[webkit-changes] [150469] trunk

Tue, 21 May 2013 12:32:52 -0700

Title: [150469] trunk
Revision
150469
Author
[email protected]
Date
2013-05-21 12:34:31 -0700 (Tue, 21 May 2013)

Log Message

dispatchEvent call can execute _javascript_ and blow away endRoot from underneath
https://bugs.webkit.org/show_bug.cgi?id=116483

Source/WebCore: 

Reviewed by Andreas Kling.
        
Merge https://chromium.googlesource.com/chromium/blink/+/798cba0af9b2aff21e475e2e08ea3ca5e97dfc2c.

Test: editing/undo/undo-after-event-edited.html

* editing/Editor.cpp:
(WebCore::dispatchEditableContentChangedEvents):

LayoutTests: 

Reviewed by Andreas Kling.

Add a regression test.

* editing/undo/undo-after-event-edited-expected.txt: Added.
* editing/undo/undo-after-event-edited.html: Added.

Modified Paths

Added Paths

Diff

Modified: trunk/LayoutTests/ChangeLog (150468 => 150469)


--- trunk/LayoutTests/ChangeLog	2013-05-21 19:32:07 UTC (rev 150468)
+++ trunk/LayoutTests/ChangeLog	2013-05-21 19:34:31 UTC (rev 150469)
@@ -1,3 +1,15 @@
+2013-05-20  Ryosuke Niwa  <[email protected]>
+
+        dispatchEvent call can execute _javascript_ and blow away endRoot from underneath
+        https://bugs.webkit.org/show_bug.cgi?id=116483
+
+        Reviewed by Andreas Kling.
+
+        Add a regression test.
+
+        * editing/undo/undo-after-event-edited-expected.txt: Added.
+        * editing/undo/undo-after-event-edited.html: Added.
+
 2013-05-21  Ryosuke Niwa  <[email protected]>
 
         media/track/track-cue-rendering-snap-to-lines-not-set.html is failing

Added: trunk/LayoutTests/editing/undo/undo-after-event-edited-expected.txt (0 => 150469)


--- trunk/LayoutTests/editing/undo/undo-after-event-edited-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/editing/undo/undo-after-event-edited-expected.txt	2013-05-21 19:34:31 UTC (rev 150469)
@@ -0,0 +1 @@
+Pass. Test didn't crash.

Added: trunk/LayoutTests/editing/undo/undo-after-event-edited.html (0 => 150469)


--- trunk/LayoutTests/editing/undo/undo-after-event-edited.html	                        (rev 0)
+++ trunk/LayoutTests/editing/undo/undo-after-event-edited.html	2013-05-21 19:34:31 UTC (rev 150469)
@@ -0,0 +1,51 @@
+<!DOCTYPE html>
+<html>
+<head>
+<style>
+* { display:run-in; }
+.collapse { visibility:collapse; }
+</style>
+<script>
+
+if (window.testRunner) {
+    window.testRunner.dumpAsText();
+    window.testRunner.waitUntilDone();
+}
+
+document.designMode = "on";
+var scriptElements = document.getElementsByTagName("script");
+scriptElements[0].parentNode.removeChild(scriptElements[0]);
+var eventHandlerActive = false;
+
+document.addEventListener("webkitEditableContentChanged", function () {
+    if (eventHandlerActive)
+        return;
+    eventHandlerActive = true;
+    var srcElement = event.srcElement;
+    document.execCommand('InsertText',false,'dummy text');
+    srcElement.textContent = "Pass. Test didn't crash.";
+    eventHandlerActive = false;
+    if (window.testRunner)
+        testRunner.notifyDone();
+}, true);
+
+document.addEventListener("DOMCharacterDataModified", function () {
+    document.execCommand('InsertParagraph',false,false);
+}, false);
+
+setTimeout(function() {
+  document.execCommand("SelectAll", false)
+  var documentFragment = getSelection().getRangeAt(0).extractContents();
+  document.execCommand('Undo', false);
+}, 1);
+
+</script>
+</head>
+<body>
+<table class="collapse">
+<caption>
+original text
+</caption>
+</table>
+</body>
+</html>

Modified: trunk/Source/WebCore/ChangeLog (150468 => 150469)


--- trunk/Source/WebCore/ChangeLog	2013-05-21 19:32:07 UTC (rev 150468)
+++ trunk/Source/WebCore/ChangeLog	2013-05-21 19:34:31 UTC (rev 150469)
@@ -1,3 +1,17 @@
+2013-05-20  Ryosuke Niwa  <[email protected]>
+
+        dispatchEvent call can execute _javascript_ and blow away endRoot from underneath
+        https://bugs.webkit.org/show_bug.cgi?id=116483
+
+        Reviewed by Andreas Kling.
+        
+        Merge https://chromium.googlesource.com/chromium/blink/+/798cba0af9b2aff21e475e2e08ea3ca5e97dfc2c.
+
+        Test: editing/undo/undo-after-event-edited.html
+
+        * editing/Editor.cpp:
+        (WebCore::dispatchEditableContentChangedEvents):
+
 2013-05-21  Antti Koivisto  <[email protected]>
 
         Remove ContentDistribution

Modified: trunk/Source/WebCore/editing/Editor.cpp (150468 => 150469)


--- trunk/Source/WebCore/editing/Editor.cpp	2013-05-21 19:32:07 UTC (rev 150468)
+++ trunk/Source/WebCore/editing/Editor.cpp	2013-05-21 19:34:31 UTC (rev 150469)
@@ -831,8 +831,10 @@
     applyCommand(IndentOutdentCommand::create(m_frame->document(), IndentOutdentCommand::Outdent));
 }
 
-static void dispatchEditableContentChangedEvents(Element* startRoot, Element* endRoot)
+static void dispatchEditableContentChangedEvents(RefPtr<Element> prpStartRoot, PassRefPtr<Element> prpEndRoot)
 {
+    RefPtr<Element> startRoot = prpStartRoot;
+    RefPtr<Element> endRoot = prpEndRoot;
     if (startRoot)
         startRoot->dispatchEvent(Event::create(eventNames().webkitEditableContentChangedEvent, false, false), IGNORE_EXCEPTION);
     if (endRoot && endRoot != startRoot)

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to