Bug 8117
| Summary: | REGRESSION (NativeTextField): Drag and drop text within a text input field modifies page | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | PCheese <mulletsailors> |
| Component: | HTML Editing | Assignee: | Justin Garcia <justin.garcia> |
| Status: | RESOLVED FIXED | ||
| Severity: | Normal | Keywords: | Regression |
| Priority: | P1 | ||
| Version: | 420+ | ||
| Hardware: | Mac | ||
| OS: | OS X 10.4 | ||
| URL: | http://google.com/ | ||
PCheese
WebKit on Mac OS X 10.4.5 using the 31 March 2006 nightly.
Dragging and dropping text repeatedly within a text input field modifies the page contents.
Steps to reproduce:
Access http://www.google.com/
Enter javascript:alert(document.body.childNodes.length); into the location bar and note the number of child nodes.
Type a query into the search field (say, "Safari WebKit")
Select a portion of the text field contents (say, "Saf"), then move it elsewhere within the text field.
Without deselecting the text that has been moved, move it once more to a different location.
Notice that portions of the query appear at the bottom of the page contents. Verify that the page contents have changed by running javascript:alert(document.body.childNodes.length); again
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Alexey Proskuryakov
Same problem with normal contenteditable divs.
=================
ASSERTION FAILED: editableRoot (/Users/ap/WebKit/WebCore/editing/ReplaceSelectionCommand.cpp:124 WebCore::ReplacementFragment::ReplacementFragment(WebCore::Document*, WebCore::DocumentFragment*, bool))
=================
Justin Garcia
Ah, when a ReplaceSelectionCommand is a sub-command (which is what happens during a drag), frame->selection() may be different than the endingSelection. The ReplacementFragment will need to either be given the endingSelection or a pointer back to the ReplaceSelectionCommand so it can get the endingSelection.
We should get rid of the endingSelection, it's confusing. An operation should just set its selection on the frame, but through a special setter that doesn't send selection change notifications (those should only be sent for user-level selection changes).
Maciej Stachowiak
These are all text field regressions so they should all be P1.
Justin Garcia
This happens in any empty contenteditable div at the end of the document, it looks like a regression from r13628 (setting mergeStart to true for empty editable regions to fix Undo).