Bug 86341

Summary: document.execCommand('Indent') in the direct child of ShadowRoot causes a crash
Product: WebKit Reporter: Shinya Kawanaka <shinyak>
Component: HTML EditingAssignee: Shinya Kawanaka <shinyak>
Status: RESOLVED FIXED    
Severity: Normal CC: darin, dglazkov, dominicc, enrica, gustavo, hayato, morrita, philn, rniwa, shinyak, tasak, xan.lopez
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 82697    
Attachments:
Description Flags
Patch
none
Patch
none
Patch for landing none

Description Shinya Kawanaka 2012-05-14 00:06:17 PDT 
Repro: Select hoge and press Indent.

<div id="container"></div>
<button onclick="document.execCommand("Indent")" value="Indent">

<script>
var container = document.getElementById('container');
var shadowRoot = new WebKitShadowRoot(container);
shadowRoot.innerHTML = "<span contenteditable>hoge</span>";
</script>
Comment 1 Shinya Kawanaka 2012-05-14 00:50:02 PDT 
Created attachment 141660 [details]
Patch
Comment 2 Build Bot 2012-05-14 01:13:55 PDT 
Comment on attachment 141660 [details]
Patch

Attachment 141660 [details] did not pass win-ews (win):
Output: http://queues.webkit.org/results/12680398
Comment 3 Build Bot 2012-05-14 01:31:18 PDT 
Comment on attachment 141660 [details]
Patch

Attachment 141660 [details] did not pass mac-ews (mac):
Output: http://queues.webkit.org/results/12679436
Comment 4 Shinya Kawanaka 2012-05-14 01:47:43 PDT 
Created attachment 141665 [details]
Patch
Comment 5 Shinya Kawanaka 2012-05-14 01:48:16 PDT 
Try to fix build...
Comment 6 Ryosuke Niwa 2012-05-14 12:23:21 PDT 
Comment on attachment 141665 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=141665&action=review

Looks sane to me.

> LayoutTests/editing/shadow/execcommand-indent-in-shadow.html:1
> + <!DOCTYPE html>

Why do we have a space before <!DOCTYPE?
Comment 7 Darin Adler 2012-05-14 12:27:10 PDT 
Comment on attachment 141665 [details]
Patch

I’d rather see the type be ContainerNode rather than Node in a case like this.
Comment 8 Ryosuke Niwa 2012-05-14 12:30:42 PDT 
(In reply to comment #7)
> (From update of attachment 141665 [details])
> I’d rather see the type be ContainerNode rather than Node in a case like this.

That's a good point. Please address Darin's comment before you land it.
Comment 9 Shinya Kawanaka 2012-05-14 18:30:00 PDT 
(In reply to comment #8)
> (In reply to comment #7)
> > (From update of attachment 141665 [details] [details])
> > I’d rather see the type be ContainerNode rather than Node in a case like this.
> 
> That's a good point. Please address Darin's comment before you land it.

Thank you for reviewing!
Yeah, I'll fix them to land it.
Comment 10 Shinya Kawanaka 2012-05-15 00:37:30 PDT 
Created attachment 141878 [details]
Patch for landing
Comment 11 Shinya Kawanaka 2012-05-15 01:23:41 PDT 
Committed r117041: <http://trac.webkit.org/changeset/117041>