[webkit-changes] [198434] branches/safari-601.1.46-branch

Sun, 20 Mar 2016 03:15:38 -0700

Title: [198434] branches/safari-601.1.46-branch

Diff

Modified: branches/safari-601.1.46-branch/LayoutTests/ChangeLog (198433 => 198434)


--- branches/safari-601.1.46-branch/LayoutTests/ChangeLog	2016-03-18 18:32:11 UTC (rev 198433)
+++ branches/safari-601.1.46-branch/LayoutTests/ChangeLog	2016-03-18 18:37:12 UTC (rev 198434)
@@ -1,5 +1,20 @@
 2016-03-18  Babak Shafiei  <[email protected]>
 
+        Merge r192285.
+
+    2015-11-10  Pranjal Jumde  <[email protected]>
+
+            Fixed crash loading Mozilla layout test editor/libeditor/crashtests/431086-1.xhtml.
+            https://bugs.webkit.org/show_bug.cgi?id=150252
+            <rdar://problem/23149470>
+
+            Reviewed by Brent Fulgham.
+
+            * LayoutTests/editing/execCommand/150252.xhtml
+            * LayoutTests/editing/execCommand/150252-expected.txt
+
+2016-03-18  Babak Shafiei  <[email protected]>
+
         Merge r198377.
 
     2016-03-17  Brent Fulgham  <[email protected]>

Copied: branches/safari-601.1.46-branch/LayoutTests/editing/execCommand/150252-expected.txt (from rev 198433, branches/safari-601-branch/LayoutTests/editing/execCommand/150252-expected.txt) (0 => 198434)


--- branches/safari-601.1.46-branch/LayoutTests/editing/execCommand/150252-expected.txt	                        (rev 0)
+++ branches/safari-601.1.46-branch/LayoutTests/editing/execCommand/150252-expected.txt	2016-03-18 18:37:12 UTC (rev 198434)
@@ -0,0 +1 @@
+This test passes if it doesn't crash. https://bugs.webkit.org/show_bug.cgi?id=150252

Copied: branches/safari-601.1.46-branch/LayoutTests/editing/execCommand/150252.xhtml (from rev 198433, branches/safari-601-branch/LayoutTests/editing/execCommand/150252.xhtml) (0 => 198434)


--- branches/safari-601.1.46-branch/LayoutTests/editing/execCommand/150252.xhtml	                        (rev 0)
+++ branches/safari-601.1.46-branch/LayoutTests/editing/execCommand/150252.xhtml	2016-03-18 18:37:12 UTC (rev 198434)
@@ -0,0 +1,26 @@
+<div id="150252" xmlns="http://www.w3.org/1999/xhtml">
+
+<script type="text/_javascript_">
+
+function boom()
+{
+  if (window.testRunner)
+    testRunner.dumpAsText();
+
+  var r = document.documentElement;
+  r.style.position = "absolute";
+  r.contentEditable = "true";
+  r.focus();
+  r.contentEditable = "false";
+  r.focus();
+  r.contentEditable = "true";
+  document.execCommand("subscript", false, null);
+  r.contentEditable = "false";
+  document.getElementById("150252").innerHTML = "This test passes if it doesn't crash. https://bugs.webkit.org/show_bug.cgi?id=150252";
+}
+
+window.addEventListener("load", boom, false);
+
+</script>
+
+</div>

Modified: branches/safari-601.1.46-branch/Source/WebCore/ChangeLog (198433 => 198434)


--- branches/safari-601.1.46-branch/Source/WebCore/ChangeLog	2016-03-18 18:32:11 UTC (rev 198433)
+++ branches/safari-601.1.46-branch/Source/WebCore/ChangeLog	2016-03-18 18:37:12 UTC (rev 198434)
@@ -1,5 +1,29 @@
 2016-03-18  Babak Shafiei  <[email protected]>
 
+        Merge r192285.
+
+        * dom/ContainerNode.cpp:
+        (WebCore::ContainerNode::ensurePreInsertionValidity): Added.
+        * dom/ContainerNode.h:
+
+    2015-11-10  Pranjal Jumde  <[email protected]>
+
+            Fixed crash loading Mozilla layout test editor/libeditor/crashtests/431086-1.xhtml.
+            https://bugs.webkit.org/show_bug.cgi?id=150252
+            <rdar://problem/23149470>
+
+            Reviewed by Brent Fulgham.
+
+            * Source/WebCore/editing/ios/EditorIOS.mm
+            * Source/WebCore/editing/mac/EditorMac.mm
+              In Editor::fontForSelection moved the node removal code, so that the
+              node is only removed if style is not NULL.
+            * Source/WebCore/editing/cocoa/EditorCocoa.mm
+              In Editor::styleForSelectionStart checking if the parentNode can 
+              accept the styleElement node.
+
+2016-03-18  Babak Shafiei  <[email protected]>
+
         Merge r198377.
 
     2016-03-17  Brent Fulgham  <[email protected]>

Modified: branches/safari-601.1.46-branch/Source/WebCore/dom/ContainerNode.cpp (198433 => 198434)


--- branches/safari-601.1.46-branch/Source/WebCore/dom/ContainerNode.cpp	2016-03-18 18:32:11 UTC (rev 198433)
+++ branches/safari-601.1.46-branch/Source/WebCore/dom/ContainerNode.cpp	2016-03-18 18:37:12 UTC (rev 198434)
@@ -222,6 +222,12 @@
     return true;
 }
 
+bool ContainerNode::ensurePreInsertionValidity(Node& newChild, Node* refChild, ExceptionCode& ec)
+{
+    ec = checkAcceptChild(this, &newChild, refChild);
+    return !ec;
+}
+
 static inline bool checkAddChild(ContainerNode* newParent, Node* newChild, ExceptionCode& ec)
 {
     ec = checkAcceptChild(newParent, newChild, 0);

Modified: branches/safari-601.1.46-branch/Source/WebCore/dom/ContainerNode.h (198433 => 198434)


--- branches/safari-601.1.46-branch/Source/WebCore/dom/ContainerNode.h	2016-03-18 18:32:11 UTC (rev 198433)
+++ branches/safari-601.1.46-branch/Source/WebCore/dom/ContainerNode.h	2016-03-18 18:37:12 UTC (rev 198434)
@@ -153,6 +153,8 @@
     Element* lastElementChild() const;
     unsigned childElementCount() const;
 
+    bool ensurePreInsertionValidity(Node& newChild, Node* refChild, ExceptionCode&);
+
 protected:
     explicit ContainerNode(Document&, ConstructionType = CreateContainer);

Modified: branches/safari-601.1.46-branch/Source/WebCore/editing/cocoa/EditorCocoa.mm (198433 => 198434)


--- branches/safari-601.1.46-branch/Source/WebCore/editing/cocoa/EditorCocoa.mm	2016-03-18 18:32:11 UTC (rev 198433)
+++ branches/safari-601.1.46-branch/Source/WebCore/editing/cocoa/EditorCocoa.mm	2016-03-18 18:37:12 UTC (rev 198434)
@@ -63,8 +63,13 @@
 
     styleElement->appendChild(frame->document()->createEditingTextNode(""), ASSERT_NO_EXCEPTION);
 
-    position.deprecatedNode()->parentNode()->appendChild(styleElement, ASSERT_NO_EXCEPTION);
+    ContainerNode* parentNode = position.deprecatedNode()->parentNode();
 
+    if (!parentNode->ensurePreInsertionValidity(*styleElement, nullptr, IGNORE_EXCEPTION))
+        return nullptr;
+
+    parentNode->appendChild(styleElement, ASSERT_NO_EXCEPTION);
+
     nodeToRemove = styleElement.get();
 
     frame->document()->updateStyleIfNeeded();

Modified: branches/safari-601.1.46-branch/Source/WebCore/editing/ios/EditorIOS.mm (198433 => 198434)


--- branches/safari-601.1.46-branch/Source/WebCore/editing/ios/EditorIOS.mm	2016-03-18 18:32:11 UTC (rev 198433)
+++ branches/safari-601.1.46-branch/Source/WebCore/editing/ios/EditorIOS.mm	2016-03-18 18:37:12 UTC (rev 198434)
@@ -192,13 +192,10 @@
         RenderStyle* style = styleForSelectionStart(&m_frame, nodeToRemove); // sets nodeToRemove
 
         const Font* result = nullptr;
-        if (style)
+        if (style) {
             result = &style->fontCascade().primaryFont();
-
-        if (nodeToRemove) {
-            ExceptionCode ec;
-            nodeToRemove->remove(ec);
-            ASSERT(!ec);
+            if (nodeToRemove)
+                nodeToRemove->remove(ASSERT_NO_EXCEPTION);
         }
 
         return result;

Modified: branches/safari-601.1.46-branch/Source/WebCore/editing/mac/EditorMac.mm (198433 => 198434)


--- branches/safari-601.1.46-branch/Source/WebCore/editing/mac/EditorMac.mm	2016-03-18 18:32:11 UTC (rev 198433)
+++ branches/safari-601.1.46-branch/Source/WebCore/editing/mac/EditorMac.mm	2016-03-18 18:37:12 UTC (rev 198434)
@@ -118,12 +118,11 @@
         RenderStyle* style = styleForSelectionStart(&m_frame, nodeToRemove); // sets nodeToRemove
 
         const Font* result = nullptr;
-        if (style)
+        if (style) {
             result = &style->fontCascade().primaryFont();
-
-        if (nodeToRemove)
-            nodeToRemove->remove(ASSERT_NO_EXCEPTION);
-
+            if (nodeToRemove)
+                nodeToRemove->remove(ASSERT_NO_EXCEPTION);
+        }
         return result;
     }
 

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to