Bug 308549

`Range.deleteContents()` and the `extract` algorithm compute the collapse target `(newNode, newOffset)` before mutations but apply it after all DOM mutations complete. Script running during `remove` (via "removing steps" hooks) could modify the DOM and make those pre-computed values point to an invalid position. The DOM spec is being fixed to move the collapse step before mutations, relying on the built-in `live range pre-remove steps` and `replace data` range adjustments to maintain validity. Steps to reproduce: 1. Create a Range spanning multiple child nodes of a container element 2. Call range.deleteContents() or range.extractContents() 3. Inspect the range's startContainer, startOffset, endContainer, endOffset All current browsers pass the attached conformance tests today because no removing step currently fires synchronous script, but the code path is latently incorrect. Spec issue: https://github.com/whatwg/dom/issues/1446 Chromium bug: https://issues.chromium.org/issues/486922855 Gecko bug: https://bugzilla.mozilla.org/show_bug.cgi?id=2018839