Title: [158738] trunk
- Revision
- 158738
- Author
- [email protected]
- Date
- 2013-11-06 02:55:08 -0800 (Wed, 06 Nov 2013)
Log Message
Fix out-of-date offset in selection range code in range.surroundContents
https://bugs.webkit.org/show_bug.cgi?id=123871
Source/WebCore:
Reviewed by Andreas Kling.
Merge https://chromium.googlesource.com/chromium/blink/+/c89b413ff0fc4aafa0c71d180b0b1e131bb37707
The code in Range::insertNode assumeed that the start offset of the selection range within its container
doesn't change across a call to insertBefore on the container but this is wrong. This patch recomputes
the start offset when it is used after the insertBefore call.
Test: editing/selection/range-surroundContents-with-preceding-node.html
* dom/Range.cpp:
(WebCore::Range::insertNode):
LayoutTests:
Reviewed by Andreas Kling.
* editing/selection/range-surroundContents-with-preceding-node-expected.txt: Added.
* editing/selection/range-surroundContents-with-preceding-node.html: Added.
Modified Paths
Added Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (158737 => 158738)
--- trunk/LayoutTests/ChangeLog 2013-11-06 10:33:02 UTC (rev 158737)
+++ trunk/LayoutTests/ChangeLog 2013-11-06 10:55:08 UTC (rev 158738)
@@ -1,3 +1,13 @@
+2013-11-06 Ryosuke Niwa <[email protected]>
+
+ Fix out-of-date offset in selection range code in range.surroundContents
+ https://bugs.webkit.org/show_bug.cgi?id=123871
+
+ Reviewed by Andreas Kling.
+
+ * editing/selection/range-surroundContents-with-preceding-node-expected.txt: Added.
+ * editing/selection/range-surroundContents-with-preceding-node.html: Added.
+
2013-11-06 Robert Plociennik <[email protected]>
[GTK] accessibility/svg-group-element-with-title.html is failing
Added: trunk/LayoutTests/editing/selection/range-surroundContents-with-preceding-node-expected.txt (0 => 158738)
--- trunk/LayoutTests/editing/selection/range-surroundContents-with-preceding-node-expected.txt (rev 0)
+++ trunk/LayoutTests/editing/selection/range-surroundContents-with-preceding-node-expected.txt 2013-11-06 10:55:08 UTC (rev 158738)
@@ -0,0 +1,9 @@
+PASS successfullyParsed is true
+
+TEST COMPLETE
+PASS root is root
+PASS 3 is 3
+PASS root is root
+PASS 3 is 3
+Test that there is no crash when surroundContents is called with a node preceding the current selection.
+
Added: trunk/LayoutTests/editing/selection/range-surroundContents-with-preceding-node.html (0 => 158738)
--- trunk/LayoutTests/editing/selection/range-surroundContents-with-preceding-node.html (rev 0)
+++ trunk/LayoutTests/editing/selection/range-surroundContents-with-preceding-node.html 2013-11-06 10:55:08 UTC (rev 158738)
@@ -0,0 +1,27 @@
+<!DOCTYPE html>
+<html>
+ <body>
+ <script src=""
+ <script>
+ window._onload_ = function(){
+ var range = document.createRange();
+ var rootNode = document.getElementById("root");
+ range.setStart(rootNode, 4);
+ range.setEnd(rootNode, 6);
+ var parentElement = document.getElementById("targetForSurround");
+ range.surroundContents(parentElement);
+
+ shouldBe(range.startContainer.id, rootNode.id);
+ shouldBe(range.startOffset.toString(), "3");
+ shouldBe(range.endContainer.id, rootNode.id);
+ shouldBe(range.startOffset.toString(), "3");
+ };
+ </script>
+ <script src=""
+ <div id="root">
+ <div id="targetForSurround"></div>
+ <div id="description">Test that there is no crash when surroundContents is called with a node preceding the current selection.</div>
+ <div id="trailingNode"></div>
+ </div>
+ </body>
+</html>
Modified: trunk/Source/WebCore/ChangeLog (158737 => 158738)
--- trunk/Source/WebCore/ChangeLog 2013-11-06 10:33:02 UTC (rev 158737)
+++ trunk/Source/WebCore/ChangeLog 2013-11-06 10:55:08 UTC (rev 158738)
@@ -1,3 +1,21 @@
+2013-11-06 Ryosuke Niwa <[email protected]>
+
+ Fix out-of-date offset in selection range code in range.surroundContents
+ https://bugs.webkit.org/show_bug.cgi?id=123871
+
+ Reviewed by Andreas Kling.
+
+ Merge https://chromium.googlesource.com/chromium/blink/+/c89b413ff0fc4aafa0c71d180b0b1e131bb37707
+
+ The code in Range::insertNode assumeed that the start offset of the selection range within its container
+ doesn't change across a call to insertBefore on the container but this is wrong. This patch recomputes
+ the start offset when it is used after the insertBefore call.
+
+ Test: editing/selection/range-surroundContents-with-preceding-node.html
+
+ * dom/Range.cpp:
+ (WebCore::Range::insertNode):
+
2013-11-06 Andreas Kling <[email protected]>
Add InlineElementBox and stop instantiating InlineBox directly.
Modified: trunk/Source/WebCore/dom/Range.cpp (158737 => 158738)
--- trunk/Source/WebCore/dom/Range.cpp 2013-11-06 10:33:02 UTC (rev 158737)
+++ trunk/Source/WebCore/dom/Range.cpp 2013-11-06 10:55:08 UTC (rev 158738)
@@ -1041,14 +1041,13 @@
if (collapsed)
lastChild = (newNodeType == Node::DOCUMENT_FRAGMENT_NODE) ? newNode->lastChild() : newNode;
- int startOffset = m_start.offset();
container = m_start.container();
- container->insertBefore(newNode.release(), container->childNode(startOffset), ec);
+ container->insertBefore(newNode.release(), container->childNode(m_start.offset()), ec);
if (ec)
return;
if (collapsed && numNewChildren)
- m_end.set(m_start.container(), startOffset + numNewChildren, lastChild.get());
+ m_end.set(m_start.container(), m_start.offset() + numNewChildren, lastChild.get());
}
}
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
