Created attachment 314862 [details] Reproduction cases Reproduced in MacOS 10.12.5 with Safari 10.1.1 (12603.2.4) as well as WebKit Nightly 10.1.1 (12603.2.4, r219255). A friend attempted to reproduce the failure case with OS X 10.10.4 and Safari 8.0.7 (10600.7.12), and did not observe the problematic behavior. Expected behavior: Selecting any given amount of arbitrary text and right-clicking it does not crash the webpage process. Actual behavior: When selecting and then right-clicking text of the following format, the webpage process crashes: 1. The text has the appearance of a URL (scheme://host at a minimum). The scheme need not be an actual recognized scheme. 2. The host and/or authority component of the supposed URL contain one of a range of characters. All known reproduction cases involve characters that are IDNA disallowed. For example, Ⴀ or …. Any of these characters in the scheme, port, or path of the URL do not cause a crash. This is easiest to reproduce when the text in question the user-visible text of an <a> tag, since right-clicking a link selects the text. Thus, an HTML file with minimal reproduction cases is included. However, it can be reproduced by simply selecting plain text, and then right-clicking. Demonstration: http://Ⴀ Crash log to be attached after submission. Looking at it, it appears as though upon right-clicking any selected text, a check is made to determine if it's a navigable URL, and the error occurs in this process.
Created attachment 314863 [details] Web process crash log
Case that led to this submission: https://github.com/treyhunner/django-simple-history See the documentation link URL in the repository subtitle - it's terminated with an ellipsis as it's too long for the space given, although the actual <a> tag points to the full URL.
rdar://problem/30659636
Created attachment 324623 [details] Patch
*** Bug 178696 has been marked as a duplicate of this bug. ***
http://trac.webkit.org/r223934