Safari crashes on document.execCommand("createlink", false, "somelink") if the contenteditable element has a :first-letter rule applied to it. Steps to reproduce: 1. have the following in a page: <style> .someclass:first-letter { font-weight: bold; } </style> <div class="someclass" contenteditable="true">contentEditable element. Some text and some words.</div> <input type="button" value="Create link" onclick="document.execCommand('createlink', false, 'http://www.google.com')" /> 2. Select something from the contenteditable DIV. 3. Click the button. Result: Safari crashes after a few seconds. A few details, notes on this behavior: Note 1: Can't select the first character/letter, see bug #6185 Note 2: Safari doesn't crash if the selection is inside the first word and it starts before or after the second character in the first word. The selection is shifted one character to the left. The contenteditable element cannot be focused anymore after createlink if the selection started before the second character, only the link can be focused in this case. See attachment for testcase.
Created attachment 31348 [details] Testcase showing described behavior
Possible related bugs: bug #22256 Reproduceable crash with @font-face and :first-letter pseudo class bug #15602 Quirksmode: CSS1: WebKit fails dynamic :first-letter test bug #14550 Non-layout style change does not update nested first-letter bug #6185 Bug 6185: CSS1: character styled with :first-letter is not selectable
No crash in Safari 3.2.3 But the selection is shifted one character to the left and clicking after the newly created link doesn't set the selection at the click location (same as in the second note from the bug description)
Possibly related issues: * any text insertion is shifted by a seemingly arbitrary number of characters, usually 1. * a character entered at the end duplicates the line and sometimes deletes a number of characters at the end of the line. Note: this is only true on the first line.
I took a look at the code, and my conclusion is we should close Bug#6185 before this. ("close" means to fix it or to decide we won't fix it.)
Based on attached test and following steps from Description, I am not able to crash Safari 15.5 on macOS 12.4. This was fixed long back as commented in Comment 03. Although - first letter non-selection bug is still present on attached test case (for which we have separate bug - https://bugs.webkit.org/show_bug.cgi?id=6185). Although, Comment 05 mentions that this bug should remain open till some conclusion is reached for the bug). IMO - We can close this since it is not crashing and leave 6185 open for fixing since now all other browsers have fixed it and first letter is selectable. Thanks!
Safari doesn't hit any crash anymore.