Bug 120046
| Summary: | Crash when calling getCueAsHTML() on a TextTrackCue with empty text | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Ryosuke Niwa <rniwa> |
| Component: | Media | Assignee: | Brendan Long <b.long> |
| Status: | RESOLVED WORKSFORME | ||
| Severity: | Normal | CC: | b.long |
| Priority: | P2 | Keywords: | BlinkMergeCandidate |
| Version: | 528+ (Nightly build) | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
Ryosuke Niwa
Consider merging https://chromium.googlesource.com/chromium/blink/+/cb63c74ab8b20aebb6373246f936674f5407d610
Even if the TextTrackCue text is empty, a document fragment should still be returned as a result value when calling getCueAsHTML(). Currently, the call crashes the browser, when the cue text is "".
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Ryosuke Niwa
I couldn't reproduce the crash using the test case they added but the code change seems good so we might want to merge this. If not, please close this bug.
Brendan Long
We seem to already do this correctly:
PassRefPtr<DocumentFragment> WebVTTTreeBuilder::buildFromString(const String& cueText)
{
// Cue text processing based on
// 5.4 WebVTT cue text parsing rules, and
// 5.5 WebVTT cue text DOM construction rules.
RefPtr<DocumentFragment> fragment = DocumentFragment::create(m_document);
if (cueText.isEmpty()) {
fragment->parserAppendChild(Text::create(m_document, emptyString()));
return fragment.release();
}
m_currentNode = fragment;
WebVTTTokenizer tokenizer(cueText);
m_languageStack.clear();
while (tokenizer.nextToken(m_token))
constructTreeFromToken(m_document);
return fragment.release();
}