Skip to site navigation (Press enter)

[webkit-changes] [237975] trunk

cdumez Wed, 07 Nov 2018 19:12:51 -0800

Title: [237975] trunk

Revision: 237975
Author: cdu...@apple.com
Date: 2018-11-07 19:11:33 -0800 (Wed, 07 Nov 2018)

Log Message

ASSERT(renderer()) under HTMLTextAreaElement::updateValue()
https://bugs.webkit.org/show_bug.cgi?id=191391
<rdar://problem/34219633>


Reviewed by Geoffrey Garen.

Source/WebCore:

Update HTMLTextFormControlElement::didEditInnerTextValue() to not call subtreeHasChanged()
if the element has no renderer, similarly to what is already done in
HTMLTextFormControlElement::setRangeText() and HTMLInputElement::setEditingValue().

Test: editing/inserting/inset-html-textarea-without-renderer.html

* html/HTMLTextFormControlElement.cpp:
(WebCore::HTMLTextFormControlElement::didEditInnerTextValue):

LayoutTests:

Add layout test coverage. I have verified that this test passes in Firefox and Chrome.
It used to crash before this change in debug.

* editing/inserting/inset-html-textarea-without-renderer-expected.txt: Added.
* editing/inserting/inset-html-textarea-without-renderer.html: Added.

Modified Paths

trunk/LayoutTests/ChangeLog
trunk/Source/WebCore/ChangeLog
trunk/Source/WebCore/html/HTMLTextFormControlElement.cpp

Added Paths

trunk/LayoutTests/editing/inserting/inset-html-textarea-without-renderer-expected.txt
trunk/LayoutTests/editing/inserting/inset-html-textarea-without-renderer.html

Diff

Modified: trunk/LayoutTests/ChangeLog (237974 => 237975)


--- trunk/LayoutTests/ChangeLog	2018-11-08 02:12:32 UTC (rev 237974)
+++ trunk/LayoutTests/ChangeLog	2018-11-08 03:11:33 UTC (rev 237975)
@@ -1,3 +1,17 @@
+2018-11-07  Chris Dumez  <cdu...@apple.com>
+
+        ASSERT(renderer()) under HTMLTextAreaElement::updateValue()
+        https://bugs.webkit.org/show_bug.cgi?id=191391
+        <rdar://problem/34219633>
+
+        Reviewed by Geoffrey Garen.
+
+        Add layout test coverage. I have verified that this test passes in Firefox and Chrome.
+        It used to crash before this change in debug.
+
+        * editing/inserting/inset-html-textarea-without-renderer-expected.txt: Added.
+        * editing/inserting/inset-html-textarea-without-renderer.html: Added.
+
 2018-11-07  Myles C. Maxfield  <mmaxfi...@apple.com>
 
         Positioned text underline can look like a strike-through

Added: trunk/LayoutTests/editing/inserting/inset-html-textarea-without-renderer-expected.txt (0 => 237975)


--- trunk/LayoutTests/editing/inserting/inset-html-textarea-without-renderer-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/editing/inserting/inset-html-textarea-without-renderer-expected.txt	2018-11-08 03:11:33 UTC (rev 237975)
@@ -0,0 +1,12 @@
+Tests that execCommand('insertHTML') on a textarea without renderer returns false and does not crash.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+document.execCommand("insertHTML", false, "foo")
+PASS testArea.innerText is ""
+PASS testArea.value is ""
+PASS successfullyParsed is true
+
+TEST COMPLETE
+

Added: trunk/LayoutTests/editing/inserting/inset-html-textarea-without-renderer.html (0 => 237975)


--- trunk/LayoutTests/editing/inserting/inset-html-textarea-without-renderer.html	                        (rev 0)
+++ trunk/LayoutTests/editing/inserting/inset-html-textarea-without-renderer.html	2018-11-08 03:11:33 UTC (rev 237975)
@@ -0,0 +1,24 @@
+<!DOCTYPE html>
+<html>
+<body>
+<script src=""
+<textarea id="testArea" designMode="on"></textarea>
+<script>
+description("Tests that execCommand('insertHTML') on a textarea without renderer returns false and does not crash.");
+jsTestIsAsync = true;
+
+_onload_ = () => {
+    testArea = document.getElementById("testArea");
+
+    testArea.focus();
+    testArea.style = "display:none";
+    testArea.maxLength = 1;
+
+    evalAndLog('document.execCommand("insertHTML", false, "foo")');
+    shouldBeEqualToString("testArea.innerText", "");
+    shouldBeEqualToString("testArea.value", "");
+    finishJSTest();
+}
+</script>
+</body>
+</html>

Modified: trunk/Source/WebCore/ChangeLog (237974 => 237975)


--- trunk/Source/WebCore/ChangeLog	2018-11-08 02:12:32 UTC (rev 237974)
+++ trunk/Source/WebCore/ChangeLog	2018-11-08 03:11:33 UTC (rev 237975)
@@ -1,3 +1,20 @@
+2018-11-07  Chris Dumez  <cdu...@apple.com>
+
+        ASSERT(renderer()) under HTMLTextAreaElement::updateValue()
+        https://bugs.webkit.org/show_bug.cgi?id=191391
+        <rdar://problem/34219633>
+
+        Reviewed by Geoffrey Garen.
+
+        Update HTMLTextFormControlElement::didEditInnerTextValue() to not call subtreeHasChanged()
+        if the element has no renderer, similarly to what is already done in 
+        HTMLTextFormControlElement::setRangeText() and HTMLInputElement::setEditingValue().
+
+        Test: editing/inserting/inset-html-textarea-without-renderer.html
+
+        * html/HTMLTextFormControlElement.cpp:
+        (WebCore::HTMLTextFormControlElement::didEditInnerTextValue):
+
 2018-11-07  Youenn Fablet  <you...@apple.com>
 
         Allow setting RTCRtpTransceiver.direction

Modified: trunk/Source/WebCore/html/HTMLTextFormControlElement.cpp (237974 => 237975)


--- trunk/Source/WebCore/html/HTMLTextFormControlElement.cpp	2018-11-08 02:12:32 UTC (rev 237974)
+++ trunk/Source/WebCore/html/HTMLTextFormControlElement.cpp	2018-11-08 03:11:33 UTC (rev 237975)
@@ -110,7 +110,7 @@
 
 void HTMLTextFormControlElement::didEditInnerTextValue()
 {
-    if (!isTextField())
+    if (!renderer() || !isTextField())
         return;
 
     LOG(Editing, "HTMLTextFormControlElement %p didEditInnerTextValue", this);

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes