Title: [260207] trunk
- Revision
- 260207
- Author
- [email protected]
- Date
- 2020-04-16 11:42:36 -0700 (Thu, 16 Apr 2020)
Log Message
ASSERTION FAILED: candidate.isCandidate() in WebCore::canonicalizeCandidate
https://bugs.webkit.org/show_bug.cgi?id=130844
<rdar://59535009>
Reviewed by Geoffrey Garen.
Source/WebCore:
Call Position::isCandidate() in PositionIterator::isCandidate so behavior of
candidate search become identical in both classes.
Test: editing/inserting/insert-in-br.html
* dom/PositionIterator.cpp:
(WebCore::PositionIterator::isCandidate const):
LayoutTests:
* editing/inserting/insert-in-br-expected.txt: Added.
* editing/inserting/insert-in-br.html: Added.
Added a regression test for the crash.
* editing/inserting/insert-list-in-table-cell-07-expected.txt:
Update node tree in expected text file due to behavior change in function
PositionIterator::isCandidate. The visual result remains the same.
Modified Paths
Added Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (260206 => 260207)
--- trunk/LayoutTests/ChangeLog 2020-04-16 18:38:22 UTC (rev 260206)
+++ trunk/LayoutTests/ChangeLog 2020-04-16 18:42:36 UTC (rev 260207)
@@ -1,3 +1,19 @@
+2020-04-16 Jack Lee <[email protected]>
+
+ ASSERTION FAILED: candidate.isCandidate() in WebCore::canonicalizeCandidate
+ https://bugs.webkit.org/show_bug.cgi?id=130844
+ <rdar://59535009>
+
+ Reviewed by Geoffrey Garen.
+
+ * editing/inserting/insert-in-br-expected.txt: Added.
+ * editing/inserting/insert-in-br.html: Added.
+ Added a regression test for the crash.
+
+ * editing/inserting/insert-list-in-table-cell-07-expected.txt:
+ Update node tree in expected text file due to behavior change in function
+ PositionIterator::isCandidate. The visual result remains the same.
+
2020-04-16 Chris Fleizach <[email protected]>
AX: Need method for setting selected range from NSRange
Added: trunk/LayoutTests/editing/inserting/insert-in-br-expected.txt (0 => 260207)
--- trunk/LayoutTests/editing/inserting/insert-in-br-expected.txt (rev 0)
+++ trunk/LayoutTests/editing/inserting/insert-in-br-expected.txt 2020-04-16 18:42:36 UTC (rev 260207)
@@ -0,0 +1 @@
+Tests inserting elements in br. The test passes if WebKit doesn't crash or hit an assertion.
Added: trunk/LayoutTests/editing/inserting/insert-in-br.html (0 => 260207)
--- trunk/LayoutTests/editing/inserting/insert-in-br.html (rev 0)
+++ trunk/LayoutTests/editing/inserting/insert-in-br.html 2020-04-16 18:42:36 UTC (rev 260207)
@@ -0,0 +1,10 @@
+<br id="id_0"><bdo id="id_1" contentEditable>
+<script>
+ var parent = document.getElementById('id_0')
+ parent.appendChild(document.createElement('svg_desc'))
+ parent = document.getElementById('id_1')
+ parent.focus()
+ document.body.innerText = "Tests inserting elements in br. The test passes if WebKit doesn't crash or hit an assertion.";
+ if (window.testRunner)
+ testRunner.dumpAsText();
+</script>
Modified: trunk/LayoutTests/editing/inserting/insert-list-in-table-cell-07-expected.txt (260206 => 260207)
--- trunk/LayoutTests/editing/inserting/insert-list-in-table-cell-07-expected.txt 2020-04-16 18:38:22 UTC (rev 260206)
+++ trunk/LayoutTests/editing/inserting/insert-list-in-table-cell-07-expected.txt 2020-04-16 18:42:36 UTC (rev 260207)
@@ -1,6 +1,7 @@
Exec insertOrderedList twice in all the cells of a table removes the previously inserted list items:
Before:
+| <#selection-focus>
| <table>
| border="1"
| <tbody>
@@ -7,7 +8,8 @@
| id="element"
| <tr>
| <td>
-| "<#selection-anchor>fsdf"
+| <#selection-anchor>
+| "fsdf"
| <td>
| "fsdf"
| <tr>
@@ -16,9 +18,9 @@
| <td>
| "fsfg"
| <tbody>
-| <#selection-focus>
After:
+| <#selection-caret>
| <table>
| border="1"
| <tbody>
@@ -25,16 +27,11 @@
| id="element"
| <tr>
| <td>
-| "<#selection-anchor>fsdf"
-| <br>
+| "fsdf"
| <td>
| "fsdf"
-| <br>
| <tr>
| <td>
| "gghfg"
-| <br>
| <td>
-| "fsfg<#selection-focus>"
-| <br>
-| <tbody>
+| "fsfg"
Modified: trunk/Source/WebCore/ChangeLog (260206 => 260207)
--- trunk/Source/WebCore/ChangeLog 2020-04-16 18:38:22 UTC (rev 260206)
+++ trunk/Source/WebCore/ChangeLog 2020-04-16 18:42:36 UTC (rev 260207)
@@ -1,3 +1,19 @@
+2020-04-16 Jack Lee <[email protected]>
+
+ ASSERTION FAILED: candidate.isCandidate() in WebCore::canonicalizeCandidate
+ https://bugs.webkit.org/show_bug.cgi?id=130844
+ <rdar://59535009>
+
+ Reviewed by Geoffrey Garen.
+
+ Call Position::isCandidate() in PositionIterator::isCandidate so behavior of
+ candidate search become identical in both classes.
+
+ Test: editing/inserting/insert-in-br.html
+
+ * dom/PositionIterator.cpp:
+ (WebCore::PositionIterator::isCandidate const):
+
2020-04-16 Rob Buis <[email protected]>
Remove outdated comment from FrameLoader
Modified: trunk/Source/WebCore/dom/PositionIterator.cpp (260206 => 260207)
--- trunk/Source/WebCore/dom/PositionIterator.cpp 2020-04-16 18:38:22 UTC (rev 260206)
+++ trunk/Source/WebCore/dom/PositionIterator.cpp 2020-04-16 18:42:36 UTC (rev 260207)
@@ -145,35 +145,7 @@
bool PositionIterator::isCandidate() const
{
- if (!m_anchorNode)
- return false;
-
- RenderObject* renderer = m_anchorNode->renderer();
- if (!renderer)
- return false;
-
- if (renderer->style().visibility() != Visibility::Visible)
- return false;
-
- if (renderer->isBR())
- return !m_offsetInAnchor && !Position::nodeIsUserSelectNone(m_anchorNode->parentNode());
-
- if (is<RenderText>(*renderer))
- return !Position::nodeIsUserSelectNone(m_anchorNode) && downcast<RenderText>(*renderer).containsCaretOffset(m_offsetInAnchor);
-
- if (isRenderedTable(m_anchorNode) || editingIgnoresContent(*m_anchorNode))
- return (atStartOfNode() || atEndOfNode()) && !Position::nodeIsUserSelectNone(m_anchorNode->parentNode());
-
- if (!is<HTMLHtmlElement>(*m_anchorNode) && is<RenderBlockFlow>(*renderer)) {
- RenderBlockFlow& block = downcast<RenderBlockFlow>(*renderer);
- if (block.logicalHeight() || is<HTMLBodyElement>(*m_anchorNode)) {
- if (!Position::hasRenderedNonAnonymousDescendantsWithHeight(block))
- return atStartOfNode() && !Position::nodeIsUserSelectNone(m_anchorNode);
- return m_anchorNode->hasEditableStyle() && !Position::nodeIsUserSelectNone(m_anchorNode) && Position(*this).atEditingBoundary();
- }
- }
-
- return false;
+ return m_anchorNode ? Position(*this).isCandidate() : false;
}
} // namespace WebCore
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
