Diff
Modified: branches/safari-602-branch/Source/WebCore/ChangeLog (208261 => 208262)
--- branches/safari-602-branch/Source/WebCore/ChangeLog 2016-11-01 23:51:54 UTC (rev 208261)
+++ branches/safari-602-branch/Source/WebCore/ChangeLog 2016-11-02 00:25:51 UTC (rev 208262)
@@ -1,5 +1,9 @@
2016-11-01 Matthew Hanson <matthew_han...@apple.com>
+ Rollout r208255. rdar://problem/28962886
+
+2016-11-01 Matthew Hanson <matthew_han...@apple.com>
+
Rollout r208173. rdar://problem/28962886
2016-11-01 Matthew Hanson <matthew_han...@apple.com>
Modified: branches/safari-602-branch/Source/WebCore/editing/AlternativeTextController.cpp (208261 => 208262)
--- branches/safari-602-branch/Source/WebCore/editing/AlternativeTextController.cpp 2016-11-01 23:51:54 UTC (rev 208261)
+++ branches/safari-602-branch/Source/WebCore/editing/AlternativeTextController.cpp 2016-11-02 00:25:51 UTC (rev 208262)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2006, 2007, 2008 Apple Inc. All rights reserved.
+ * Copyright (C) 2006-2008, 2016 Apple Inc. All rights reserved.
* Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies)
*
* Redistribution and use in source and binary forms, with or without
@@ -317,6 +317,8 @@
{
if (AlternativeTextClient* client = alternativeTextClient())
client->recordAutocorrectionResponse(AutocorrectionReverted, corrected, correction);
+
+ Ref<Frame> protector(m_frame);
m_frame.document()->updateLayout();
m_frame.selection().setSelection(selectionOfCorrected, FrameSelection::defaultSetSelectionOptions() | FrameSelection::SpellCorrectionTriggered);
RefPtr<Range> range = Range::create(*m_frame.document(), m_frame.selection().selection().start(), m_frame.selection().selection().end());
Modified: branches/safari-602-branch/Source/WebCore/editing/Editor.cpp (208261 => 208262)
--- branches/safari-602-branch/Source/WebCore/editing/Editor.cpp 2016-11-01 23:51:54 UTC (rev 208261)
+++ branches/safari-602-branch/Source/WebCore/editing/Editor.cpp 2016-11-02 00:25:51 UTC (rev 208262)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2006, 2007, 2008, 2011, 2013-2015 Apple Inc. All rights reserved.
+ * Copyright (C) 2006-2008, 2011, 2013-2016 Apple Inc. All rights reserved.
* Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies)
*
* Redistribution and use in source and binary forms, with or without
@@ -1790,6 +1790,8 @@
void Editor::setComposition(const String& text, const Vector<CompositionUnderline>& underlines, unsigned selectionStart, unsigned selectionEnd)
{
+ Ref<Frame> protection(m_frame);
+
UserTypingGestureIndicator typingGestureIndicator(m_frame);
setIgnoreCompositionSelectionChange(true);
@@ -1923,6 +1925,8 @@
#if !PLATFORM(IOS)
void Editor::advanceToNextMisspelling(bool startBeforeSelection)
{
+ Ref<Frame> protection(m_frame);
+
// The basic approach is to search in two phases - from the selection end to the end of the doc, and
// then we wrap and search from the doc start to (approximately) where we started.
@@ -2241,6 +2245,8 @@
void Editor::markMisspellingsAfterTypingToWord(const VisiblePosition &wordStart, const VisibleSelection& selectionAfterTyping, bool doReplacement)
{
+ Ref<Frame> protection(m_frame);
+
#if PLATFORM(IOS)
UNUSED_PARAM(selectionAfterTyping);
UNUSED_PARAM(doReplacement);
@@ -2491,6 +2497,7 @@
void Editor::markAndReplaceFor(PassRefPtr<SpellCheckRequest> request, const Vector<TextCheckingResult>& results)
{
+ Ref<Frame> protection(m_frame);
ASSERT(request);
TextCheckingTypeMask textCheckingOptions = request->data().mask();
@@ -2949,6 +2956,8 @@
void Editor::changeSelectionAfterCommand(const VisibleSelection& newSelection, FrameSelection::SetSelectionOptions options)
{
+ Ref<Frame> protection(m_frame);
+
// If the new selection is orphaned, then don't update the selection.
if (newSelection.start().isOrphan() || newSelection.end().isOrphan())
return;
@@ -3139,6 +3148,8 @@
bool Editor::findString(const String& target, FindOptions options)
{
+ Ref<Frame> protection(m_frame);
+
VisibleSelection selection = m_frame.selection().selection();
RefPtr<Range> resultRange = rangeOfString(target, selection.firstRange().get(), options);
Modified: branches/safari-602-branch/Source/WebCore/editing/EditorCommand.cpp (208261 => 208262)
--- branches/safari-602-branch/Source/WebCore/editing/EditorCommand.cpp 2016-11-01 23:51:54 UTC (rev 208261)
+++ branches/safari-602-branch/Source/WebCore/editing/EditorCommand.cpp 2016-11-02 00:25:51 UTC (rev 208262)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2006, 2007, 2008, 2014 Apple Inc. All rights reserved.
+ * Copyright (C) 2006-2008, 2014, 2016 Apple Inc. All rights reserved.
* Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies)
* Copyright (C) 2009 Igalia S.L.
*
@@ -1061,6 +1061,7 @@
static bool executeSwapWithMark(Frame& frame, Event*, EditorCommandSource, const String&)
{
+ Ref<Frame> protector(frame);
const VisibleSelection& mark = frame.editor().mark();
const VisibleSelection& selection = frame.selection().selection();
if (mark.isNone() || selection.isNone()) {
Modified: branches/safari-602-branch/Source/WebCore/editing/TypingCommand.cpp (208261 => 208262)
--- branches/safari-602-branch/Source/WebCore/editing/TypingCommand.cpp 2016-11-01 23:51:54 UTC (rev 208261)
+++ branches/safari-602-branch/Source/WebCore/editing/TypingCommand.cpp 2016-11-02 00:25:51 UTC (rev 208262)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2005, 2006, 2007, 2008 Apple Inc. All rights reserved.
+ * Copyright (C) 2005-2008, 2016 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -475,6 +475,7 @@
void TypingCommand::deleteKeyPressed(TextGranularity granularity, bool shouldAddToKillRing)
{
Frame& frame = this->frame();
+ Ref<Frame> protector(frame);
frame.editor().updateMarkersForWordsAffectedByEditing(false);
@@ -588,6 +589,7 @@
void TypingCommand::forwardDeleteKeyPressed(TextGranularity granularity, bool shouldAddToKillRing)
{
Frame& frame = this->frame();
+ Ref<Frame> protector(frame);
frame.editor().updateMarkersForWordsAffectedByEditing(false);
Modified: branches/safari-602-branch/Source/WebCore/editing/mac/EditorMac.mm (208261 => 208262)
--- branches/safari-602-branch/Source/WebCore/editing/mac/EditorMac.mm 2016-11-01 23:51:54 UTC (rev 208261)
+++ branches/safari-602-branch/Source/WebCore/editing/mac/EditorMac.mm 2016-11-02 00:25:51 UTC (rev 208262)
@@ -260,6 +260,7 @@
if (&node->document() != m_frame.document())
return;
+ Ref<Frame> protector(m_frame);
RefPtr<Range> range = Range::create(node->document(), Position(node, Position::PositionIsBeforeAnchor), Position(node, Position::PositionIsAfterAnchor));
m_frame.selection().setSelection(VisibleSelection(*range), FrameSelection::DoNotSetFocus);
Modified: branches/safari-602-branch/Source/WebCore/page/ContextMenuController.cpp (208261 => 208262)
--- branches/safari-602-branch/Source/WebCore/page/ContextMenuController.cpp 2016-11-01 23:51:54 UTC (rev 208261)
+++ branches/safari-602-branch/Source/WebCore/page/ContextMenuController.cpp 2016-11-02 00:25:51 UTC (rev 208262)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2006, 2007 Apple Inc. All rights reserved.
+ * Copyright (C) 2006-2007, 2016 Apple Inc. All rights reserved.
* Copyright (C) 2010 Igalia S.L
*
* Redistribution and use in source and binary forms, with or without
@@ -223,6 +223,8 @@
if (!frame)
return;
+ Ref<Frame> protector(*frame);
+
switch (action) {
case ContextMenuItemTagOpenLinkInNewWindow:
openNewWindow(m_context.hitTestResult().absoluteLinkURL(), frame, ShouldOpenExternalURLsPolicy::ShouldAllowExternalSchemes);
Modified: branches/safari-602-branch/Source/WebCore/page/DOMSelection.cpp (208261 => 208262)
--- branches/safari-602-branch/Source/WebCore/page/DOMSelection.cpp 2016-11-01 23:51:54 UTC (rev 208261)
+++ branches/safari-602-branch/Source/WebCore/page/DOMSelection.cpp 2016-11-02 00:25:51 UTC (rev 208262)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2007, 2009 Apple Inc. All rights reserved.
+ * Copyright (C) 2007, 2009, 2016 Apple Inc. All rights reserved.
* Copyright (C) 2012 Google Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -201,6 +201,7 @@
return;
// FIXME: Eliminate legacy editing positions
+ Ref<Frame> protector(*m_frame);
m_frame->selection().moveTo(createLegacyEditingPosition(node, offset), DOWNSTREAM);
}
@@ -216,6 +217,7 @@
return;
}
+ Ref<Frame> protector(*m_frame);
m_frame->selection().moveTo(selection.end(), DOWNSTREAM);
}
@@ -231,6 +233,7 @@
return;
}
+ Ref<Frame> protector(*m_frame);
m_frame->selection().moveTo(selection.start(), DOWNSTREAM);
}
@@ -255,6 +258,7 @@
return;
// FIXME: Eliminate legacy editing positions
+ Ref<Frame> protector(*m_frame);
m_frame->selection().moveTo(createLegacyEditingPosition(baseNode, baseOffset), createLegacyEditingPosition(extentNode, extentOffset), DOWNSTREAM);
}
@@ -271,6 +275,7 @@
return;
// FIXME: Eliminate legacy editing positions
+ Ref<Frame> protector(*m_frame);
m_frame->selection().moveTo(createLegacyEditingPosition(node, offset), DOWNSTREAM);
}
@@ -321,6 +326,7 @@
else
return;
+ Ref<Frame> protector(*m_frame);
m_frame->selection().modify(alter, direction, granularity);
}
@@ -338,6 +344,7 @@
return;
// FIXME: Eliminate legacy editing positions
+ Ref<Frame> protector(*m_frame);
m_frame->selection().setExtent(createLegacyEditingPosition(&node, offset), DOWNSTREAM);
}
@@ -377,6 +384,8 @@
if (!r)
return;
+ Ref<Frame> protector(*m_frame);
+
FrameSelection& selection = m_frame->selection();
if (selection.isNone()) {
@@ -428,6 +437,7 @@
if (!selectedRange)
return;
+ Ref<Frame> protector(*m_frame);
selectedRange->deleteContents(ASSERT_NO_EXCEPTION);
setBaseAndExtent(&selectedRange->startContainer(), selectedRange->startOffset(), &selectedRange->startContainer(), selectedRange->startOffset(), ASSERT_NO_EXCEPTION);
Modified: branches/safari-602-branch/Source/WebCore/page/DragController.cpp (208261 => 208262)
--- branches/safari-602-branch/Source/WebCore/page/DragController.cpp 2016-11-01 23:51:54 UTC (rev 208261)
+++ branches/safari-602-branch/Source/WebCore/page/DragController.cpp 2016-11-02 00:25:51 UTC (rev 208262)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2007, 2009, 2010, 2013, 2015 Apple Inc. All rights reserved.
+ * Copyright (C) 2007, 2009-2010, 2013, 2015-2016 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -432,6 +432,7 @@
static bool setSelectionToDragCaret(Frame* frame, VisibleSelection& dragCaret, RefPtr<Range>& range, const IntPoint& point)
{
+ Ref<Frame> protector(*frame);
frame->selection().setSelection(dragCaret);
if (frame->selection().selection().isNone()) {
dragCaret = frame->visiblePositionForPoint(point);
@@ -752,6 +753,7 @@
if (!src.view() || !src.contentRenderer() || !state.source)
return false;
+ Ref<Frame> protector(src);
HitTestResult hitTestResult = src.eventHandler().hitTestResultAtPoint(dragOrigin, HitTestRequest::ReadOnly | HitTestRequest::Active);
// FIXME(136836): Investigate whether all elements should use the containsIncludingShadowDOM() path here.
Modified: branches/safari-602-branch/Source/WebCore/page/Frame.cpp (208261 => 208262)
--- branches/safari-602-branch/Source/WebCore/page/Frame.cpp 2016-11-01 23:51:54 UTC (rev 208261)
+++ branches/safari-602-branch/Source/WebCore/page/Frame.cpp 2016-11-02 00:25:51 UTC (rev 208262)
@@ -603,6 +603,8 @@
}
}
+ Ref<Frame> protectedThis(*this);
+
if (action == PerformOverflowScroll && (deltaX || deltaY)) {
layer->scrollToOffset(layer->scrollOffset() + IntSize(deltaX, deltaY));
Modified: branches/safari-602-branch/Source/WebCore/page/TextIndicator.cpp (208261 => 208262)
--- branches/safari-602-branch/Source/WebCore/page/TextIndicator.cpp 2016-11-01 23:51:54 UTC (rev 208261)
+++ branches/safari-602-branch/Source/WebCore/page/TextIndicator.cpp 2016-11-02 00:25:51 UTC (rev 208262)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2010, 2015 Apple Inc. All rights reserved.
+ * Copyright (C) 2010, 2015-2016 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -69,6 +69,8 @@
if (!frame)
return nullptr;
+ Ref<Frame> protector(*frame);
+
#if PLATFORM(IOS)
frame->editor().setIgnoreCompositionSelectionChange(true);
frame->selection().setUpdateAppearanceEnabled(true);
Modified: branches/safari-602-branch/Source/WebKit2/ChangeLog (208261 => 208262)
--- branches/safari-602-branch/Source/WebKit2/ChangeLog 2016-11-01 23:51:54 UTC (rev 208261)
+++ branches/safari-602-branch/Source/WebKit2/ChangeLog 2016-11-02 00:25:51 UTC (rev 208262)
@@ -1,5 +1,9 @@
2016-11-01 Matthew Hanson <matthew_han...@apple.com>
+ Rollout r208255. rdar://problem/28962886
+
+2016-11-01 Matthew Hanson <matthew_han...@apple.com>
+
Rollout r208173. rdar://problem/28962886
2016-10-31 Matthew Hanson <matthew_han...@apple.com>
Modified: branches/safari-602-branch/Source/WebKit2/WebProcess/InjectedBundle/DOM/InjectedBundleRangeHandle.cpp (208261 => 208262)
--- branches/safari-602-branch/Source/WebKit2/WebProcess/InjectedBundle/DOM/InjectedBundleRangeHandle.cpp 2016-11-01 23:51:54 UTC (rev 208261)
+++ branches/safari-602-branch/Source/WebKit2/WebProcess/InjectedBundle/DOM/InjectedBundleRangeHandle.cpp 2016-11-02 00:25:51 UTC (rev 208262)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2010, 2015 Apple Inc. All rights reserved.
+ * Copyright (C) 2010, 2015-2016 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -113,6 +113,8 @@
if (!frameView)
return nullptr;
+ Ref<Frame> protector(*frame);
+
VisibleSelection oldSelection = frame->selection().selection();
frame->selection().setSelection(VisibleSelection(*m_range));
Modified: branches/safari-602-branch/Source/WebKit2/WebProcess/WebPage/WebPage.cpp (208261 => 208262)
--- branches/safari-602-branch/Source/WebKit2/WebProcess/WebPage/WebPage.cpp 2016-11-01 23:51:54 UTC (rev 208261)
+++ branches/safari-602-branch/Source/WebKit2/WebProcess/WebPage/WebPage.cpp 2016-11-02 00:25:51 UTC (rev 208262)
@@ -4582,6 +4582,8 @@
{
Frame& frame = m_page->focusController().focusedOrMainFrame();
+ Ref<Frame> protector(frame);
+
if (replacementEditingRange.location != notFound) {
RefPtr<Range> replacementRange = rangeFromEditingRange(frame, replacementEditingRange, static_cast<EditingRangeIsRelativeTo>(editingRangeIsRelativeTo));
if (replacementRange) {
@@ -4746,6 +4748,8 @@
return;
}
+ Ref<Frame> protector(*targetFrame);
+
if (replacementLength > 0) {
// The layout needs to be uptodate before setting a selection
targetFrame->document()->updateLayout();
Modified: branches/safari-602-branch/Source/WebKit2/WebProcess/WebPage/mac/WebPageMac.mm (208261 => 208262)
--- branches/safari-602-branch/Source/WebKit2/WebProcess/WebPage/mac/WebPageMac.mm 2016-11-01 23:51:54 UTC (rev 208261)
+++ branches/safari-602-branch/Source/WebKit2/WebProcess/WebPage/mac/WebPageMac.mm 2016-11-02 00:25:51 UTC (rev 208262)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2010, 2011, 2012, 2015 Apple Inc. All rights reserved.
+ * Copyright (C) 2010-2012, 2015-2016 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -327,6 +327,8 @@
{
Frame& frame = m_page->focusController().focusedOrMainFrame();
+ Ref<Frame> protector(frame);
+
if (replacementEditingRange.location != notFound) {
RefPtr<Range> replacementRange = rangeFromEditingRange(frame, replacementEditingRange);
if (replacementRange)