Bug 86341

Summary: document.execCommand('Indent') in the direct child of ShadowRoot causes a crash
Product: WebKit Reporter: Shinya Kawanaka <shinyak>
Component: HTML EditingAssignee: Shinya Kawanaka <shinyak>
Status: RESOLVED FIXED    
Severity: Normal CC: darin, dglazkov, dominicc, enrica, gustavo, hayato, morrita, philn, rniwa, shinyak, tasak, xan.lopez
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 82697    
Attachments:
Description Flags
Patch
none
Patch
none
Patch for landing none

Shinya Kawanaka
Reported 2012-05-14 00:06:17 PDT
Repro: Select hoge and press Indent. <div id="container"></div> <button onclick="document.execCommand("Indent")" value="Indent"> <script> var container = document.getElementById('container'); var shadowRoot = new WebKitShadowRoot(container); shadowRoot.innerHTML = "<span contenteditable>hoge</span>"; </script>
Attachments
Patch (11.86 KB, patch)
2012-05-14 00:50 PDT, Shinya Kawanaka 		no flags
DetailsFormatted DiffDiff
Patch (16.49 KB, patch)
2012-05-14 01:47 PDT, Shinya Kawanaka 		no flags
DetailsFormatted DiffDiff
Patch for landing (16.95 KB, patch)
2012-05-15 00:37 PDT, Shinya Kawanaka 		no flags
DetailsFormatted DiffDiff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.
Shinya Kawanaka
Comment 1 2012-05-14 00:50:02 PDT
Created attachment 141660 [details] Patch
Build Bot
Comment 2 2012-05-14 01:13:55 PDT
Comment on attachment 141660 [details] Patch Attachment 141660 [details] did not pass win-ews (win): Output: http://queues.webkit.org/results/12680398
Build Bot
Comment 3 2012-05-14 01:31:18 PDT
Comment on attachment 141660 [details] Patch Attachment 141660 [details] did not pass mac-ews (mac): Output: http://queues.webkit.org/results/12679436
Shinya Kawanaka
Comment 4 2012-05-14 01:47:43 PDT
Created attachment 141665 [details] Patch
Shinya Kawanaka
Comment 5 2012-05-14 01:48:16 PDT
Try to fix build...
Ryosuke Niwa
Comment 6 2012-05-14 12:23:21 PDT
Comment on attachment 141665 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=141665&action=review Looks sane to me. > LayoutTests/editing/shadow/execcommand-indent-in-shadow.html:1 > + <!DOCTYPE html> Why do we have a space before <!DOCTYPE?
Darin Adler
Comment 7 2012-05-14 12:27:10 PDT
Comment on attachment 141665 [details] Patch I’d rather see the type be ContainerNode rather than Node in a case like this.
Ryosuke Niwa
Comment 8 2012-05-14 12:30:42 PDT
(In reply to comment #7) > (From update of attachment 141665 [details]) > I’d rather see the type be ContainerNode rather than Node in a case like this. That's a good point. Please address Darin's comment before you land it.
Shinya Kawanaka
Comment 9 2012-05-14 18:30:00 PDT
(In reply to comment #8) > (In reply to comment #7) > > (From update of attachment 141665 [details] [details]) > > I’d rather see the type be ContainerNode rather than Node in a case like this. > > That's a good point. Please address Darin's comment before you land it. Thank you for reviewing! Yeah, I'll fix them to land it.
Shinya Kawanaka
Comment 10 2012-05-15 00:37:30 PDT
Created attachment 141878 [details] Patch for landing
Shinya Kawanaka
Comment 11 2012-05-15 01:23:41 PDT
Committed r117041: <http://trac.webkit.org/changeset/117041>
Note You need to log in before you can comment on or make changes to this bug.