Created attachment 4329 [details] Reduced & unreduced test cases showing selection problem

FYI It was justin garcia who fixed 4375 just a few days ago....

Created attachment 4707 [details] first cut We added SelectionController::adjustExtentForEditableContent for 4375. In it, if the base is inside an editable element and the extent is not, and if the extent comes after the base, we use the last position in the editable element for the extent. Here's a snippit: // base is in an editable region, but extent is not. if (baseRoot) { Position first(Position(baseRoot, 0)); Position last(Position(baseRoot, baseRoot->maxDeepOffset())); m_extent = baseIsStart ? last : first; ... Later, in SelectionController::validate(), VisiblePositions are created out of base and extent. The problem is that a VisiblePosition created with the last position in an block doesn't always stay inside that block. This is why the selection "spills" out of the editable div in the test case. Attached is a first cut at fixing VisiblePosition::initDownstream so that it only uses the nextVisiblePosition if that position is inside the enclosing block of the position passed to VisiblePosition's constructor. It changes a few layout tests in acceptible ways except one in editing/style, which I'm looking into.

Created attachment 4719 [details] patch We sometimes want to leave the block containing the input position. For example, if a script tries to set a caret selection in an empty div with adjacent pieces of visible text, we should leave the empty div to find a valid visible position. We should only leave the original containing block if there aren't any valid visible positions inside of it. The ChangeLog entry explains the rest of the patch.

Created attachment 4727 [details] new patch Made a few small tweaks

Comment on attachment 4727 [details] new patch Looks like a really great change to me. Given our conversation about how this affected layout tests (gave better results on 4), r=me.

I found a problem with the existing solution! In my reduced test case, make sure no text is selected, then double-click somewhere in the blank area to the right of the word "responsible." Notice that the selection goes outside the editable box. If you type a letter with that selected, you've just joined with the text below. so we're getting close, but it's still possible to do damage to your DOM by allowing the selection to go past the last character in the editable div.

The bug that Dan points out comes from the fact that SelectionController::validate does changes to the selection that aren't validated (changes when the granularity passed to validate does not equal CHARACTER). It doesn't seem right that such changes are part of "validation" at all. This problem is unrelated to the patch above, so I'm filing a new bug for it and landing the patch.

The new bug is 5856.

I said above that the problem was unrelated to the one addressed by the reviewed patch, but that wasn't quite right. I meant to say that the cause of the problem is unrelated to the changes to visible positions made in the patch. The two problems are actually closely related (a selection that is based in an editable div is allowed to extend into a non-editable region). I'm pushing the new bug into a separate report to make it easier to track the changes necessary to fix it.

Landed the patch.