Diff
Modified: trunk/LayoutTests/ChangeLog (201822 => 201823)
--- trunk/LayoutTests/ChangeLog 2016-06-08 19:18:48 UTC (rev 201822)
+++ trunk/LayoutTests/ChangeLog 2016-06-08 19:19:22 UTC (rev 201823)
@@ -1,3 +1,15 @@
+2016-06-07 Ryosuke Niwa <rn...@webkit.org>
+
+ REGRESSION (r201667): ASSERTION FAILED: !m_anchorNode || !editingIgnoresContent(*m_anchorNode)
+ https://bugs.webkit.org/show_bug.cgi?id=158373
+
+ Reviewed by Brent Fulgham.
+
+ Fixed a test so that the assertion failure happens within the test instead of affecting the subsequent test.
+
+ * editing/selection/selection-in-iframe-removed-crash-expected.txt:
+ * editing/selection/selection-in-iframe-removed-crash.html:
+
2016-06-08 Ryan Haddad <ryanhad...@apple.com>
Marking css3/filters/backdrop/dynamic-backdrop-filter-change.html as flaky on Mac
Modified: trunk/LayoutTests/editing/selection/selection-in-iframe-removed-crash-expected.txt (201822 => 201823)
--- trunk/LayoutTests/editing/selection/selection-in-iframe-removed-crash-expected.txt 2016-06-08 19:18:48 UTC (rev 201822)
+++ trunk/LayoutTests/editing/selection/selection-in-iframe-removed-crash-expected.txt 2016-06-08 19:19:22 UTC (rev 201823)
@@ -1 +1 @@
-Test passes if it does not crash.
+Test passes if it does not crash.
Modified: trunk/LayoutTests/editing/selection/selection-in-iframe-removed-crash.html (201822 => 201823)
--- trunk/LayoutTests/editing/selection/selection-in-iframe-removed-crash.html 2016-06-08 19:18:48 UTC (rev 201822)
+++ trunk/LayoutTests/editing/selection/selection-in-iframe-removed-crash.html 2016-06-08 19:19:22 UTC (rev 201823)
@@ -2,8 +2,10 @@
<html>
Test passes if it does not crash.
<script>
-if (window.testRunner)
+if (window.testRunner) {
testRunner.dumpAsText();
+ testRunner.waitUntilDone();
+}
var docElement = document.documentElement;
function crash() {
@@ -21,6 +23,8 @@
range1 = document.createRange();
range1.selectNodeContents(iframe1.contentDocument);
window.getSelection().addRange(range1);
+ if (window.testRunner)
+ testRunner.notifyDone();
}
document.addEventListener("DOMContentLoaded", crash, false);
Modified: trunk/Source/WebCore/ChangeLog (201822 => 201823)
--- trunk/Source/WebCore/ChangeLog 2016-06-08 19:18:48 UTC (rev 201822)
+++ trunk/Source/WebCore/ChangeLog 2016-06-08 19:19:22 UTC (rev 201823)
@@ -1,3 +1,46 @@
+2016-06-07 Ryosuke Niwa <rn...@webkit.org>
+
+ REGRESSION (r201667): ASSERTION FAILED: !m_anchorNode || !editingIgnoresContent(*m_anchorNode)
+ https://bugs.webkit.org/show_bug.cgi?id=158373
+ <rdar://problem/26690795>
+
+ Reviewed by Brent Fulgham.
+
+ The bug was caused by VisibleSelection::toNormalizedRange calling parentAnchoredEquivalent on an orphaned Position.
+ Fixed it by checking that condition and exiting early since we can't create a Range with a detached node anyway.
+
+ Also renamed isNonOrphanedCaretOrRange to isNoneOrOrphaned after negating the semantics for clarity.
+
+ Test: editing/selection/selection-in-iframe-removed-crash.html
+
+ * editing/EditorCommand.cpp:
+ (WebCore::valueFormatBlock):
+ * editing/FrameSelection.cpp:
+ (WebCore::FrameSelection::setSelectionWithoutUpdatingAppearance):
+ * editing/InsertLineBreakCommand.cpp:
+ (WebCore::InsertLineBreakCommand::doApply):
+ * editing/InsertListCommand.cpp:
+ (WebCore::InsertListCommand::doApply):
+ * editing/InsertParagraphSeparatorCommand.cpp:
+ (WebCore::InsertParagraphSeparatorCommand::doApply):
+ * editing/InsertTextCommand.cpp:
+ (WebCore::InsertTextCommand::doApply):
+ * editing/RemoveFormatCommand.cpp:
+ (WebCore::RemoveFormatCommand::doApply):
+ * editing/ReplaceSelectionCommand.cpp:
+ (WebCore::ReplaceSelectionCommand::doApply):
+ * editing/SetSelectionCommand.cpp:
+ (WebCore::SetSelectionCommand::doApply):
+ (WebCore::SetSelectionCommand::doUnapply):
+ * editing/TypingCommand.cpp:
+ (WebCore::TypingCommand::doApply):
+ * editing/VisibleSelection.cpp:
+ (WebCore::VisibleSelection::firstRange): Also added a check for isNoneOrOrphaned since this function can hit the same
+ assertion when the selection end points are orphaned.
+ (WebCore::VisibleSelection::toNormalizedRange): Fixed the bug.
+ * editing/VisibleSelection.h:
+ (WebCore::VisibleSelection::isNoneOrOrphaned): Renamed from isNonOrphanedCaretOrRange and negated the semantics.
+
2016-06-08 Dean Jackson <d...@apple.com>
Multiple selectors break keyframes animation
Modified: trunk/Source/WebCore/editing/EditorCommand.cpp (201822 => 201823)
--- trunk/Source/WebCore/editing/EditorCommand.cpp 2016-06-08 19:18:48 UTC (rev 201822)
+++ trunk/Source/WebCore/editing/EditorCommand.cpp 2016-06-08 19:19:22 UTC (rev 201823)
@@ -1484,7 +1484,7 @@
static String valueFormatBlock(Frame& frame, Event*)
{
const VisibleSelection& selection = frame.selection().selection();
- if (!selection.isNonOrphanedCaretOrRange() || !selection.isContentEditable())
+ if (selection.isNoneOrOrphaned() || !selection.isContentEditable())
return emptyString();
Element* formatBlockElement = FormatBlockCommand::elementForFormatBlockCommand(selection.firstRange().get());
if (!formatBlockElement)
Modified: trunk/Source/WebCore/editing/FrameSelection.cpp (201822 => 201823)
--- trunk/Source/WebCore/editing/FrameSelection.cpp 2016-06-08 19:18:48 UTC (rev 201822)
+++ trunk/Source/WebCore/editing/FrameSelection.cpp 2016-06-08 19:19:22 UTC (rev 201823)
@@ -290,7 +290,7 @@
// It's possible that during the above set selection, this FrameSelection has been modified by
// selectFrameElementInParentIfFullySelected, but that the selection is no longer valid since
// the frame is about to be destroyed. If this is the case, clear our selection.
- if (newSelectionFrame->hasOneRef() && !m_selection.isNonOrphanedCaretOrRange())
+ if (newSelectionFrame->hasOneRef() && m_selection.isNoneOrOrphaned())
clear();
return false;
}
Modified: trunk/Source/WebCore/editing/InsertLineBreakCommand.cpp (201822 => 201823)
--- trunk/Source/WebCore/editing/InsertLineBreakCommand.cpp 2016-06-08 19:18:48 UTC (rev 201822)
+++ trunk/Source/WebCore/editing/InsertLineBreakCommand.cpp 2016-06-08 19:19:22 UTC (rev 201823)
@@ -91,7 +91,7 @@
{
deleteSelection();
VisibleSelection selection = endingSelection();
- if (!selection.isNonOrphanedCaretOrRange())
+ if (selection.isNoneOrOrphaned())
return;
VisiblePosition caret(selection.visibleStart());
Modified: trunk/Source/WebCore/editing/InsertListCommand.cpp (201822 => 201823)
--- trunk/Source/WebCore/editing/InsertListCommand.cpp 2016-06-08 19:18:48 UTC (rev 201822)
+++ trunk/Source/WebCore/editing/InsertListCommand.cpp 2016-06-08 19:19:22 UTC (rev 201823)
@@ -112,12 +112,9 @@
void InsertListCommand::doApply()
{
- if (!endingSelection().isNonOrphanedCaretOrRange())
+ if (endingSelection().isNoneOrOrphaned() || !endingSelection().isContentRichlyEditable())
return;
- if (!endingSelection().rootEditableElement())
- return;
-
VisiblePosition visibleEnd = endingSelection().visibleEnd();
VisiblePosition visibleStart = endingSelection().visibleStart();
// When a selection ends at the start of a paragraph, we rarely paint
Modified: trunk/Source/WebCore/editing/InsertParagraphSeparatorCommand.cpp (201822 => 201823)
--- trunk/Source/WebCore/editing/InsertParagraphSeparatorCommand.cpp 2016-06-08 19:18:48 UTC (rev 201822)
+++ trunk/Source/WebCore/editing/InsertParagraphSeparatorCommand.cpp 2016-06-08 19:19:22 UTC (rev 201823)
@@ -148,7 +148,7 @@
void InsertParagraphSeparatorCommand::doApply()
{
- if (!endingSelection().isNonOrphanedCaretOrRange())
+ if (endingSelection().isNoneOrOrphaned())
return;
Position insertionPosition = endingSelection().start();
Modified: trunk/Source/WebCore/editing/InsertTextCommand.cpp (201822 => 201823)
--- trunk/Source/WebCore/editing/InsertTextCommand.cpp 2016-06-08 19:18:48 UTC (rev 201822)
+++ trunk/Source/WebCore/editing/InsertTextCommand.cpp 2016-06-08 19:19:22 UTC (rev 201823)
@@ -132,7 +132,7 @@
{
ASSERT(m_text.find('\n') == notFound);
- if (!endingSelection().isNonOrphanedCaretOrRange())
+ if (endingSelection().isNoneOrOrphaned())
return;
// Delete the current selection.
Modified: trunk/Source/WebCore/editing/RemoveFormatCommand.cpp (201822 => 201823)
--- trunk/Source/WebCore/editing/RemoveFormatCommand.cpp 2016-06-08 19:18:48 UTC (rev 201822)
+++ trunk/Source/WebCore/editing/RemoveFormatCommand.cpp 2016-06-08 19:19:22 UTC (rev 201823)
@@ -78,7 +78,7 @@
void RemoveFormatCommand::doApply()
{
- if (!endingSelection().isNonOrphanedCaretOrRange())
+ if (endingSelection().isNoneOrOrphaned())
return;
// Get the default style for this editable root, it's the style that we'll give the
Modified: trunk/Source/WebCore/editing/ReplaceSelectionCommand.cpp (201822 => 201823)
--- trunk/Source/WebCore/editing/ReplaceSelectionCommand.cpp 2016-06-08 19:18:48 UTC (rev 201822)
+++ trunk/Source/WebCore/editing/ReplaceSelectionCommand.cpp 2016-06-08 19:19:22 UTC (rev 201823)
@@ -914,12 +914,9 @@
VisibleSelection selection = endingSelection();
ASSERT(selection.isCaretOrRange());
ASSERT(selection.start().deprecatedNode());
- if (!selection.isNonOrphanedCaretOrRange() || !selection.start().deprecatedNode())
+ if (selection.isNoneOrOrphaned() || !selection.start().deprecatedNode() || !selection.isContentEditable())
return;
- if (!selection.rootEditableElement())
- return;
-
// In plain text only regions, we create style-less fragments, so the inserted content will automatically
// match the style of the surrounding area and so we can avoid unnecessary work below for m_matchStyle.
if (!selection.isContentRichlyEditable())
Modified: trunk/Source/WebCore/editing/SetSelectionCommand.cpp (201822 => 201823)
--- trunk/Source/WebCore/editing/SetSelectionCommand.cpp 2016-06-08 19:18:48 UTC (rev 201822)
+++ trunk/Source/WebCore/editing/SetSelectionCommand.cpp 2016-06-08 19:19:22 UTC (rev 201823)
@@ -42,7 +42,7 @@
{
FrameSelection& selection = frame().selection();
- if (selection.shouldChangeSelection(m_selectionToSet) && m_selectionToSet.isNonOrphanedCaretOrRange()) {
+ if (selection.shouldChangeSelection(m_selectionToSet) && !m_selectionToSet.isNoneOrOrphaned()) {
selection.setSelection(m_selectionToSet, m_options);
setEndingSelection(m_selectionToSet);
}
@@ -52,7 +52,7 @@
{
FrameSelection& selection = frame().selection();
- if (selection.shouldChangeSelection(startingSelection()) && startingSelection().isNonOrphanedCaretOrRange())
+ if (selection.shouldChangeSelection(startingSelection()) && !startingSelection().isNoneOrOrphaned())
selection.setSelection(startingSelection(), m_options);
}
Modified: trunk/Source/WebCore/editing/TypingCommand.cpp (201822 => 201823)
--- trunk/Source/WebCore/editing/TypingCommand.cpp 2016-06-08 19:18:48 UTC (rev 201822)
+++ trunk/Source/WebCore/editing/TypingCommand.cpp 2016-06-08 19:19:22 UTC (rev 201823)
@@ -261,9 +261,9 @@
void TypingCommand::doApply()
{
- if (!endingSelection().isNonOrphanedCaretOrRange())
+ if (endingSelection().isNoneOrOrphaned())
return;
-
+
if (m_commandType == DeleteKey)
if (m_commands.isEmpty())
m_openedByBackwardDelete = true;
Modified: trunk/Source/WebCore/editing/VisibleSelection.cpp (201822 => 201823)
--- trunk/Source/WebCore/editing/VisibleSelection.cpp 2016-06-08 19:18:48 UTC (rev 201822)
+++ trunk/Source/WebCore/editing/VisibleSelection.cpp 2016-06-08 19:19:22 UTC (rev 201823)
@@ -125,18 +125,18 @@
RefPtr<Range> VisibleSelection::firstRange() const
{
- if (isNone())
+ if (isNoneOrOrphaned())
return nullptr;
Position start = m_start.parentAnchoredEquivalent();
Position end = m_end.parentAnchoredEquivalent();
- if (start.isNull() || end.isNull())
+ if (start.isNull() || start.isOrphan() || end.isNull() || end.isOrphan())
return nullptr;
return Range::create(start.anchorNode()->document(), start, end);
}
RefPtr<Range> VisibleSelection::toNormalizedRange() const
{
- if (isNone())
+ if (isNoneOrOrphaned())
return nullptr;
// Make sure we have an updated layout since this function is called
@@ -146,7 +146,7 @@
m_start.anchorNode()->document().updateLayout();
// Check again, because updating layout can clear the selection.
- if (isNone())
+ if (isNoneOrOrphaned())
return nullptr;
Position s, e;
Modified: trunk/Source/WebCore/editing/VisibleSelection.h (201822 => 201823)
--- trunk/Source/WebCore/editing/VisibleSelection.h 2016-06-08 19:18:48 UTC (rev 201822)
+++ trunk/Source/WebCore/editing/VisibleSelection.h 2016-06-08 19:19:22 UTC (rev 201823)
@@ -77,7 +77,7 @@
bool isRange() const { return selectionType() == RangeSelection; }
bool isCaretOrRange() const { return selectionType() != NoSelection; }
bool isNonOrphanedRange() const { return isRange() && !start().isOrphan() && !end().isOrphan(); }
- bool isNonOrphanedCaretOrRange() const { return isCaretOrRange() && !start().isOrphan() && !end().isOrphan(); }
+ bool isNoneOrOrphaned() const { return isNone() || start().isOrphan() || end().isOrphan(); }
bool isBaseFirst() const { return m_baseIsFirst; }
bool isDirectional() const { return m_isDirectional; }
