Title: [157710] trunk
- Revision
- 157710
- Author
- commit-qu...@webkit.org
- Date
- 2013-10-21 00:11:03 -0700 (Mon, 21 Oct 2013)
Log Message
ASSERTION FAILED: !style->propertyIsImportant(propertyID) in WebCore::setTextDecorationProperty
https://bugs.webkit.org/show_bug.cgi?id=122097
Patch by Santosh Mahto <santosh...@samsung.com> on 2013-10-21
Reviewed by Ryosuke Niwa.
Source/WebCore:
When remove format command is called we pushdown the ancestor style
down to its children. Currently applying inline style to iframe
while pushing down style which causes iframe to be reinserted in tree and
triggres again subframe loading which repeats everytime and finally
crash happens. So we should avoid applying inline style to iframe
element as it doesnot reflect in its content while pushing down style
on it.
And ASSERT call has been removed from setTextDecoration property as
the scenario is perfectly valid case.
Test: editing/execCommand/remove-format-textdecoration-in-iframe.html
* editing/ApplyStyleCommand.cpp:
(WebCore::ApplyStyleCommand::applyInlineStyleToPushDown): Return if
element is iframe.
* editing/EditingStyle.cpp:
(WebCore::StyleChange::setTextDecorationProperty): Remove ASSERT.
LayoutTests:
Added Test cases to verify that crash does not happen in scenario when
remove format command is executed on selection containing the iframe
element and when textdecoration style is defined as !important and
need to pushDown to iframe.
* editing/execCommand/remove-format-textdecoration-in-iframe-expected.txt: Added.
* editing/execCommand/remove-format-textdecoration-in-iframe.html: Added.
Modified Paths
Added Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (157709 => 157710)
--- trunk/LayoutTests/ChangeLog 2013-10-21 06:08:41 UTC (rev 157709)
+++ trunk/LayoutTests/ChangeLog 2013-10-21 07:11:03 UTC (rev 157710)
@@ -1,3 +1,18 @@
+2013-10-21 Santosh Mahto <santosh...@samsung.com>
+
+ ASSERTION FAILED: !style->propertyIsImportant(propertyID) in WebCore::setTextDecorationProperty
+ https://bugs.webkit.org/show_bug.cgi?id=122097
+
+ Reviewed by Ryosuke Niwa.
+
+ Added Test cases to verify that crash does not happen in scenario when
+ remove format command is executed on selection containing the iframe
+ element and when textdecoration style is defined as !important and
+ need to pushDown to iframe.
+
+ * editing/execCommand/remove-format-textdecoration-in-iframe-expected.txt: Added.
+ * editing/execCommand/remove-format-textdecoration-in-iframe.html: Added.
+
2013-10-20 Jinwoo Song <jinwoo7.s...@samsung.com>
Unreviewed EFL gardening. Update EFL test expectations.
Added: trunk/LayoutTests/editing/execCommand/remove-format-textdecoration-in-iframe-expected.txt (0 => 157710)
--- trunk/LayoutTests/editing/execCommand/remove-format-textdecoration-in-iframe-expected.txt (rev 0)
+++ trunk/LayoutTests/editing/execCommand/remove-format-textdecoration-in-iframe-expected.txt 2013-10-21 07:11:03 UTC (rev 157710)
@@ -0,0 +1,15 @@
+This testcase is to test crash scenario when designMode is set on document and RemoveFormat is called. Expected result is that crash should not happen and underline should be removed from all the selected text
+| "<#selection-anchor>This Test should not crash.
+ "
+| <iframe>
+| _onload_="selectAndRemoveFormat()"
+| "
+ "
+| <p>
+| "PASS"
+| "
+ "
+
+FRAME 0:
+| <head>
+| <body>
Added: trunk/LayoutTests/editing/execCommand/remove-format-textdecoration-in-iframe.html (0 => 157710)
--- trunk/LayoutTests/editing/execCommand/remove-format-textdecoration-in-iframe.html (rev 0)
+++ trunk/LayoutTests/editing/execCommand/remove-format-textdecoration-in-iframe.html 2013-10-21 07:11:03 UTC (rev 157710)
@@ -0,0 +1,28 @@
+<!DOCTYPE html>
+<html>
+<script src=""
+<script>
+function selectAndRemoveFormat()
+{
+ document.designMode = 'on';
+ document.execCommand('SelectAll');
+ document.execCommand('RemoveFormat');
+}
+
+function dumpAfterCommand()
+{
+ Markup.description('This testcase is to test crash scenario when designMode is set on document and RemoveFormat is called. Expected result is that crash should not happen and underline should be removed from all the selected text')
+ Markup.dump('container');
+}
+</script>
+<body>
+ <div id="container" style="text-decoration: underline !important;">This Test should not crash.
+ <iframe _onload_="selectAndRemoveFormat()"></iframe>
+ <p>PASS</p>
+ </div>
+ <script>
+ dumpAfterCommand();
+ </script>
+</body>
+</html>
+
Modified: trunk/Source/WebCore/ChangeLog (157709 => 157710)
--- trunk/Source/WebCore/ChangeLog 2013-10-21 06:08:41 UTC (rev 157709)
+++ trunk/Source/WebCore/ChangeLog 2013-10-21 07:11:03 UTC (rev 157710)
@@ -1,3 +1,29 @@
+2013-10-21 Santosh Mahto <santosh...@samsung.com>
+
+ ASSERTION FAILED: !style->propertyIsImportant(propertyID) in WebCore::setTextDecorationProperty
+ https://bugs.webkit.org/show_bug.cgi?id=122097
+
+ Reviewed by Ryosuke Niwa.
+
+ When remove format command is called we pushdown the ancestor style
+ down to its children. Currently applying inline style to iframe
+ while pushing down style which causes iframe to be reinserted in tree and
+ triggres again subframe loading which repeats everytime and finally
+ crash happens. So we should avoid applying inline style to iframe
+ element as it doesnot reflect in its content while pushing down style
+ on it.
+
+ And ASSERT call has been removed from setTextDecoration property as
+ the scenario is perfectly valid case.
+
+ Test: editing/execCommand/remove-format-textdecoration-in-iframe.html
+
+ * editing/ApplyStyleCommand.cpp:
+ (WebCore::ApplyStyleCommand::applyInlineStyleToPushDown): Return if
+ element is iframe.
+ * editing/EditingStyle.cpp:
+ (WebCore::StyleChange::setTextDecorationProperty): Remove ASSERT.
+
2013-10-20 Sam Weinig <s...@webkit.org>
Move m_lineBoxes from RenderBlock to RenderBlockFlow (Part 5)
Modified: trunk/Source/WebCore/editing/ApplyStyleCommand.cpp (157709 => 157710)
--- trunk/Source/WebCore/editing/ApplyStyleCommand.cpp 2013-10-21 06:08:41 UTC (rev 157709)
+++ trunk/Source/WebCore/editing/ApplyStyleCommand.cpp 2013-10-21 07:11:03 UTC (rev 157710)
@@ -1002,7 +1002,7 @@
node->document().updateStyleIfNeeded();
- if (!style || style->isEmpty() || !node->renderer())
+ if (!style || style->isEmpty() || !node->renderer() || node->hasTagName(iframeTag))
return;
RefPtr<EditingStyle> newInlineStyle = style;
Modified: trunk/Source/WebCore/editing/EditingStyle.cpp (157709 => 157710)
--- trunk/Source/WebCore/editing/EditingStyle.cpp 2013-10-21 06:08:41 UTC (rev 157709)
+++ trunk/Source/WebCore/editing/EditingStyle.cpp 2013-10-21 07:11:03 UTC (rev 157710)
@@ -1408,7 +1408,6 @@
style->setProperty(propertyID, newTextDecoration->cssText(), style->propertyIsImportant(propertyID));
else {
// text-decoration: none is redundant since it does not remove any text decorations.
- ASSERT(!style->propertyIsImportant(propertyID));
style->removeProperty(propertyID);
}
}
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes