Title: [112630] branches/chromium/1025
- Revision
- 112630
- Author
- [email protected]
- Date
- 2012-03-29 18:22:17 -0700 (Thu, 29 Mar 2012)
Log Message
Merge 112012
BUG=119525
Review URL: https://chromiumcodereview.appspot.com/9958002
Modified Paths
Added Paths
Diff
Copied: branches/chromium/1025/LayoutTests/editing/execCommand/apply-style-command-crash-expected.txt (from rev 112012, trunk/LayoutTests/editing/execCommand/apply-style-command-crash-expected.txt) (0 => 112630)
--- branches/chromium/1025/LayoutTests/editing/execCommand/apply-style-command-crash-expected.txt (rev 0)
+++ branches/chromium/1025/LayoutTests/editing/execCommand/apply-style-command-crash-expected.txt 2012-03-30 01:22:17 UTC (rev 112630)
@@ -0,0 +1 @@
+PASS. WebKit didn't crash
Copied: branches/chromium/1025/LayoutTests/editing/execCommand/apply-style-command-crash.html (from rev 112012, trunk/LayoutTests/editing/execCommand/apply-style-command-crash.html) (0 => 112630)
--- branches/chromium/1025/LayoutTests/editing/execCommand/apply-style-command-crash.html (rev 0)
+++ branches/chromium/1025/LayoutTests/editing/execCommand/apply-style-command-crash.html 2012-03-30 01:22:17 UTC (rev 112630)
@@ -0,0 +1,34 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script>
+if (window.layoutTestController) {
+ layoutTestController.dumpAsText();
+ layoutTestController.waitUntilDone();
+}
+
+_onload_ = function() {
+ x.innerHTML += '';
+}
+
+setTimeout(function() {
+ document.designMode = 'on';
+ document.execCommand('selectall');
+ document.execCommand('bold');
+ document.body.offsetTop;
+ document.body.innerHTML = "PASS. WebKit didn't crash";
+ if (window.layoutTestController)
+ layoutTestController.notifyDone();
+}, 0)
+</script>
+</head>
+<body>
+<div id="x">
+<iframe src=""
+<div>
+<input></input>
+</div>
+</ul>
+</body>
+</html>
+
Modified: branches/chromium/1025/Source/WebCore/editing/ApplyStyleCommand.cpp (112629 => 112630)
--- branches/chromium/1025/Source/WebCore/editing/ApplyStyleCommand.cpp 2012-03-30 01:17:38 UTC (rev 112629)
+++ branches/chromium/1025/Source/WebCore/editing/ApplyStyleCommand.cpp 2012-03-30 01:22:17 UTC (rev 112630)
@@ -707,12 +707,13 @@
return false;
}
-void ApplyStyleCommand::applyInlineStyleToNodeRange(EditingStyle* style, Node* node, Node* pastEndNode)
+void ApplyStyleCommand::applyInlineStyleToNodeRange(EditingStyle* style, PassRefPtr<Node> startNode, PassRefPtr<Node> pastEndNode)
{
if (m_removeOnly)
return;
- for (RefPtr<Node> next; node && node != pastEndNode; node = next.get()) {
+ RefPtr<Node> node = startNode;
+ for (RefPtr<Node> next; node && node != pastEndNode; node = next) {
next = node->traverseNextNode();
if (!node->renderer() || !node->rendererIsEditable())
@@ -722,10 +723,10 @@
// This is a plaintext-only region. Only proceed if it's fully selected.
// pastEndNode is the node after the last fully selected node, so if it's inside node then
// node isn't fully selected.
- if (pastEndNode && pastEndNode->isDescendantOf(node))
+ if (pastEndNode && pastEndNode->isDescendantOf(node.get()))
break;
// Add to this element's inline style and skip over its contents.
- HTMLElement* element = toHTMLElement(node);
+ HTMLElement* element = toHTMLElement(node.get());
RefPtr<CSSMutableStyleDeclaration> inlineStyle = element->ensureInlineStyleDecl()->copy();
inlineStyle->merge(style->style());
setNodeAttribute(element, styleAttr, inlineStyle->asText());
@@ -733,13 +734,13 @@
continue;
}
- if (isBlock(node))
+ if (isBlock(node.get()))
continue;
if (node->childNodeCount()) {
- if (node->contains(pastEndNode) || containsNonEditableRegion(node) || !node->parentNode()->rendererIsEditable())
+ if (node->contains(pastEndNode.get()) || containsNonEditableRegion(node.get()) || !node->parentNode()->rendererIsEditable())
continue;
- if (editingIgnoresContent(node)) {
+ if (editingIgnoresContent(node.get())) {
next = node->traverseNextSibling();
continue;
}
@@ -748,7 +749,7 @@
RefPtr<Node> runStart = node;
RefPtr<Node> runEnd = node;
Node* sibling = node->nextSibling();
- while (sibling && sibling != pastEndNode && !sibling->contains(pastEndNode)
+ while (sibling && sibling != pastEndNode && !sibling->contains(pastEndNode.get())
&& (!isBlock(sibling) || sibling->hasTagName(brTag))
&& !containsNonEditableRegion(sibling)) {
runEnd = sibling;
Modified: branches/chromium/1025/Source/WebCore/editing/ApplyStyleCommand.h (112629 => 112630)
--- branches/chromium/1025/Source/WebCore/editing/ApplyStyleCommand.h 2012-03-30 01:17:38 UTC (rev 112629)
+++ branches/chromium/1025/Source/WebCore/editing/ApplyStyleCommand.h 2012-03-30 01:22:17 UTC (rev 112630)
@@ -94,7 +94,7 @@
void applyRelativeFontStyleChange(EditingStyle*);
void applyInlineStyle(EditingStyle*);
void fixRangeAndApplyInlineStyle(EditingStyle*, const Position& start, const Position& end);
- void applyInlineStyleToNodeRange(EditingStyle*, Node* startNode, Node* pastEndNode);
+ void applyInlineStyleToNodeRange(EditingStyle*, PassRefPtr<Node> startNode, PassRefPtr<Node> pastEndNode);
void addBlockStyle(const StyleChange&, HTMLElement*);
void addInlineStyleIfNeeded(EditingStyle*, PassRefPtr<Node> start, PassRefPtr<Node> end, EAddStyledElement = AddStyledElement);
void splitTextAtStart(const Position& start, const Position& end);
_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes
