[webkit-changes] [257460] releases/WebKitGTK/webkit-2.28

Wed, 26 Feb 2020 02:59:28 -0800

Title: [257460] releases/WebKitGTK/webkit-2.28
Revision
257460
Author
[email protected]
Date
2020-02-26 02:58:29 -0800 (Wed, 26 Feb 2020)

Log Message

Merge r257407 - Nullptr crash in CompositeEditCommand::splitTreeToNode
https://bugs.webkit.org/show_bug.cgi?id=208039
<rdar://problem/52011355>

Patch by Jack Lee <[email protected]> on 2020-02-25
Reviewed by Ryosuke Niwa.

When inserting a list (InsertListCommand) around orphaned list items, if unordered list is not editable, skip moving list items in function fixOrphanedListChild.

Source/WebCore:

Test: fast/lists/insert-list-user-modify-read-only-orphaned-li.html

* editing/InsertListCommand.cpp:
(WebCore::InsertListCommand::fixOrphanedListChild):
(WebCore::InsertListCommand::doApplyForSingleParagraph):
* editing/InsertListCommand.h:

LayoutTests:

* fast/lists/insert-list-user-modify-read-only-orphaned-li-expected.txt: Added.
* fast/lists/insert-list-user-modify-read-only-orphaned-li.html: Added.

Modified Paths

Added Paths

Diff

Modified: releases/WebKitGTK/webkit-2.28/LayoutTests/ChangeLog (257459 => 257460)


--- releases/WebKitGTK/webkit-2.28/LayoutTests/ChangeLog	2020-02-26 10:58:23 UTC (rev 257459)
+++ releases/WebKitGTK/webkit-2.28/LayoutTests/ChangeLog	2020-02-26 10:58:29 UTC (rev 257460)
@@ -1,3 +1,16 @@
+2020-02-25  Jack Lee  <[email protected]>
+
+        Nullptr crash in CompositeEditCommand::splitTreeToNode
+        https://bugs.webkit.org/show_bug.cgi?id=208039
+        <rdar://problem/52011355>
+
+        Reviewed by Ryosuke Niwa.
+
+        When inserting a list (InsertListCommand) around orphaned list items, if unordered list is not editable, skip moving list items in function fixOrphanedListChild. 
+
+        * fast/lists/insert-list-user-modify-read-only-orphaned-li-expected.txt: Added.
+        * fast/lists/insert-list-user-modify-read-only-orphaned-li.html: Added.
+
 2020-02-21  Simon Fraser  <[email protected]>
 
         [Web Animations] Repeated animations on pseudo elements will fail to run after a while

Added: releases/WebKitGTK/webkit-2.28/LayoutTests/fast/lists/insert-list-user-modify-read-only-orphaned-li-expected.txt (0 => 257460)


--- releases/WebKitGTK/webkit-2.28/LayoutTests/fast/lists/insert-list-user-modify-read-only-orphaned-li-expected.txt	                        (rev 0)
+++ releases/WebKitGTK/webkit-2.28/LayoutTests/fast/lists/insert-list-user-modify-read-only-orphaned-li-expected.txt	2020-02-26 10:58:29 UTC (rev 257460)
@@ -0,0 +1 @@
+Tests inserting ol when user-modify is read-only, with an orphaned li. The test passes if WebKit doesn't crash or hit an assertion.

Added: releases/WebKitGTK/webkit-2.28/LayoutTests/fast/lists/insert-list-user-modify-read-only-orphaned-li.html (0 => 257460)


--- releases/WebKitGTK/webkit-2.28/LayoutTests/fast/lists/insert-list-user-modify-read-only-orphaned-li.html	                        (rev 0)
+++ releases/WebKitGTK/webkit-2.28/LayoutTests/fast/lists/insert-list-user-modify-read-only-orphaned-li.html	2020-02-26 10:58:29 UTC (rev 257460)
@@ -0,0 +1,13 @@
+<style>
+dir { -webkit-user-modify: read-write; }
+ul { -webkit-user-modify: read-only;}
+</style>
+<script>
+    if (window.testRunner)
+        testRunner.dumpAsText();
+    _onload_ = function fun() {
+        window.getSelection().setBaseAndExtent(LI,0,LI,0);
+        document.execCommand("insertOrderedList", false);
+    }
+</script>
+<body><dir><li id=LI><span>Tests inserting ol when user-modify is read-only, with an orphaned li. The test passes if WebKit doesn't crash or hit an assertion.</span>

Modified: releases/WebKitGTK/webkit-2.28/Source/WebCore/ChangeLog (257459 => 257460)


--- releases/WebKitGTK/webkit-2.28/Source/WebCore/ChangeLog	2020-02-26 10:58:23 UTC (rev 257459)
+++ releases/WebKitGTK/webkit-2.28/Source/WebCore/ChangeLog	2020-02-26 10:58:29 UTC (rev 257460)
@@ -1,3 +1,20 @@
+2020-02-25  Jack Lee  <[email protected]>
+
+        Nullptr crash in CompositeEditCommand::splitTreeToNode
+        https://bugs.webkit.org/show_bug.cgi?id=208039
+        <rdar://problem/52011355>
+
+        Reviewed by Ryosuke Niwa.
+
+        When inserting a list (InsertListCommand) around orphaned list items, if unordered list is not editable, skip moving list items in function fixOrphanedListChild. 
+
+        Test: fast/lists/insert-list-user-modify-read-only-orphaned-li.html
+
+        * editing/InsertListCommand.cpp:
+        (WebCore::InsertListCommand::fixOrphanedListChild):
+        (WebCore::InsertListCommand::doApplyForSingleParagraph):
+        * editing/InsertListCommand.h:
+
 2020-02-25  Sihui Liu  <[email protected]>
 
         Assertion failed: currentSchema == createV1ObjectStoreInfoSchema(objectStoreInfoTableName) || currentSchema == createV1ObjectStoreInfoSchema(objectStoreInfoTableNameAlternate)

Modified: releases/WebKitGTK/webkit-2.28/Source/WebCore/editing/InsertListCommand.cpp (257459 => 257460)


--- releases/WebKitGTK/webkit-2.28/Source/WebCore/editing/InsertListCommand.cpp	2020-02-26 10:58:23 UTC (rev 257459)
+++ releases/WebKitGTK/webkit-2.28/Source/WebCore/editing/InsertListCommand.cpp	2020-02-26 10:58:29 UTC (rev 257460)
@@ -54,14 +54,17 @@
     return insertCommand->m_listElement;
 }
 
-HTMLElement& InsertListCommand::fixOrphanedListChild(Node& node)
+HTMLElement* InsertListCommand::fixOrphanedListChild(Node& node)
 {
     auto listElement = HTMLUListElement::create(document());
     insertNodeBefore(listElement.copyRef(), node);
+    if (!listElement->hasEditableStyle())
+        return nullptr;
+
     removeNode(node);
     appendNode(node, listElement.copyRef());
     m_listElement = WTFMove(listElement);
-    return *m_listElement;
+    return m_listElement.get();
 }
 
 Ref<HTMLElement> InsertListCommand::mergeWithNeighboringLists(HTMLElement& list)
@@ -206,9 +209,14 @@
     if (listChildNode) {
         // Remove the list chlild.
         RefPtr<HTMLElement> listNode = enclosingList(listChildNode);
-        if (!listNode)
-            listNode = mergeWithNeighboringLists(fixOrphanedListChild(*listChildNode));
+        if (!listNode) {
+            RefPtr<HTMLElement> listElement = fixOrphanedListChild(*listChildNode);
+            if (!listElement)
+                return;
 
+            listNode = mergeWithNeighboringLists(*listElement);
+        }
+        
         if (!listNode->hasTagName(listTag)) {
             // listChildNode will be removed from the list and a list of type m_type will be created.
             switchListType = true;

Modified: releases/WebKitGTK/webkit-2.28/Source/WebCore/editing/InsertListCommand.h (257459 => 257460)


--- releases/WebKitGTK/webkit-2.28/Source/WebCore/editing/InsertListCommand.h	2020-02-26 10:58:23 UTC (rev 257459)
+++ releases/WebKitGTK/webkit-2.28/Source/WebCore/editing/InsertListCommand.h	2020-02-26 10:58:29 UTC (rev 257460)
@@ -51,7 +51,7 @@
     void doApply() final;
     EditAction editingAction() const final;
 
-    HTMLElement& fixOrphanedListChild(Node&);
+    HTMLElement* fixOrphanedListChild(Node&);
     bool selectionHasListOfType(const VisibleSelection& selection, const QualifiedName&);
     Ref<HTMLElement> mergeWithNeighboringLists(HTMLElement&);
     void doApplyForSingleParagraph(bool forceCreateList, const HTMLQualifiedName&, Range* currentSelection);

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to