Bug 8117

Summary: REGRESSION (NativeTextField): Drag and drop text within a text input field modifies page
Product: WebKit Reporter: PCheese <mulletsailors>
Component: HTML EditingAssignee: Justin Garcia <justin.garcia>
Status: RESOLVED FIXED    
Severity: Normal Keywords: Regression
Priority: P1    
Version: 420+   
Hardware: Mac   
OS: OS X 10.4   
URL: http://google.com/

Description PCheese 2006-03-31 23:14:32 PST 
WebKit on Mac OS X 10.4.5 using the 31 March 2006 nightly.

Dragging and dropping text repeatedly within a text input field modifies the page contents.

Steps to reproduce:

Access http://www.google.com/
Enter javascript:alert(document.body.childNodes.length); into the location bar and note the number of child nodes.
Type a query into the search field (say, "Safari WebKit")
Select a portion of the text field contents (say, "Saf"), then move it elsewhere within the text field.
Without deselecting the text that has been moved, move it once more to a different location.
Notice that portions of the query appear at the bottom of the page contents.  Verify that the page contents have changed by running javascript:alert(document.body.childNodes.length); again
Comment 1 Alexey Proskuryakov 2006-04-02 09:42:54 PDT 
Same problem with normal contenteditable divs.

=================
ASSERTION FAILED: editableRoot (/Users/ap/WebKit/WebCore/editing/ReplaceSelectionCommand.cpp:124 WebCore::ReplacementFragment::ReplacementFragment(WebCore::Document*, WebCore::DocumentFragment*, bool))
=================
Comment 2 Justin Garcia 2006-04-02 22:40:22 PDT 
Ah, when a ReplaceSelectionCommand is a sub-command (which is what happens during a drag), frame->selection() may be different than the endingSelection.  The ReplacementFragment will need to either be given the endingSelection or a pointer back to the ReplaceSelectionCommand so it can get the endingSelection.  

We should get rid of the endingSelection, it's confusing.  An operation should just set its selection on the frame, but through a special setter that doesn't send selection change notifications (those should only be sent for user-level selection changes).
Comment 3 Maciej Stachowiak 2006-04-02 23:25:43 PDT 
These are all text field regressions so they should all be P1.
Comment 4 Justin Garcia 2006-04-03 10:58:29 PDT 
This happens in any empty contenteditable div at the end of the document, it looks like a regression from r13628 (setting mergeStart to true for empty editable regions to fix Undo).