Title: [105665] trunk
- Revision
- 105665
- Author
- [email protected]
- Date
- 2012-01-23 17:21:42 -0800 (Mon, 23 Jan 2012)
Log Message
Fix crash when a focused node is removed while in processing focusin event.
https://bugs.webkit.org/show_bug.cgi?id=76656
Reviewed by Dimitri Glazkov.
Source/WebCore:
Test: fast/events/focus-remove-focuesed-node.html
* dom/Document.cpp:
(WebCore::Document::setFocusedNode):
LayoutTests:
* fast/events/focus-remove-focuesed-node-expected.txt: Added.
* fast/events/focus-remove-focuesed-node.html: Added.
Modified Paths
Added Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (105664 => 105665)
--- trunk/LayoutTests/ChangeLog 2012-01-24 01:16:15 UTC (rev 105664)
+++ trunk/LayoutTests/ChangeLog 2012-01-24 01:21:42 UTC (rev 105665)
@@ -1,3 +1,13 @@
+2012-01-23 Hayato Ito <[email protected]>
+
+ Fix crash when a focused node is removed while in processing focusin event.
+ https://bugs.webkit.org/show_bug.cgi?id=76656
+
+ Reviewed by Dimitri Glazkov.
+
+ * fast/events/focus-remove-focuesed-node-expected.txt: Added.
+ * fast/events/focus-remove-focuesed-node.html: Added.
+
2012-01-23 Andrew Scherkus <[email protected]>
Switch media/audio-data-url.html layout test to base64-encoded WAV data.
Added: trunk/LayoutTests/fast/events/focus-remove-focuesed-node-expected.txt (0 => 105665)
--- trunk/LayoutTests/fast/events/focus-remove-focuesed-node-expected.txt (rev 0)
+++ trunk/LayoutTests/fast/events/focus-remove-focuesed-node-expected.txt 2012-01-24 01:21:42 UTC (rev 105665)
@@ -0,0 +1,3 @@
+Test for making sure that a crash does not happen when a focused node is removed in processing focusin eventListner.
+
+
Added: trunk/LayoutTests/fast/events/focus-remove-focuesed-node.html (0 => 105665)
--- trunk/LayoutTests/fast/events/focus-remove-focuesed-node.html (rev 0)
+++ trunk/LayoutTests/fast/events/focus-remove-focuesed-node.html 2012-01-24 01:21:42 UTC (rev 105665)
@@ -0,0 +1,25 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script>
+function focusinListener(evt) {
+ try {
+ this.parentNode.removeChild(this);
+ } catch(e) {
+ }
+}
+
+function test() {
+ if (window.layoutTestController)
+ window.layoutTestController.dumpAsText();
+ document.getElementById("a").addEventListener('focusin', focusinListener , false);
+ document.getElementById("a").focus();
+}
+</script>
+</head>
+<body _onload_="test();">
+<p>Test for making sure that a crash does not happen when a focused node is removed in processing focusin eventListner.</p>
+<pre id="console"></pre>
+<h1 tabindex="0" id="a" ></h1>
+</body>
+</html>
Modified: trunk/Source/WebCore/ChangeLog (105664 => 105665)
--- trunk/Source/WebCore/ChangeLog 2012-01-24 01:16:15 UTC (rev 105664)
+++ trunk/Source/WebCore/ChangeLog 2012-01-24 01:21:42 UTC (rev 105665)
@@ -1,3 +1,15 @@
+2012-01-23 Hayato Ito <[email protected]>
+
+ Fix crash when a focused node is removed while in processing focusin event.
+ https://bugs.webkit.org/show_bug.cgi?id=76656
+
+ Reviewed by Dimitri Glazkov.
+
+ Test: fast/events/focus-remove-focuesed-node.html
+
+ * dom/Document.cpp:
+ (WebCore::Document::setFocusedNode):
+
2012-01-23 David Levin <[email protected]>
[windows] Convert usages of GetDC to HWndDC Part 1.
Modified: trunk/Source/WebCore/dom/Document.cpp (105664 => 105665)
--- trunk/Source/WebCore/dom/Document.cpp 2012-01-24 01:16:15 UTC (rev 105664)
+++ trunk/Source/WebCore/dom/Document.cpp 2012-01-24 01:21:42 UTC (rev 105665)
@@ -3444,6 +3444,13 @@
}
m_focusedNode->dispatchFocusInEvent(eventNames().focusinEvent, oldFocusedNode); // DOM level 3 bubbling focus event.
+
+ if (m_focusedNode != newFocusedNode) {
+ // handler shifted focus
+ focusChangeBlocked = true;
+ goto SetFocusedNodeDone;
+ }
+
// FIXME: We should remove firing DOMFocusInEvent event when we are sure no content depends
// on it, probably when <rdar://problem/8503958> is m.
m_focusedNode->dispatchFocusInEvent(eventNames().DOMFocusInEvent, oldFocusedNode); // DOM level 2 for compatibility.
_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes
