Title: [286400] branches/safari-612-branch/Source/WebCore
- Revision
- 286400
- Author
- repst...@apple.com
- Date
- 2021-12-01 16:18:19 -0800 (Wed, 01 Dec 2021)
Log Message
Cherry-pick r286309. rdar://problem/84665699
Use scriptDisallowedScope in FrameSelection::updateAppearance
https://bugs.webkit.org/show_bug.cgi?id=233644
Patch by Gabriel Nava Marino <gnavamar...@apple.com> on 2021-11-30
Reviewed by Ryosuke Niwa.
Use scriptDisallowedScope in FrameSelection::updateAppearance to avoid re-entrancy
RenderView problems when a downstream function executes a JS callback.
* editing/FrameSelection.cpp:
(WebCore::FrameSelection::validateSelection const):
(WebCore::FrameSelection::updateAppearance):
* editing/FrameSelection.h:
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@286309 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Modified Paths
Diff
Modified: branches/safari-612-branch/Source/WebCore/ChangeLog (286399 => 286400)
--- branches/safari-612-branch/Source/WebCore/ChangeLog 2021-12-02 00:18:16 UTC (rev 286399)
+++ branches/safari-612-branch/Source/WebCore/ChangeLog 2021-12-02 00:18:19 UTC (rev 286400)
@@ -1,5 +1,40 @@
2021-12-01 Alan Coon <alanc...@apple.com>
+ Cherry-pick r286309. rdar://problem/84665699
+
+ Use scriptDisallowedScope in FrameSelection::updateAppearance
+ https://bugs.webkit.org/show_bug.cgi?id=233644
+
+ Patch by Gabriel Nava Marino <gnavamar...@apple.com> on 2021-11-30
+ Reviewed by Ryosuke Niwa.
+
+ Use scriptDisallowedScope in FrameSelection::updateAppearance to avoid re-entrancy
+ RenderView problems when a downstream function executes a JS callback.
+
+ * editing/FrameSelection.cpp:
+ (WebCore::FrameSelection::validateSelection const):
+ (WebCore::FrameSelection::updateAppearance):
+ * editing/FrameSelection.h:
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@286309 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2021-11-30 Gabriel Nava Marino <gnavamar...@apple.com>
+
+ Use scriptDisallowedScope in FrameSelection::updateAppearance
+ https://bugs.webkit.org/show_bug.cgi?id=233644
+
+ Reviewed by Ryosuke Niwa.
+
+ Use scriptDisallowedScope in FrameSelection::updateAppearance to avoid re-entrancy
+ RenderView problems when a downstream function executes a JS callback.
+
+ * editing/FrameSelection.cpp:
+ (WebCore::FrameSelection::validateSelection const):
+ (WebCore::FrameSelection::updateAppearance):
+ * editing/FrameSelection.h:
+
+2021-12-01 Alan Coon <alanc...@apple.com>
+
Cherry-pick r286308. rdar://problem/63180952
Scripting attributes are sometimes not properly stripped from elements when JS is disabled
Modified: branches/safari-612-branch/Source/WebCore/editing/FrameSelection.cpp (286399 => 286400)
--- branches/safari-612-branch/Source/WebCore/editing/FrameSelection.cpp 2021-12-02 00:18:16 UTC (rev 286399)
+++ branches/safari-612-branch/Source/WebCore/editing/FrameSelection.cpp 2021-12-02 00:18:19 UTC (rev 286400)
@@ -2172,10 +2172,6 @@
}
#endif
- RenderView* view = m_document->renderView();
- if (!view)
- return;
-
// Construct a new VisibleSolution, since m_selection is not necessarily valid, and the following steps
// assume a valid selection. See <https://bugs.webkit.org/show_bug.cgi?id=69563> and <rdar://problem/10232866>.
#if ENABLE(TEXT_CARET)
@@ -2185,9 +2181,15 @@
VisibleSelection selection(oldSelection.visibleStart(), oldSelection.visibleEnd());
#endif
- if (!selection.isRange()) {
- view->selection().clear();
- return;
+ {
+ ScriptDisallowedScope scriptDisallowedScope;
+ auto* view = m_document->renderView();
+ if (!view)
+ return;
+ if (!selection.isRange()) {
+ view->selection().clear();
+ return;
+ }
}
// Use the rightmost candidate for the start of the selection, and the leftmost candidate for the end of the selection.
@@ -2205,7 +2207,7 @@
// We can get into a state where the selection endpoints map to the same VisiblePosition when a selection is deleted
// because we don't yet notify the FrameSelection of text removal.
- if (startPos.isNotNull() && endPos.isNotNull() && selection.visibleStart() != selection.visibleEnd()) {
+ if (auto* view = m_document->renderView(); startPos.isNotNull() && endPos.isNotNull() && selection.visibleStart() != selection.visibleEnd()) {
RenderObject* startRenderer = startPos.deprecatedNode()->renderer();
int startOffset = startPos.deprecatedEditingOffset();
RenderObject* endRenderer = endPos.deprecatedNode()->renderer();
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes