[webkit-changes] [119711] trunk

Thu, 07 Jun 2012 05:22:59 -0700

Title: [119711] trunk
Revision
119711
Author
shin...@chromium.org
Date
2012-06-07 05:22:40 -0700 (Thu, 07 Jun 2012)

Log Message

Delete a contenteditable element having a Shadow DOM causes a crash.
https://bugs.webkit.org/show_bug.cgi?id=86345

Reviewed by Ryosuke Niwa.

Source/WebCore:

In VisibleSelection::validate(), m_start.downstream() or m_end.upstream() might cross
editing boundaries. So we adjust selection after calling them again.

Test: editing/shadow/select-contenteditable-shadowhost.html

* editing/VisibleSelection.cpp:
(WebCore::VisibleSelection::validate):

LayoutTests:

* editing/shadow/select-contenteditable-shadowhost-expected.txt: Added.
* editing/shadow/select-contenteditable-shadowhost.html: Added.

Modified Paths

Added Paths

Diff

Modified: trunk/LayoutTests/ChangeLog (119710 => 119711)


--- trunk/LayoutTests/ChangeLog	2012-06-07 12:11:29 UTC (rev 119710)
+++ trunk/LayoutTests/ChangeLog	2012-06-07 12:22:40 UTC (rev 119711)
@@ -1,3 +1,13 @@
+2012-06-07  Shinya Kawanaka  <shin...@chromium.org>
+
+        Delete a contenteditable element having a Shadow DOM causes a crash.
+        https://bugs.webkit.org/show_bug.cgi?id=86345
+
+        Reviewed by Ryosuke Niwa.
+
+        * editing/shadow/select-contenteditable-shadowhost-expected.txt: Added.
+        * editing/shadow/select-contenteditable-shadowhost.html: Added.
+
 2012-06-07  Kinuko Yasuda  <kin...@chromium.org>
 
         Unreviewed rebaseline for r115582.

Added: trunk/LayoutTests/editing/shadow/select-contenteditable-shadowhost-expected.txt (0 => 119711)


--- trunk/LayoutTests/editing/shadow/select-contenteditable-shadowhost-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/editing/shadow/select-contenteditable-shadowhost-expected.txt	2012-06-07 12:22:40 UTC (rev 119711)
@@ -0,0 +1,17 @@
+This test confirms that selecting an element having Shadow DOM doesn't cross editing boundaries errornously.
+
+BEFORE
+AFTER
+Move mouse from BEFORE to HOST
+PASS selection.anchorNode is null
+PASS selection.focusNode is null
+PASS document.execCommand("delete") did not crash.
+
+Move mouse from AFTER to HOST
+PASS selection.anchorNode is null
+PASS selection.focusNode is null
+PASS document.execCommand("delete") did not crash.
+PASS successfullyParsed is true
+
+TEST COMPLETE
+

Added: trunk/LayoutTests/editing/shadow/select-contenteditable-shadowhost.html (0 => 119711)


--- trunk/LayoutTests/editing/shadow/select-contenteditable-shadowhost.html	                        (rev 0)
+++ trunk/LayoutTests/editing/shadow/select-contenteditable-shadowhost.html	2012-06-07 12:22:40 UTC (rev 119711)
@@ -0,0 +1,56 @@
+<!DOCTYPE html>
+<html>
+<body>
+<script src=""
+<script src=""
+<script src=""
+
+<p>This test confirms that selecting an element having Shadow DOM doesn't cross editing boundaries errornously.</p>
+
+<div>
+    <div id="before">BEFORE</div>
+    <div id="host" contenteditable>HOST</div>
+    <div id="after">AFTER</div>
+</div>
+
+<pre id="console"></pre>
+
+<script>
+
+var shadowRoot = new WebKitShadowRoot(host);
+shadowRoot.innerHTML = "SHADOW DOM";
+
+var selection = shadowRoot.getSelection();
+
+debug('Move mouse from BEFORE to HOST');
+
+mouseMoveToElem(before);
+eventSender.mouseDown();
+mouseMoveToElem(host);
+eventSender.mouseUp();
+shouldBeNull('selection.anchorNode');
+shouldBeNull('selection.focusNode');
+
+// Check crash won't happen.
+document.execCommand('delete');
+debug('PASS document.execCommand("delete") did not crash.');
+
+debug('');
+debug('Move mouse from AFTER to HOST');
+
+mouseMoveToElem(after);
+eventSender.mouseDown();
+mouseMoveToElem(host);
+eventSender.mouseUp();
+shouldBeNull('selection.anchorNode');
+shouldBeNull('selection.focusNode');
+// Check crash won't happen.
+document.execCommand('delete');
+debug('PASS document.execCommand("delete") did not crash.');
+
+var successfullyParsed = true;
+</script>
+<script src=""
+</body>
+
+</html>

Modified: trunk/Source/WebCore/ChangeLog (119710 => 119711)


--- trunk/Source/WebCore/ChangeLog	2012-06-07 12:11:29 UTC (rev 119710)
+++ trunk/Source/WebCore/ChangeLog	2012-06-07 12:22:40 UTC (rev 119711)
@@ -1,3 +1,18 @@
+2012-06-07  Shinya Kawanaka  <shin...@chromium.org>
+
+        Delete a contenteditable element having a Shadow DOM causes a crash.
+        https://bugs.webkit.org/show_bug.cgi?id=86345
+
+        Reviewed by Ryosuke Niwa.
+
+        In VisibleSelection::validate(), m_start.downstream() or m_end.upstream() might cross
+        editing boundaries. So we adjust selection after calling them again.
+
+        Test: editing/shadow/select-contenteditable-shadowhost.html
+
+        * editing/VisibleSelection.cpp:
+        (WebCore::VisibleSelection::validate):
+
 2012-06-07  Vivek Galatage  <vivekgalat...@gmail.com>
 
         No new line at the end for SVGCSSPropertyNames.in causes compilation warning

Modified: trunk/Source/WebCore/editing/VisibleSelection.cpp (119710 => 119711)


--- trunk/Source/WebCore/editing/VisibleSelection.cpp	2012-06-07 12:11:29 UTC (rev 119710)
+++ trunk/Source/WebCore/editing/VisibleSelection.cpp	2012-06-07 12:22:40 UTC (rev 119711)
@@ -451,6 +451,11 @@
         // set these two positions to VisiblePosition deepEquivalent()s above)?
         m_start = m_start.downstream();
         m_end = m_end.upstream();
+
+        // FIXME: Position::downstream() or Position::upStream() might violate editing boundaries
+        // if an anchor node has a Shadow DOM. So we adjust selection to avoid crossing editing
+        // boundaries again. See https://bugs.webkit.org/show_bug.cgi?id=87463
+        adjustSelectionToAvoidCrossingEditingBoundaries();
     }
 }
 

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes

Reply via email to