Bug 116073 - Fix wrong assertions in Range::textNodeSplit
Summary: Fix wrong assertions in Range::textNodeSplit
Status: RESOLVED DUPLICATE of bug 116509
Alias: None
Product: WebKit
Classification: Unclassified
Component: DOM (show other bugs)
Version: 528+ (Nightly build)
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Nobody
URL:
Keywords: BlinkMergeCandidate
Depends on:
Blocks:
 
Reported: 2013-05-13 16:30 PDT by Ryosuke Niwa
Modified: 2024-01-19 05:56 PST (History)
4 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Ryosuke Niwa 2013-05-13 16:30:38 PDT 
We should probably merge
https://chromium.googlesource.com/chromium/blink/+/107e79cd424ad62249584a91fc55bded5bcd89ab

Fix wrong assertions in Range::textNodeSplit

Text::splitText calls Node::insertBefore, in which a DOM mutatino event handler
can update the DOM structure. The function calls Document::textNodeSplit too,
and Range::textNodeSplit called by Document::textNodeSplit assumed no one
updated the DOM structure.
Comment 1 Ahmad Saleem 2022-08-15 16:08:59 PDT 
I took the test case from Chromium patch and changed it into JSFiddle:

Link - https://jsfiddle.net/foea2v5g/show

*** Safari Technology Preview 151 ***

No assertion failures even if an DOM mutation event handler updates the new node created by Text::splitText.

On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".


FAIL r.endContainer should be [object Text]. Was [object HTMLDivElement].
FAIL r.endOffset should be 2. Was 1.
PASS successfullyParsed is true

TEST COMPLETE

*** Firefox Nightly 105 ***

No assertion failures even if an DOM mutation event handler updates the new node created by Text::splitText.

On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
FAIL r.endContainer should be [object Text]. Was [object HTMLDivElement].
FAIL r.endOffset should be 2. Was 1.
PASS successfullyParsed is true

TEST COMPLETE

*** Chrome Canary 106 ***

No assertion failures even if an DOM mutation event handler updates the new node created by Text::splitText.

On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".


FAIL r.endContainer should be [object Text]. Was [object HTMLDivElement].
FAIL r.endOffset should be 2. Was 1.
PASS successfullyParsed is true

TEST COMPLETE

_________

I can find "nextSibling", which Chrome patch removed in Webkit Github source bit differently:

https://github.com/WebKit/WebKit/blob/main/Source/WebCore/dom/Range.cpp#L997

https://github.com/WebKit/WebKit/blob/main/Source/WebCore/dom/Range.cpp#L979

rniwa@webkit.org - Is this need anymore? Thanks!
Comment 2 Alexey Proskuryakov 2022-08-15 18:50:23 PDT 
These assertions failures would only be reproducible in a debug build. Guessing that this isn't relevant any more, but Ryosuke will know for certain.
Comment 3 Ahmad Saleem 2022-12-17 14:04:31 PST 
It seems this was reverted in following commit in favor of other solution:

https://src.chromium.org/viewvc/blink?view=revision&revision=150483

and other alternative solution:

https://src.chromium.org/viewvc/blink?view=revision&revision=150493

^ I can do PR based on both, which is suggested approach? @rniwa - Thanks!
Comment 4 Ahmad Saleem 2024-01-19 05:56:33 PST 

*** This bug has been marked as a duplicate of bug 116509 ***