Title: [191647] trunk
- Revision
- 191647
- Author
- commit-qu...@webkit.org
- Date
- 2015-10-27 17:35:24 -0700 (Tue, 27 Oct 2015)
Log Message
Null dereference loading Blink layout test editing/execCommand/format-block-uneditable-crash.html
https://bugs.webkit.org/show_bug.cgi?id=150207
<rdar://problem/23137066>
Patch by Jiewen Tan <jiewen_...@apple.com> on 2015-10-27
Reviewed by Enrica Casucci.
Source/WebCore:
This is a merge of Blink r200238:
https://codereview.chromium.org/1280263002
Test: editing/execCommand/format-block-uneditable-crash.html
* editing/ApplyBlockElementCommand.cpp:
(WebCore::ApplyBlockElementCommand::rangeForParagraphSplittingTextNodesIfNeeded):
splitTextNode() will return early if the given text node is not editable. Hence, check
its editablity before calling the method.
LayoutTests:
* editing/execCommand/format-block-uneditable-crash-expected.txt: Added.
* editing/execCommand/format-block-uneditable-crash.html: Added.
Modified Paths
Added Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (191646 => 191647)
--- trunk/LayoutTests/ChangeLog 2015-10-28 00:34:04 UTC (rev 191646)
+++ trunk/LayoutTests/ChangeLog 2015-10-28 00:35:24 UTC (rev 191647)
@@ -1,3 +1,14 @@
+2015-10-27 Jiewen Tan <jiewen_...@apple.com>
+
+ Null dereference loading Blink layout test editing/execCommand/format-block-uneditable-crash.html
+ https://bugs.webkit.org/show_bug.cgi?id=150207
+ <rdar://problem/23137066>
+
+ Reviewed by Enrica Casucci.
+
+ * editing/execCommand/format-block-uneditable-crash-expected.txt: Added.
+ * editing/execCommand/format-block-uneditable-crash.html: Added.
+
2015-10-27 Wenson Hsieh <wenson_hs...@apple.com>
Unreviewed, fix a failing iOS WK2 test.
Added: trunk/LayoutTests/editing/execCommand/format-block-uneditable-crash-expected.txt (0 => 191647)
--- trunk/LayoutTests/editing/execCommand/format-block-uneditable-crash-expected.txt (rev 0)
+++ trunk/LayoutTests/editing/execCommand/format-block-uneditable-crash-expected.txt 2015-10-28 00:35:24 UTC (rev 191647)
@@ -0,0 +1,9 @@
+EDITING DELEGATE: shouldBeginEditingInDOMRange:range from 0 of PRE > BODY > HTML > #document to 3 of PRE > BODY > HTML > #document
+EDITING DELEGATE: webViewDidBeginEditing:WebViewDidBeginEditingNotification
+EDITING DELEGATE: webViewDidChangeSelection:WebViewDidChangeSelectionNotification
+EDITING DELEGATE: webViewDidChangeSelection:WebViewDidChangeSelectionNotification
+EDITING DELEGATE: shouldChangeSelectedDOMRange:range from 1 of PRE > BODY > HTML > #document to 2 of PRE > BODY > HTML > #document toDOMRange:range from 0 of #text > H1 > PRE > BODY > HTML > #document to 3 of #text > H1 > PRE > BODY > HTML > #document affinity:NSSelectionAffinityDownstream stillSelecting:FALSE
+EDITING DELEGATE: webViewDidChangeSelection:WebViewDidChangeSelectionNotification
+EDITING DELEGATE: webViewDidChange:WebViewDidChangeNotification
+EDITING DELEGATE: webViewDidEndEditing:WebViewDidEndEditingNotification
+PASS. WebKit didn't crash.
Added: trunk/LayoutTests/editing/execCommand/format-block-uneditable-crash.html (0 => 191647)
--- trunk/LayoutTests/editing/execCommand/format-block-uneditable-crash.html (rev 0)
+++ trunk/LayoutTests/editing/execCommand/format-block-uneditable-crash.html 2015-10-28 00:35:24 UTC (rev 191647)
@@ -0,0 +1,28 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script src=""
+
+<script>
+if (window.testRunner)
+ testRunner.dumpAsText();
+
+function editingTest() {
+ var container = document.getElementById('sample');
+ var range = document.createRange()
+ range.setEndAfter(container.lastChild);
+ window.getSelection().addRange(range);
+ document.execCommand('formatblock', false, '<h1>');
+ document.write("PASS. WebKit didn't crash.");
+};
+</script>
+</head>
+<body _onload_=runEditingTest()>
+<pre id="sample" contenteditable="true">
+foo
+<div contenteditable="false">bar
+</div>
+
+</pre>
+</body>
+</html>
Modified: trunk/Source/WebCore/ChangeLog (191646 => 191647)
--- trunk/Source/WebCore/ChangeLog 2015-10-28 00:34:04 UTC (rev 191646)
+++ trunk/Source/WebCore/ChangeLog 2015-10-28 00:35:24 UTC (rev 191647)
@@ -1,3 +1,21 @@
+2015-10-27 Jiewen Tan <jiewen_...@apple.com>
+
+ Null dereference loading Blink layout test editing/execCommand/format-block-uneditable-crash.html
+ https://bugs.webkit.org/show_bug.cgi?id=150207
+ <rdar://problem/23137066>
+
+ Reviewed by Enrica Casucci.
+
+ This is a merge of Blink r200238:
+ https://codereview.chromium.org/1280263002
+
+ Test: editing/execCommand/format-block-uneditable-crash.html
+
+ * editing/ApplyBlockElementCommand.cpp:
+ (WebCore::ApplyBlockElementCommand::rangeForParagraphSplittingTextNodesIfNeeded):
+ splitTextNode() will return early if the given text node is not editable. Hence, check
+ its editablity before calling the method.
+
2015-10-27 Brady Eidson <beid...@apple.com>
Modern IDB: IDBTransaction.objectStore() support.
Modified: trunk/Source/WebCore/editing/ApplyBlockElementCommand.cpp (191646 => 191647)
--- trunk/Source/WebCore/editing/ApplyBlockElementCommand.cpp 2015-10-28 00:34:04 UTC (rev 191646)
+++ trunk/Source/WebCore/editing/ApplyBlockElementCommand.cpp 2015-10-28 00:35:24 UTC (rev 191647)
@@ -233,8 +233,8 @@
m_endOfLastParagraph = end;
}
- // If end is in the middle of a text node, split.
- if (!endStyle->collapseWhiteSpace() && end.offsetInContainerNode() && end.offsetInContainerNode() < end.containerNode()->maxCharacterOffset()) {
+ // If end is in the middle of a text node and the text node is editable, split.
+ if (endStyle->userModify() != READ_ONLY && !endStyle->collapseWhiteSpace() && end.offsetInContainerNode() && end.offsetInContainerNode() < end.containerNode()->maxCharacterOffset()) {
RefPtr<Text> endContainer = end.containerText();
splitTextNode(endContainer, end.offsetInContainerNode());
if (isStartAndEndOnSameNode)
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes