Title: [288278] releases/WebKitGTK/webkit-2.34
- Revision
- 288278
- Author
- ape...@igalia.com
- Date
- 2022-01-20 04:37:46 -0800 (Thu, 20 Jan 2022)
Log Message
Merge r286553 - Null check in shouldUseBreakElement
https://bugs.webkit.org/show_bug.cgi?id=229275
Patch by Rob Buis <rb...@igalia.com> on 2021-12-06
Reviewed by Ryosuke Niwa.
Source/WebCore:
Need to null check node in shouldUseBreakElement.
Also bail out early in InsertLineBreakCommand::doApply
in case position is not editable.
Test: editing/execCommand/insert-line-break-crash.html
* editing/InsertLineBreakCommand.cpp:
(WebCore::InsertLineBreakCommand::shouldUseBreakElement):
(WebCore::InsertLineBreakCommand::doApply):
LayoutTests:
* editing/execCommand/insert-line-break-crash-expected.txt: Added.
* editing/execCommand/insert-line-break-crash.html: Added.
Modified Paths
Added Paths
Diff
Modified: releases/WebKitGTK/webkit-2.34/LayoutTests/ChangeLog (288277 => 288278)
--- releases/WebKitGTK/webkit-2.34/LayoutTests/ChangeLog 2022-01-20 12:37:38 UTC (rev 288277)
+++ releases/WebKitGTK/webkit-2.34/LayoutTests/ChangeLog 2022-01-20 12:37:46 UTC (rev 288278)
@@ -1,3 +1,13 @@
+2021-12-06 Rob Buis <rb...@igalia.com>
+
+ Null check in shouldUseBreakElement
+ https://bugs.webkit.org/show_bug.cgi?id=229275
+
+ Reviewed by Ryosuke Niwa.
+
+ * editing/execCommand/insert-line-break-crash-expected.txt: Added.
+ * editing/execCommand/insert-line-break-crash.html: Added.
+
2021-12-04 Rob Buis <rb...@igalia.com>
Fix parentNode in CompositeEditCommand::splitTreeToNode
Added: releases/WebKitGTK/webkit-2.34/LayoutTests/editing/execCommand/insert-line-break-crash-expected.txt (0 => 288278)
--- releases/WebKitGTK/webkit-2.34/LayoutTests/editing/execCommand/insert-line-break-crash-expected.txt (rev 0)
+++ releases/WebKitGTK/webkit-2.34/LayoutTests/editing/execCommand/insert-line-break-crash-expected.txt 2022-01-20 12:37:46 UTC (rev 288278)
@@ -0,0 +1 @@
+Test passes if it does not crash.
Added: releases/WebKitGTK/webkit-2.34/LayoutTests/editing/execCommand/insert-line-break-crash.html (0 => 288278)
--- releases/WebKitGTK/webkit-2.34/LayoutTests/editing/execCommand/insert-line-break-crash.html (rev 0)
+++ releases/WebKitGTK/webkit-2.34/LayoutTests/editing/execCommand/insert-line-break-crash.html 2022-01-20 12:37:46 UTC (rev 288278)
@@ -0,0 +1,22 @@
+<script>
+ if (window.testRunner)
+ window.testRunner.dumpAsText();
+ _onload_ = () => {
+ document.designMode = 'on';
+ document.execCommand('SelectAll');
+ getSelection().modify('move', 'right', 'word');
+ queueMicrotask(() => {
+ document.execCommand('Delete');
+ document.write("Test passes if it does not crash.");
+ });
+ document.execCommand('InsertLineBreak');
+ };
+</script>
+<body>
+ <a href=""
+ <b>
+ <iframe></iframe>
+ <input></input>
+ </b>
+ </a>
+</body>
Modified: releases/WebKitGTK/webkit-2.34/Source/WebCore/ChangeLog (288277 => 288278)
--- releases/WebKitGTK/webkit-2.34/Source/WebCore/ChangeLog 2022-01-20 12:37:38 UTC (rev 288277)
+++ releases/WebKitGTK/webkit-2.34/Source/WebCore/ChangeLog 2022-01-20 12:37:46 UTC (rev 288278)
@@ -1,3 +1,20 @@
+2021-12-06 Rob Buis <rb...@igalia.com>
+
+ Null check in shouldUseBreakElement
+ https://bugs.webkit.org/show_bug.cgi?id=229275
+
+ Reviewed by Ryosuke Niwa.
+
+ Need to null check node in shouldUseBreakElement.
+ Also bail out early in InsertLineBreakCommand::doApply
+ in case position is not editable.
+
+ Test: editing/execCommand/insert-line-break-crash.html
+
+ * editing/InsertLineBreakCommand.cpp:
+ (WebCore::InsertLineBreakCommand::shouldUseBreakElement):
+ (WebCore::InsertLineBreakCommand::doApply):
+
2021-12-04 Rob Buis <rb...@igalia.com>
Fix parentNode in CompositeEditCommand::splitTreeToNode
Modified: releases/WebKitGTK/webkit-2.34/Source/WebCore/editing/InsertLineBreakCommand.cpp (288277 => 288278)
--- releases/WebKitGTK/webkit-2.34/Source/WebCore/editing/InsertLineBreakCommand.cpp 2022-01-20 12:37:38 UTC (rev 288277)
+++ releases/WebKitGTK/webkit-2.34/Source/WebCore/editing/InsertLineBreakCommand.cpp 2022-01-20 12:37:46 UTC (rev 288278)
@@ -60,7 +60,7 @@
// the input element, and in that case we need to check the input element's
// parent's renderer.
auto* node = position.parentAnchoredEquivalent().deprecatedNode();
- return node->renderer() && !node->renderer()->style().preserveNewline();
+ return node && node->renderer() && !node->renderer()->style().preserveNewline();
}
void InsertLineBreakCommand::doApply()
@@ -81,6 +81,9 @@
position = positionAvoidingSpecialElementBoundary(position);
position = positionOutsideTabSpan(position);
+ if (!isEditablePosition(position))
+ return;
+
RefPtr<Node> nodeToInsert;
if (shouldUseBreakElement(position))
nodeToInsert = HTMLBRElement::create(document());
@@ -91,7 +94,7 @@
if (isEndOfParagraph(caret) && !lineBreakExistsAtVisiblePosition(caret)) {
bool needExtraLineBreak = !is<HTMLHRElement>(*position.deprecatedNode()) && !is<HTMLTableElement>(*position.deprecatedNode());
-
+
insertNodeAt(*nodeToInsert, position);
if (needExtraLineBreak)
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
