[webkit-changes] [109365] branches/chromium/963

Thu, 01 Mar 2012 10:44:10 -0800

Title: [109365] branches/chromium/963

Diff

Copied: branches/chromium/963/LayoutTests/editing/execCommand/applyblockelement-visiblepositionforindex-crash-expected.txt (from rev 108009, trunk/LayoutTests/editing/execCommand/applyblockelement-visiblepositionforindex-crash-expected.txt) (0 => 109365)


--- branches/chromium/963/LayoutTests/editing/execCommand/applyblockelement-visiblepositionforindex-crash-expected.txt	                        (rev 0)
+++ branches/chromium/963/LayoutTests/editing/execCommand/applyblockelement-visiblepositionforindex-crash-expected.txt	2012-03-01 18:43:56 UTC (rev 109365)
@@ -0,0 +1 @@
+PASS. WebKit didn't crash.

Copied: branches/chromium/963/LayoutTests/editing/execCommand/applyblockelement-visiblepositionforindex-crash.html (from rev 108009, trunk/LayoutTests/editing/execCommand/applyblockelement-visiblepositionforindex-crash.html) (0 => 109365)


--- branches/chromium/963/LayoutTests/editing/execCommand/applyblockelement-visiblepositionforindex-crash.html	                        (rev 0)
+++ branches/chromium/963/LayoutTests/editing/execCommand/applyblockelement-visiblepositionforindex-crash.html	2012-03-01 18:43:56 UTC (rev 109365)
@@ -0,0 +1,24 @@
+<script>
+
+if (window.layoutTestController)
+    layoutTestController.dumpAsText();
+
+function runTest() {
+    window.getSelection().setBaseAndExtent(start, 0, null, 0);
+    document.execCommand("Indent");
+    document.body.innerHTML = "PASS. WebKit didn't crash.";
+}
+</script>
+<body _onload_="runTest();">
+  <defs contenteditable="true" id="start">
+  <rt id="rt">A
+
+<script>
+document.write("text");
+try {
+    elem = document.getElementById("rt");
+    var new_elem = document.createElement("ruby");
+    new_elem.innerHTML = elem.innerHTML;
+    elem.parentNode.insertBefore(new_elem, elem);
+} catch (e) {}
+</script>

Modified: branches/chromium/963/Source/WebCore/editing/ApplyBlockElementCommand.cpp (109364 => 109365)


--- branches/chromium/963/Source/WebCore/editing/ApplyBlockElementCommand.cpp	2012-03-01 18:26:51 UTC (rev 109364)
+++ branches/chromium/963/Source/WebCore/editing/ApplyBlockElementCommand.cpp	2012-03-01 18:43:56 UTC (rev 109365)
@@ -80,10 +80,10 @@
     VisiblePosition endOfSelection = selection.visibleEnd();
     ASSERT(!startOfSelection.isNull());
     ASSERT(!endOfSelection.isNull());
-    Element* startScope = 0;
-    int startIndex = indexForVisiblePosition(startOfSelection, &startScope);
-    Element* endScope = 0;
-    int endIndex = indexForVisiblePosition(endOfSelection, &endScope);
+    RefPtr<Element> startScope;
+    int startIndex = indexForVisiblePosition(startOfSelection, startScope);
+    RefPtr<Element> endScope;
+    int endIndex = indexForVisiblePosition(endOfSelection, endScope);
 
     formatSelection(startOfSelection, endOfSelection);
 
@@ -93,8 +93,8 @@
     ASSERT(startIndex >= 0);
     ASSERT(startIndex <= endIndex);
     if (startScope == endScope && startIndex >= 0 && startIndex <= endIndex) {
-        VisiblePosition start(visiblePositionForIndex(startIndex, startScope));
-        VisiblePosition end(visiblePositionForIndex(endIndex, endScope));
+        VisiblePosition start(visiblePositionForIndex(startIndex, startScope.get()));
+        VisiblePosition end(visiblePositionForIndex(endIndex, endScope.get()));
         if (start.isNotNull() && end.isNotNull())
             setEndingSelection(VisibleSelection(start, end, endingSelection().isDirectional()));
     }

Modified: branches/chromium/963/Source/WebCore/editing/InsertListCommand.cpp (109364 => 109365)


--- branches/chromium/963/Source/WebCore/editing/InsertListCommand.cpp	2012-03-01 18:26:51 UTC (rev 109364)
+++ branches/chromium/963/Source/WebCore/editing/InsertListCommand.cpp	2012-03-01 18:43:56 UTC (rev 109365)
@@ -152,11 +152,11 @@
                 // FIXME: This is an inefficient way to keep selection alive because indexForVisiblePosition walks from
                 // the beginning of the document to the endOfSelection everytime this code is executed.
                 // But not using index is hard because there are so many ways we can lose selection inside doApplyForSingleParagraph.
-                Element* scope = 0;
-                int indexForEndOfSelection = indexForVisiblePosition(endOfSelection, &scope);
+                RefPtr<Element> scope;
+                int indexForEndOfSelection = indexForVisiblePosition(endOfSelection, scope);
                 doApplyForSingleParagraph(forceCreateList, listTag, currentSelection.get());
                 if (endOfSelection.isNull() || endOfSelection.isOrphan() || startOfLastParagraph.isNull() || startOfLastParagraph.isOrphan()) {
-                    endOfSelection = visiblePositionForIndex(indexForEndOfSelection, scope);
+                    endOfSelection = visiblePositionForIndex(indexForEndOfSelection, scope.get());
                     // If endOfSelection is null, then some contents have been deleted from the document.
                     // This should never happen and if it did, exit early immediately because we've lost the loop invariant.
                     ASSERT(endOfSelection.isNotNull());

Modified: branches/chromium/963/Source/WebCore/editing/htmlediting.cpp (109364 => 109365)


--- branches/chromium/963/Source/WebCore/editing/htmlediting.cpp	2012-03-01 18:26:51 UTC (rev 109364)
+++ branches/chromium/963/Source/WebCore/editing/htmlediting.cpp	2012-03-01 18:43:56 UTC (rev 109365)
@@ -1070,31 +1070,24 @@
 // opertion is unreliable. TextIterator's TextIteratorEmitsCharactersBetweenAllVisiblePositions mode needs to be fixed, 
 // or these functions need to be changed to iterate using actual VisiblePositions.
 // FIXME: Deploy these functions everywhere that TextIterators are used to convert between VisiblePositions and indices.
-int indexForVisiblePosition(const VisiblePosition& visiblePosition, Element **scope)
+int indexForVisiblePosition(const VisiblePosition& visiblePosition, RefPtr<Element>& scope)
 {
     if (visiblePosition.isNull())
         return 0;
-        
+
     Position p(visiblePosition.deepEquivalent());
     Document* document = p.anchorNode()->document();
-    
-    Element* root;
     Node* shadowRoot = p.anchorNode()->shadowTreeRootNode();
-    
+
     if (shadowRoot) {
         // Use the shadow root for form elements, since TextIterators will not enter shadow content.
         ASSERT(shadowRoot->isElementNode());
-        root = static_cast<Element*>(shadowRoot);
+        scope = static_cast<Element*>(shadowRoot);
     } else
-        root = document->documentElement();
-    
-    if (scope) {
-        ASSERT(!*scope);
-        *scope = root;
-    }
-    
-    RefPtr<Range> range = Range::create(document, firstPositionInNode(root), p.parentAnchoredEquivalent());
-    
+        scope = document->documentElement();
+
+    RefPtr<Range> range = Range::create(document, firstPositionInNode(scope.get()), p.parentAnchoredEquivalent());
+
     return TextIterator::rangeLength(range.get(), true);
 }

Modified: branches/chromium/963/Source/WebCore/editing/htmlediting.h (109364 => 109365)


--- branches/chromium/963/Source/WebCore/editing/htmlediting.h	2012-03-01 18:26:51 UTC (rev 109364)
+++ branches/chromium/963/Source/WebCore/editing/htmlediting.h	2012-03-01 18:43:56 UTC (rev 109365)
@@ -179,7 +179,7 @@
     
 int comparePositions(const VisiblePosition&, const VisiblePosition&);
 
-int indexForVisiblePosition(const VisiblePosition&, Element **scope);
+int indexForVisiblePosition(const VisiblePosition&, RefPtr<Element>& scope);
 VisiblePosition visiblePositionForIndex(int index, Element *scope);
 
 // -------------------------------------------------------------------------

_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes

Reply via email to