[webkit-changes] [198433] branches/safari-601-branch

Sat, 19 Mar 2016 18:13:03 -0700

Title: [198433] branches/safari-601-branch
Revision
198433
Author
bfulg...@apple.com
Date
2016-03-18 11:32:11 -0700 (Fri, 18 Mar 2016)

Log Message

Merge r192285.

Source/WebCore:

* dom/ContainerNode.cpp:
(WebCore::ContainerNode::ensurePreInsertionValidity): Added.
* dom/ContainerNode.h:

    2015-11-10  Pranjal Jumde  <pju...@apple.com>

    Fixed crash loading Mozilla layout test editor/libeditor/crashtests/431086-1.xhtml.
    https://bugs.webkit.org/show_bug.cgi?id=150252
    <rdar://problem/23149470>

    Reviewed by Brent Fulgham.

    * Source/WebCore/editing/ios/EditorIOS.mm
    * Source/WebCore/editing/mac/EditorMac.mm
      In Editor::fontForSelection moved the node removal code, so that the
      node is only removed if style is not NULL.
    * Source/WebCore/editing/cocoa/EditorCocoa.mm
      In Editor::styleForSelectionStart checking if the parentNode can 
      accept the styleElement node.

LayoutTests:

    2015-11-10  Pranjal Jumde  <pju...@apple.com>

    Fixed crash loading Mozilla layout test editor/libeditor/crashtests/431086-1.xhtml.
    https://bugs.webkit.org/show_bug.cgi?id=150252
    <rdar://problem/23149470>

    Reviewed by Brent Fulgham.

    * LayoutTests/editing/execCommand/150252.xhtml
    * LayoutTests/editing/execCommand/150252-expected.txt

Modified Paths

Added Paths

Diff

Modified: branches/safari-601-branch/LayoutTests/ChangeLog (198432 => 198433)


--- branches/safari-601-branch/LayoutTests/ChangeLog	2016-03-18 18:22:56 UTC (rev 198432)
+++ branches/safari-601-branch/LayoutTests/ChangeLog	2016-03-18 18:32:11 UTC (rev 198433)
@@ -1,3 +1,18 @@
+2016-03-18  Brent Fulgham  <bfulg...@apple.com>
+
+        Merge r192285.
+
+    2015-11-10  Pranjal Jumde  <pju...@apple.com>
+
+            Fixed crash loading Mozilla layout test editor/libeditor/crashtests/431086-1.xhtml.
+            https://bugs.webkit.org/show_bug.cgi?id=150252
+            <rdar://problem/23149470>
+
+            Reviewed by Brent Fulgham.
+
+            * LayoutTests/editing/execCommand/150252.xhtml
+            * LayoutTests/editing/execCommand/150252-expected.txt
+
 2016-03-18  Babak Shafiei  <bshaf...@apple.com>
 
         Merge r198377.

Added: branches/safari-601-branch/LayoutTests/editing/execCommand/150252-expected.txt (0 => 198433)


--- branches/safari-601-branch/LayoutTests/editing/execCommand/150252-expected.txt	                        (rev 0)
+++ branches/safari-601-branch/LayoutTests/editing/execCommand/150252-expected.txt	2016-03-18 18:32:11 UTC (rev 198433)
@@ -0,0 +1 @@
+This test passes if it doesn't crash. https://bugs.webkit.org/show_bug.cgi?id=150252

Added: branches/safari-601-branch/LayoutTests/editing/execCommand/150252.xhtml (0 => 198433)


--- branches/safari-601-branch/LayoutTests/editing/execCommand/150252.xhtml	                        (rev 0)
+++ branches/safari-601-branch/LayoutTests/editing/execCommand/150252.xhtml	2016-03-18 18:32:11 UTC (rev 198433)
@@ -0,0 +1,26 @@
+<div id="150252" xmlns="http://www.w3.org/1999/xhtml">
+
+<script type="text/_javascript_">
+
+function boom()
+{
+  if (window.testRunner)
+    testRunner.dumpAsText();
+
+  var r = document.documentElement;
+  r.style.position = "absolute";
+  r.contentEditable = "true";
+  r.focus();
+  r.contentEditable = "false";
+  r.focus();
+  r.contentEditable = "true";
+  document.execCommand("subscript", false, null);
+  r.contentEditable = "false";
+  document.getElementById("150252").innerHTML = "This test passes if it doesn't crash. https://bugs.webkit.org/show_bug.cgi?id=150252";
+}
+
+window.addEventListener("load", boom, false);
+
+</script>
+
+</div>

Modified: branches/safari-601-branch/Source/WebCore/ChangeLog (198432 => 198433)


--- branches/safari-601-branch/Source/WebCore/ChangeLog	2016-03-18 18:22:56 UTC (rev 198432)
+++ branches/safari-601-branch/Source/WebCore/ChangeLog	2016-03-18 18:32:11 UTC (rev 198433)
@@ -1,5 +1,29 @@
 2016-03-18  Brent Fulgham  <bfulg...@apple.com>
 
+        Merge r192285.
+
+        * dom/ContainerNode.cpp:
+        (WebCore::ContainerNode::ensurePreInsertionValidity): Added.
+        * dom/ContainerNode.h:
+
+    2015-11-10  Pranjal Jumde  <pju...@apple.com>
+
+            Fixed crash loading Mozilla layout test editor/libeditor/crashtests/431086-1.xhtml.
+            https://bugs.webkit.org/show_bug.cgi?id=150252
+            <rdar://problem/23149470>
+
+            Reviewed by Brent Fulgham.
+
+            * Source/WebCore/editing/ios/EditorIOS.mm
+            * Source/WebCore/editing/mac/EditorMac.mm
+              In Editor::fontForSelection moved the node removal code, so that the
+              node is only removed if style is not NULL.
+            * Source/WebCore/editing/cocoa/EditorCocoa.mm
+              In Editor::styleForSelectionStart checking if the parentNode can 
+              accept the styleElement node.
+
+2016-03-18  Brent Fulgham  <bfulg...@apple.com>
+
         Unreviewed build fix.
 
         Get rid of infinitely recursive 'draw' implementation.

Modified: branches/safari-601-branch/Source/WebCore/dom/ContainerNode.cpp (198432 => 198433)


--- branches/safari-601-branch/Source/WebCore/dom/ContainerNode.cpp	2016-03-18 18:22:56 UTC (rev 198432)
+++ branches/safari-601-branch/Source/WebCore/dom/ContainerNode.cpp	2016-03-18 18:32:11 UTC (rev 198433)
@@ -222,6 +222,12 @@
     return true;
 }
 
+bool ContainerNode::ensurePreInsertionValidity(Node& newChild, Node* refChild, ExceptionCode& ec)
+{
+    ec = checkAcceptChild(this, &newChild, refChild);
+    return !ec;
+}
+
 static inline bool checkAddChild(ContainerNode* newParent, Node* newChild, ExceptionCode& ec)
 {
     ec = checkAcceptChild(newParent, newChild, 0);

Modified: branches/safari-601-branch/Source/WebCore/dom/ContainerNode.h (198432 => 198433)


--- branches/safari-601-branch/Source/WebCore/dom/ContainerNode.h	2016-03-18 18:22:56 UTC (rev 198432)
+++ branches/safari-601-branch/Source/WebCore/dom/ContainerNode.h	2016-03-18 18:32:11 UTC (rev 198433)
@@ -153,6 +153,8 @@
     Element* lastElementChild() const;
     unsigned childElementCount() const;
 
+    bool ensurePreInsertionValidity(Node& newChild, Node* refChild, ExceptionCode&);
+
 protected:
     explicit ContainerNode(Document&, ConstructionType = CreateContainer);

Modified: branches/safari-601-branch/Source/WebCore/editing/cocoa/EditorCocoa.mm (198432 => 198433)


--- branches/safari-601-branch/Source/WebCore/editing/cocoa/EditorCocoa.mm	2016-03-18 18:22:56 UTC (rev 198432)
+++ branches/safari-601-branch/Source/WebCore/editing/cocoa/EditorCocoa.mm	2016-03-18 18:32:11 UTC (rev 198433)
@@ -63,8 +63,13 @@
 
     styleElement->appendChild(frame->document()->createEditingTextNode(""), ASSERT_NO_EXCEPTION);
 
-    position.deprecatedNode()->parentNode()->appendChild(styleElement, ASSERT_NO_EXCEPTION);
+    ContainerNode* parentNode = position.deprecatedNode()->parentNode();
 
+    if (!parentNode->ensurePreInsertionValidity(*styleElement, nullptr, IGNORE_EXCEPTION))
+        return nullptr;
+
+    parentNode->appendChild(styleElement, ASSERT_NO_EXCEPTION);
+
     nodeToRemove = styleElement.get();
 
     frame->document()->updateStyleIfNeeded();

Modified: branches/safari-601-branch/Source/WebCore/editing/ios/EditorIOS.mm (198432 => 198433)


--- branches/safari-601-branch/Source/WebCore/editing/ios/EditorIOS.mm	2016-03-18 18:22:56 UTC (rev 198432)
+++ branches/safari-601-branch/Source/WebCore/editing/ios/EditorIOS.mm	2016-03-18 18:32:11 UTC (rev 198433)
@@ -192,13 +192,10 @@
         RenderStyle* style = styleForSelectionStart(&m_frame, nodeToRemove); // sets nodeToRemove
 
         const Font* result = nullptr;
-        if (style)
+        if (style) {
             result = &style->fontCascade().primaryFont();
-
-        if (nodeToRemove) {
-            ExceptionCode ec;
-            nodeToRemove->remove(ec);
-            ASSERT(!ec);
+            if (nodeToRemove)
+                nodeToRemove->remove(ASSERT_NO_EXCEPTION);
         }
 
         return result;

Modified: branches/safari-601-branch/Source/WebCore/editing/mac/EditorMac.mm (198432 => 198433)


--- branches/safari-601-branch/Source/WebCore/editing/mac/EditorMac.mm	2016-03-18 18:22:56 UTC (rev 198432)
+++ branches/safari-601-branch/Source/WebCore/editing/mac/EditorMac.mm	2016-03-18 18:32:11 UTC (rev 198433)
@@ -118,12 +118,11 @@
         RenderStyle* style = styleForSelectionStart(&m_frame, nodeToRemove); // sets nodeToRemove
 
         const Font* result = nullptr;
-        if (style)
+        if (style) {
             result = &style->fontCascade().primaryFont();
-
-        if (nodeToRemove)
-            nodeToRemove->remove(ASSERT_NO_EXCEPTION);
-
+            if (nodeToRemove)
+                nodeToRemove->remove(ASSERT_NO_EXCEPTION);
+        }
         return result;
     }
 

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to