Skip to site navigation (Press enter)

[webkit-changes] [286400] branches/safari-612-branch/Source/WebCore

repstein Wed, 01 Dec 2021 16:19:06 -0800

Title: [286400] branches/safari-612-branch/Source/WebCore

Revision: 286400
Author: repst...@apple.com
Date: 2021-12-01 16:18:19 -0800 (Wed, 01 Dec 2021)

Log Message

Cherry-pick r286309. rdar://problem/84665699


    Use scriptDisallowedScope in FrameSelection::updateAppearance
    https://bugs.webkit.org/show_bug.cgi?id=233644

    Patch by Gabriel Nava Marino <gnavamar...@apple.com> on 2021-11-30
    Reviewed by Ryosuke Niwa.

    Use scriptDisallowedScope in FrameSelection::updateAppearance to avoid re-entrancy
    RenderView problems when a downstream function executes a JS callback.

    * editing/FrameSelection.cpp:
    (WebCore::FrameSelection::validateSelection const):
    (WebCore::FrameSelection::updateAppearance):
    * editing/FrameSelection.h:

    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@286309 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Modified Paths

branches/safari-612-branch/Source/WebCore/ChangeLog
branches/safari-612-branch/Source/WebCore/editing/FrameSelection.cpp

Diff

Modified: branches/safari-612-branch/Source/WebCore/ChangeLog (286399 => 286400)


--- branches/safari-612-branch/Source/WebCore/ChangeLog	2021-12-02 00:18:16 UTC (rev 286399)
+++ branches/safari-612-branch/Source/WebCore/ChangeLog	2021-12-02 00:18:19 UTC (rev 286400)
@@ -1,5 +1,40 @@
 2021-12-01  Alan Coon  <alanc...@apple.com>
 
+        Cherry-pick r286309. rdar://problem/84665699
+
+    Use scriptDisallowedScope in FrameSelection::updateAppearance
+    https://bugs.webkit.org/show_bug.cgi?id=233644
+    
+    Patch by Gabriel Nava Marino <gnavamar...@apple.com> on 2021-11-30
+    Reviewed by Ryosuke Niwa.
+    
+    Use scriptDisallowedScope in FrameSelection::updateAppearance to avoid re-entrancy
+    RenderView problems when a downstream function executes a JS callback.
+    
+    * editing/FrameSelection.cpp:
+    (WebCore::FrameSelection::validateSelection const):
+    (WebCore::FrameSelection::updateAppearance):
+    * editing/FrameSelection.h:
+    
+    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@286309 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+    2021-11-30  Gabriel Nava Marino  <gnavamar...@apple.com>
+
+            Use scriptDisallowedScope in FrameSelection::updateAppearance
+            https://bugs.webkit.org/show_bug.cgi?id=233644
+
+            Reviewed by Ryosuke Niwa.
+
+            Use scriptDisallowedScope in FrameSelection::updateAppearance to avoid re-entrancy
+            RenderView problems when a downstream function executes a JS callback.
+
+            * editing/FrameSelection.cpp:
+            (WebCore::FrameSelection::validateSelection const):
+            (WebCore::FrameSelection::updateAppearance):
+            * editing/FrameSelection.h:
+
+2021-12-01  Alan Coon  <alanc...@apple.com>
+
         Cherry-pick r286308. rdar://problem/63180952
 
     Scripting attributes are sometimes not properly stripped from elements when JS is disabled

Modified: branches/safari-612-branch/Source/WebCore/editing/FrameSelection.cpp (286399 => 286400)


--- branches/safari-612-branch/Source/WebCore/editing/FrameSelection.cpp	2021-12-02 00:18:16 UTC (rev 286399)
+++ branches/safari-612-branch/Source/WebCore/editing/FrameSelection.cpp	2021-12-02 00:18:19 UTC (rev 286400)
@@ -2172,10 +2172,6 @@
     }
 #endif
 
-    RenderView* view = m_document->renderView();
-    if (!view)
-        return;
-
     // Construct a new VisibleSolution, since m_selection is not necessarily valid, and the following steps
     // assume a valid selection. See <https://bugs.webkit.org/show_bug.cgi?id=69563> and <rdar://problem/10232866>.
 #if ENABLE(TEXT_CARET)
@@ -2185,9 +2181,15 @@
     VisibleSelection selection(oldSelection.visibleStart(), oldSelection.visibleEnd());
 #endif
 
-    if (!selection.isRange()) {
-        view->selection().clear();
-        return;
+    {
+        ScriptDisallowedScope scriptDisallowedScope;
+        auto* view = m_document->renderView();
+        if (!view)
+            return;
+        if (!selection.isRange()) {
+            view->selection().clear();
+            return;
+        }
     }
 
     // Use the rightmost candidate for the start of the selection, and the leftmost candidate for the end of the selection.
@@ -2205,7 +2207,7 @@
 
     // We can get into a state where the selection endpoints map to the same VisiblePosition when a selection is deleted
     // because we don't yet notify the FrameSelection of text removal.
-    if (startPos.isNotNull() && endPos.isNotNull() && selection.visibleStart() != selection.visibleEnd()) {
+    if (auto* view = m_document->renderView(); startPos.isNotNull() && endPos.isNotNull() && selection.visibleStart() != selection.visibleEnd()) {
         RenderObject* startRenderer = startPos.deprecatedNode()->renderer();
         int startOffset = startPos.deprecatedEditingOffset();
         RenderObject* endRenderer = endPos.deprecatedNode()->renderer();

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes