Example URL: http://jsbin.com/panopacimo/edit?html,output Steps to reproduce the problem: 1. <div contenteditable="true">a<span style="unicode-bidi: bidi-override;">@a</span></div> 2. Put your cursor at the end of the text. 3. Press left, left, right. The browser hangs. Also repros in Chrome (reported as crbug.com/612002) but not in Firefox. So I'm guessing an old WebKit bug? (Also, after pressing left twice the cursor is at the beginning of the input instead of between the first two chars which is surprising to me. Not sure if this is correct.)
I am able to reproduce this bug in Safari 16 and Safari Technology Preview 156 and it hangs browser tab and does not allow you to click anywhere on the webpage and it does not hang whole browser, only the tab. Chrome bug is marked as "WONTFIX" since it was not reproducible in Chrome 57, so it must be fixed something between Chrome 29 (about Webkit forking) to Chrome 57 in between. Just wanted to post latest results. Thanks!
This is fixed now with IFC (ToT). I assume STP156 does not yet have the "line-break: after-white-space" (contenteditable) IFC patch.
with legacy line layout -> ASSERTION FAILED: p != m_deepPosition editing/VisiblePosition.cpp(427) : WebCore::Position WebCore::VisiblePosition::rightVisuallyDistinctCandidate() const 1 0x134559860 WTFCrash 2 0x14a8c0224 WebCore::JSANGLEInstancedArrays::createPrototype(JSC::VM&, WebCore::JSDOMGlobalObject&) 3 0x14ddce610 WebCore::VisiblePosition::rightVisuallyDistinctCandidate() const 4 0x14ddce6c8 WebCore::VisiblePosition::right(bool, bool*) const 5 0x14dd3d4e0 WebCore::FrameSelection::modifyMovingRight(WebCore::TextGranularity, bool*) 6 0x14dd2da50 WebCore::FrameSelection::modify(WebCore::FrameSelection::EAlteration, WebCore::SelectionDirection, WebCore::TextGranularity, WebCore::EUserTriggered) 7 0x14dd2d854 WebCore::FrameSelection::modify(WebCore::FrameSelection::EAlteration, WebCore::SelectionDirection, WebCore::TextGranularity, WebCore::EUserTriggered) 8 0x14dd4da1c WebCore::executeMoveRight(WebCore::Frame&, WebCore::Event*, WebCore::EditorCommandSource, WTF::String const&) 9 0x14dd25f18 WebCore::Editor::Command::execute(WTF::String const&, WebCore::Event*) const 10 0x14dd34f24 WebCore::Editor::Command::execute(WebCore::Event*) const 11 0x117bcff2c WebKit::WebPage::executeKeypressCommandsInternal(WTF::Vector<WebCore::KeypressCommand, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, WebCore::KeyboardEvent*) 12 0x117bd0eb0 WebKit::WebPage::handleEditingKeyboardEvent(WebCore::KeyboardEvent&) 13 0x117af8e70 WebKit::WebEditorClient::handleKeyboardEvent(WebCore::KeyboardEvent&) 14 0x14dd1a164 WebCore::Editor::handleKeyboardEvent(WebCore::KeyboardEvent&) 15 0x14e8799e4 WebCore::EventHandler::defaultKeyboardEventHandler(WebCore::KeyboardEvent&) 16 0x14db97410 WebCore::Node::defaultEventHandler(WebCore::Event&) 17 0x14dafbd74 WebCore::callDefaultEventHandlersInBubblingOrder(WebCore::Event&, WebCore::EventPath const&) 18 0x14dafb48c WebCore::EventDispatcher::dispatchEvent(WebCore::Node&, WebCore::Event&) 19 0x14db96dcc WebCore::Node::dispatchEvent(WebCore::Event&) 20 0x14e87899c WebCore::EventHandler::internalKeyEvent(WebCore::PlatformKeyboardEvent const&) 21 0x14e8780ac WebCore::EventHandler::keyEvent(WebCore::PlatformKeyboardEvent const&) 22 0x14f72832c WebCore::UserInputBridge::handleKeyEvent(WebCore::PlatformKeyboardEvent const&, WebCore::InputSource) 23 0x118a48404 WebKit::handleKeyEvent(WebKit::WebKeyboardEvent const&, WebCore::Page*) 24 0x118a48238 WebKit::WebPage::keyEvent(WebKit::WebKeyboardEvent const&) 25 0x118b24684 void IPC::callMemberFunctionImpl<WebKit::WebPage, void (WebKit::WebPage::*)(WebKit::WebKeyboardEvent const&), std::__1::tuple<WebKit::WebKeyboardEvent>, 0ul>(WebKit::WebPage*, void (WebKit::WebPage::*)(WebKit::WebKeyboardEvent const&), std::__1::tuple<WebKit::WebKeyboardEvent>&&, std::__1::integer_sequence<unsigned long, 0ul>)
(In reply to zalan from comment #2) > This is fixed now with IFC (ToT). I assume STP156 does not yet have the > "line-break: after-white-space" (contenteditable) IFC patch. Sweet! Good to know.. Do we need to fix it in Legacy Line Layout or we can close this bug as fixed in IFC Progression and mark it as "RESOLVED CONFIGURATION CHANGED"? Thanks!