should protect its pointer to the Range's common ancestor
+ https://bugs.webkit.org/show_bug.cgi?id=177033
+ <rdar://problem/34265390>
+
+ Reviewed by Tim Horton.
+
+ Adds basic safeguarding to codepaths hit while executing an outdent command.
+
+ Test: editing/execCommand/outdent-with-media-query-listener-in-iframe.html
+
+ * editing/IndentOutdentCommand.cpp:
+ (WebCore::IndentOutdentCommand::outdentRegion):
+
+ Avoid an infinite loop if endOfCurrentParagraph is a null position.
+
+ * editing/markup.cpp:
+ (WebCore::createMarkupInternal):
+
+ Protect the raw pointer to the Range's common ancestor node.
+
+2017-09-19 Jason Marcell <[email protected]>
+
Cherry-pick r222214. rdar://problem/34534751
2017-09-19 Zalan Bujtas <[email protected]>
Modified: branches/safari-604-branch/Source/WebCore/editing/IndentOutdentCommand.cpp (222240 => 222241)
--- branches/safari-604-branch/Source/WebCore/editing/IndentOutdentCommand.cpp 2017-09-20 01:21:33 UTC (rev 222240)
+++ branches/safari-604-branch/Source/WebCore/editing/IndentOutdentCommand.cpp 2017-09-20 01:21:38 UTC (rev 222241)
@@ -225,6 +225,12 @@
endOfNextParagraph = endOfParagraph(endOfCurrentParagraph.next());
}
endOfCurrentParagraph = endOfNextParagraph;
+
+ if (endOfCurrentParagraph.isNull()) {
+ // If the end of the current paragraph is null, we'll end up looping infinitely, since the end of the next paragraph
+ // (and the paragraph after that, and so on) will always be null. To avoid this infinite loop, just bail.
+ break;
+ }
}
}
Modified: branches/safari-604-branch/Source/WebCore/editing/markup.cpp (222240 => 222241)
--- branches/safari-604-branch/Source/WebCore/editing/markup.cpp 2017-09-20 01:21:33 UTC (rev 222240)
+++ branches/safari-604-branch/Source/WebCore/editing/markup.cpp 2017-09-20 01:21:38 UTC (rev 222241)
@@ -581,13 +581,13 @@
bool collapsed = range.collapsed();
if (collapsed)
return emptyString();
- Node* commonAncestor = range.commonAncestorContainer();
+ RefPtr<Node> commonAncestor = range.commonAncestorContainer();
if (!commonAncestor)
return emptyString();
document.updateLayoutIgnorePendingStylesheets();
- auto* body = enclosingElementWithTag(firstPositionInNode(commonAncestor), bodyTag);
+ auto* body = enclosingElementWithTag(firstPositionInNode(commonAncestor.get()), bodyTag);
Element* fullySelectedRoot = nullptr;
// FIXME: Do this for all fully selected blocks, not just the body.
if (body && VisiblePosition(firstPositionInNode(body)) == VisiblePosition(range.startPosition())
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
